Isolate Laptop and Router over Ethernet

We have a granny flat over the garage that has become vacant and my wife's brother (the layabout) is now "renting" it from us. I have supplied him with an old Vista laptop, set up an isolated Guest wifi account on our TP-Link 1043 router running dd-wrt but the wifi is spotty at best out there.

I already have Ethernet out to the garage so a data switch, a Buffalo router also running dd-wrt and a cable is not too much of a stretch since it is all old stuff I have here and no longer used.

But, I'd like to isolate that wired router from all but the Intenet for the layabout, er, sorry brother-in-law. :)

I posted to the dd-wrt forum a few days back but of course, no replies. Not sure why they bother with a forum.

Can someone please help me (or point me at instructions) to set up an isolated wire-router so he can use the Internet but not our home network.

Thanks
 

My Computer

virtual6

Vista Pro
This is something I've thought about in the past but never really looked into it.
Anyway, after consulting with the Google, these instructions might work for you:
Step 1: Router Configuration | The Nerd Cave

If you implement the first setup that's described, and you put your brother-in-law on the public side, and you are on the private side, the private can still "see" the public, but the public cannot "see" the private.
Again, this is not something about which I have firsthand experience.
 

My Computer

Thanks, I had done some searching and found quite a few pages on using a VLan but it is quite complicated to set up and make work. If the page you link to works it is super simple. So simple that I should have thought of it. :) Yeah, right, hindsight.

I will give it a try this evening and report back.
 

My Computer

Hmmm, Fail. I suspect dd-wrt is way too smart to allow it all. Another thing with that page that I was uncomfortable with is that he says that Router-2 can Ping Router-1 and vise versa. Not a favorable approach if the isolated router can Ping the others. Very simple to SSH into it if that's the case.

Moot as I could not get that or any combinations to work.

Looks like it is back to the VLan approach unless someone else chimes in with something easier.
 

My Computer

virtual6

Vista Pro
Hmmm, Fail.
What exactly failed? Did Router-2 not recognize the input from Router-1? That could be a firewall issue perhaps?
Or if you think dd-wrt is preventing the setup, change some setting there...or maybe use a router without dd-wrt.

Very simple to SSH into it if that's the case.
Do you think your guest will have the knowledge to do this? Wouldn't the router have a password, firewall rules, etc. to prevent this? It doesn't seem that simple.

Even if you setup several VLANs, the isolation is achieved through firewall rules.
With the two router setup, couldn't isolation also be achieved through rules?

For your peace of mind, perhaps the best (and most expensive) solution is to get another, separate line from your internet provider.
 

My Computer

townsbg

~~тσωηsвg~~
Vista Guru
Gold Member
2 separate routers even connected to the same modem should provide enough isolation especially if you fully protect the one you want to keep him out of. Use WPA/WPA2 encryption with a strong password and for extra security use mac address filtering. Setting up VPNs on a home router isn't really feasible. You have to use one designed for medium to large networks and you won't want to pay for that.
 

My Computers

System One System Two

  • Operating System
    Windows 7 Pro x64
    Manufacturer/Model
    Mid 2010 iMac
    CPU
    Quad core 3.2 Ghz Intel I3
    Memory
    8 gb
    Graphics Card(s)
    ATI Radeon HD 5670 512 mb ram
    Screen Resolution
    1920x1080 and 1440x900
    Hard Drives
    1 TB
    Other Info
    N/A
  • Operating System
    Windows 2008 R2 Enterprise
    Manufacturer/Model
    Compaq Presario SR5350F
    CPU
    Pentium 2.0 gHZ Dual core E2160
    Memory
    2 gb
    Screen Resolution
    1440 x 900
    Hard Drives
    300 GB
Top