Second Router for Basic Internet (Guests)

Toggle sidebar Toggle sidebar
S

snowflux

Commendable
Jul 28, 2016
3
0
1,510
hi,

i have a small bed & breakfast where i have 1 main network,
router is asus rt-66u + 2 tp-link powerline adapters, everything works well

but now i want to secure my network so the guests will have there own network where they only have basic internet access. (no torrent...)

i know i can enable a guest wifi within my asus rt-66u but i read that that is not really secure. and i also have my 2 powerline adapters, i doubt this will work.

now i got a linksys ea3500 from a friend

my goals are now:

use the asus rt-66u for my private network
use the linksys as second router, block all accept the internet basics http,https.. (so that they cant see my router,files, use torrent...)
expand only my basic guest network with the powerline adapters

i need some help setting up my second router to do this
i have no idea regarding, subnet, which ports to close and so on.

this is my setup now:

Asus Router: 192.168.1.1
Subnet: 255.255.255.0
Dhcp : ON


hope for some advice

thx in advance


 
Solution
B
Anything dns is trivial to bypass. There are a small number of dns sites that run on other than port 53. The method you can not stop is the person who adds the entries to the host table on his local machine. Besides many of the torrent sites already use ip addresses rather than URL to get past the URL blockers and dns blockers.

The main problem with torrent is from the beginning it was used for not so legal stuff and was designed to prevent it from being disabled easily by law enforcement.

Your goal is to force them to use VPN for bad stuff since you then only have the issue of them over using your bandwidth which they could do anyway by watching too much 4k netflix. The legal issues and the cease and desist letters would...
Sort by date Sort by votes
B

bill001g

Titan
Aug 9, 2012
28,319
2,754
125,640
Not going to be easy. Torrent is close to impossible to block it will happily run on port 80 and look like web traffic.

Guest wireless is pretty secure but its main use is to force the guest traffic out to the internet it by itself does not restrict what they can do with the internet. It is used to prevent them from being able to see your machine on the main network. You would still need firewall rules but there is no simple way to say "machines on the guest network".

You might try the merlin software from asus. It has many more option and is a offical software that is supported. You can also try dd-wrt if merlin is not advanced enough.

With these other software options you can create fairly advanced traffic filters. You could assign a different ip block to the guest network and then put in rules that say that ip block can only use ports 80 and 443. That would slow down most people. Still if they reconfigure their torrent client to use 80 and 443 they could get past you. They of course can use VPN service and accomplish the same thing, at least in that case it will not track back to your ISP and IP address.

Using the second router will be tricky because the wan port will be on your main network so they still would have access. That router is not supported on third party software so you are very limited in what you can do. I suppose there is a way to combine it with the other firmware on the main router and define a lan port to be in a differnet network and plug that router in there.
 
Upvote 0 Downvote
S

snowflux

Commendable
Jul 28, 2016
3
0
1,510
thx for the answer

whats your opinion on opendns?

i set the dns on the router, and than block p2p in opendns setting. (it only blocks the torrent websites, not torrent in general)
i know you can get around this by setting up another dns like google on any device, but i blocked port 53 on the router, so there is only my dns (opendns) working

the only way to get around this is a vpn, (i think)

what do you think about this solution
 
Upvote 0 Downvote
B

bill001g

Titan
Aug 9, 2012
28,319
2,754
125,640
Anything dns is trivial to bypass. There are a small number of dns sites that run on other than port 53. The method you can not stop is the person who adds the entries to the host table on his local machine. Besides many of the torrent sites already use ip addresses rather than URL to get past the URL blockers and dns blockers.

The main problem with torrent is from the beginning it was used for not so legal stuff and was designed to prevent it from being disabled easily by law enforcement.

Your goal is to force them to use VPN for bad stuff since you then only have the issue of them over using your bandwidth which they could do anyway by watching too much 4k netflix. The legal issues and the cease and desist letters would go to the vpn company and not to you.

Guest wireless is always huge risk because of all the bad people....mostly torrent is stupid kids who never worry about what happens if they get caught.
 
Upvote 0 Downvote
Solution
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom