1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Routing question

Discussion in 'Cisco/Linksys Wireless Routers' started by jwp415, Oct 21, 2008.

  1. jwp415

    jwp415 Guest

    Hi all,
    I'm new to the forum and to routing, but have been runnings LANs for 13 years.

    Here's my setup:
    DSL Modem <---> WRT54GL <---> GigE Switch <---> Various Computers & Airport Extreme

    Computers connect to the LAN and Internet both wirelessly and/or via Cat6.

    Let's say I need one of the wired computers (say with Static IP to be able to talk to other computers on the GigE LAN, but to not have incoming or outgoing Internet access. That is, I need the WRT to block access from to everything except 192.168.1.xx.

    The WRT54GL has a static IP on the WAN/DSL side, and is providing DHCP on the LAN and WiFi side using
    The Airport Extreme is in Bridge mode (Connection Sharing OFF) and gets its IP via DHCP from the WRT.
    The various computers have dynamic and static IPs on

    Here is the current default routing table from the WRT54GL:
    Destination LAN IP Subnet Mask Gateway Hop Count Interface 1 WAN (Internet) 1 LAN & Wireless 1 WAN (Internet)

    The WRT54GL is currently in Gateway mode and has it's default firmware (v4.30.11). I could upgrade to another firmware but would rather not if I don't have to to achieve this specific goal.

    Finally, I would like to occasionally be able to grant that one isolated computer ("") access to the Internet, so the process of changing the routing shouldn't be too time consuming.

    Any thoughts?

    Thanks in advance!
  2. ifican

    ifican Network Guru Member

    There are lots of ways to do this but no simple way for you to go about it the way you want. You have to do one of several things, create a separate subnet (network) that does not inherently have internet access or create an extensive acl / iptable config to only allow certain machines at any given time. The easiest way to do this is to load a third party firmware that gives you the iptable functionality. The one simple way that comes to mind but will give you no security is to create small bubbles of networks via subnet masks. But doing that you are still going to run into "all" lan access connectivity. If your lan switch is vlan capable you can vlan off the machines you want and do not want to have access. I will give this more thought later as i am very tired and kind of groggy at the moment. But anything is possible with a little thought and effort.

Share This Page