Network 1 - My Work PC + 2 'Home Entertainment' PC's for my kids to play on. These are hooked up to a 4-port Network Hub then to my DSL router.
Network 2 - My Gaming PC Rig + 3 Gaming PC Rigs. These are also hooked up to another 4-Port Network Hub then to my DSL router.
*** The Problem ***
Due to some... uhhh... errrr... ummmm... problems with someone who 'I' [Yes! Me!] invite over... I need to change the WAY the networks are setup and I'm unsure of exactely how to do it.
-The 'new' network setup-
Network 1 - My Work PC [Only one ALLOWED to access the DSL connection from Network 1], accessing the 2 'Entertainment PCs' network as well. Note: I do NOT wish my Work PC or the 2 Ent'PCs to have ANY access to the Network 2 PCs at all. The 2 Ent'PCs are NOT to have any DSL/Internet access.
Network 2 - My Gaming Rig [Only one to have access to the DSL connection on Network 2] accessing the other 3 Gaming PC Rigs. Note: I do not wish My Gaming PC Rig or the 3 Gaming PCs to have access to Network 1, nor the 3 Gaming PC Rigs to have access to the DSL/Internet connection.
(-- Potential Solutions??? --)
 Setup Network 1's Work PC with dual  NIC's with one NIC corresponding subnet mask specific to the DSL [ie. 255.255.255.1] router, and the other NIC's subnet mask specific to the 2 Ent'PCs subnet throught the 4-port hub [ie. 255.255.255.2].
Setup Network 2 similarly to Network 1. In this case My Gaming Rig will have 2 NICs with one of them having the subnet of the DSL router [ie. 255.255.255.1] and the other NIC having the subnet of the 3 other Gaming PC Rigs running on their 4-port hub [ie. 255.255.255.3].
I ^think^ this will work to keep the 2 Ent'PCs from accessing the Internet, my Gaming Rig or the 3 Gaming PC Rigs on Network 2. Conversely this should keep the 3 Gaming PC Rigs on Network 2 from accessing the internet, My Work PC or the 2 Ent'PCs.
 Setup a Proxy Server before the hubs head to the DSL router. That'll stop external accesses to the Internet through the DSL router. It'll not block inter-Network 1 & 2 communications though.
 Setup 2 Switches before the Proxy server [which is before the DSL router]. That'll solve the DSL issue and should also solve the cross network comms between Networks 1 & 2. But this solution [unless I'm just missing something here] will be quite costly overall and require a good bit of time to setup compared to Solution .
 [The final option] Leave the networks as is and just setup the DSL router to only 'see' the IP addresses of 'My Work PC' and 'My Gaming Rig'. This only fixes the issue of DSL/Internet access [AFAIK] and would still allow accesses between Network 1 & 2. If it ~would~ block the crossnetwork accesses as is... would it be open to hackerdom from Network 1 OR Network 2 [ie. some scripting or a proggie to 'openup' the DSL router to allow covert Inet and cross-Network 1/2 accesses]?
I think this is prolly better than setting up a Proxy server AFAIK. Also, there aren't any 'decently priced' switches that can do 'private IP' addressing and block cross communications between these networks are there? If so... what setup would any of you advise.
Have I hit the nail on the head with this setup in 'Solution '? Or will there be file-sharing difficulties between My Work PC and the 2 Ent'PCs when I browse the Internet too?
Will the Dual NIC setup in the Work PC and also My Gaming Rig forward packets from Network 1 to Network 2 and consequently to the DSL router for Internet access? If so, is there a 'packet forwarding' feature on NICs themselves that I need to be aware of? [Note: I'm not referring to what used to be called 'Server NICs' for the NICs I intended to install, AFAIK the Proxy Server System does Software-based forwarding of those requests out to the DSL/Internet based on its IP filtering que]
Can the Proxy Server setup actually block crosstalk between Networks 1 & 2 also instead of just blocking Internet calls out from the 2 Ent'PCs and the 3 Gaming PC Rigs [after their IPs are setup in the Proxy Server correctly]?
Well, any help would be greatly appreciated.
[Posted this in the 'Routers' section but noone answered there. Hoped more eyes might be abouts the room here.]
<P ID="edit"><FONT SIZE=-1><EM>Edited by PCUser on 01/13/04 01:05 PM.</EM></FONT></P>
Sure, clarification on the way. BTW, thanks for respondin'.
The issue is:
1. Network 1 is only to have the 'My Work PC' to access the internet. The two "Ent'PCs" are not supposed to have access to the Inet nor Network 2.
2. Network 2 is only to have the 'My Gaming Rig' to access the internet and the 3 'Gaming PCs'. The 3 'Gaming PCs' are not supposed to have access to the Inet nor Network 1.
3. Network 1 & 2 are not supposed to be able to 'cross-talk' to eachother.
4.a: [Optional point] I would even prefer that 'My Work PC'[Network1] and 'My Gaming Rig'[Network2] not be able to comm eachother. But... I'm sure that there will be times whereupon I would want the extra convenience of them comm'g eachother. In those cases I could prolly just crossover cable them or run one of them to a simple hub for temporary comms.
4.b: [Optional point: passwording?] Could it be possible to allow a xPasswordx to block access between 'My Work PC' and 'My Gaming Rig'? This would allow me to keep them connectable through the router [same subnet] but would keep my Network 1 work system 'clean' from anything that might be done to 'My Gaming Rig' on Network 2.
the best way would be to devide your network up into 3 subnets...
First of all all computers need to have a subnet mask of 255.255.255.0 (So it is a Class C network)
Next set your DSL router to only accept connections from 192.168.0.0 (subnet 0 broadcast address, it may say something different like all addresses with address 192.168.0.x)
Now on all computers you want to access the internet add the address 192.168.0.x to, so for example your main work computer set to 192.168.0.1 and your main gaming computer set to 192.168.0.2
Now for your main work computer also assign the address 192.168.1.1 (one NIC can have multiple addresses)
For your main gaming computer set in a second address of 192.168.2.1
For the rest of the work network set in addresses going up from 192.168.1.2 and for your gaming computer set in addresses going up from 192.168.2.1
In terms of physical setup, well as routing in this case is been controlled by your subnet masks you can connect all the computers into one switch, or into multiple switches as long as they are cascaded.
Just don't let on that you have 3 subnets and don't let people use a computer with anything less than a subnet mask of 255.255.255.0 and this should work a treat for you...
If you need me to clarify anything just ask...
You can know all that you can know about them and yet they will still suprise you at least once a week...
I've got a quick question about this. How are you assigning IPs? Using Static or DHCP? Have you tried simply not putting in a 'gateway' on the computers you do not wish to access the Inet? This doesn't solve your cross network problem if you're still on the same segment but I need to check something on my own crap before I suggest anything about that.