0
Warning: I sincerely apologize for any kind of ignorance displayed on my part. I am not a network engineer and I do not know anything more than how to mod routers into network switches and plug in cables. Please don't hurt me! D:
As of late, I've been concerned with roommates performing insecure activity. I have legitimate concern where potential problems could occur if something propagates through the network. I would like to be able to have all of my systems to be able to trust each other and in the event of any kind of malicious spread not of my own doing, I might have a bad time.
Please bear in mind that I am on a residential connection with an ISP provided router. Replacing the router nor firmware flashing are an option as it provides an ISP-provided phone line connection.
I would like to create a secondary network that uses the primary network (the ISP-provided router) internet connection. This network will maintain about twelve different devices. Two of these devices will be performing high-bitrate video streaming (yes, two devices sending out video to other devices at the same time). This network should be as isolated as possible from the primary network, I do not want the primary router to even know of the existence of any of the devices on the secondary network. However, I need to be able to manage ports and receive connections from the outside world. This secondary network, as mentioned before, requires full Internet connectivity.
An idea I had in my mind would be something like: the primary router forwards any ports that need forwarding to the secondary router, which would still be connected to the main network. From there, the secondary router would do the actual port forwarding that needs to be handled for each device, but it would be on a totally separate network so none of the devices outside of the secondary network would be able to see them. This seems like the most ideal solution for me and would really prefer this (as I could use the custom firmware I have on a router laying about; it is an old and vague NETGEAR router, don't expect anything out of it), but I have no idea whatsoever on how I might do this.
Is this possible (network bridging, mayhap)? If so, how may I accomplish this?
Post: This question was originally posted on NetworkEngineering, but someone kindly pointed out that it is oriented for actual network engineers, which would make sense. ;)
Mythical Juggernaut
Posted 2015-11-07T18:07:19.967
Reputation: 98
1I guess you want to install another router behind the one you already have. It's wan connection must be Gigabit Ethernet, and then perform usual NAT. Forwarding will also work, just set up the rule on both routers. – davidbaumann – 2015-11-07T19:09:13.527
1But in my opinion, just don't trust your network, as I use public wifi very often, my system is configured so I don't have to worry. – davidbaumann – 2015-11-07T19:10:02.463
@davidbaumann Well, I basically have to trust my network. I have multiple machines that work together (in parallel) and they require full and unobstructed access to each other. Basically any system on the network can read/write and access those machines. I know it's not great from a security standpoint, but I have a pretty specific reason (and laziness) for doing this. – Mythical Juggernaut – 2015-11-07T19:42:29.510