Ok, so I have a single internet connection that comes into a router. That router is then used by a certain group of people to get on the internet. What I then want to do is take an ethernet cable from that router to some other device (router/firewall, whatever) that will then provide internet to a second group of people. The issue that I need to solve is that I want to make sure there is some type of complete isolation between the two groups of people. Mainly, I don't want any computers on the first main router to be able to see or access any devices on the second router/device. Also, I cannot change anything that has to do with the first main router. I need a hardware solution, simply turning off or passwording file sharing on the computers will not do what I need.
I am sure I can make it work fine with the right options in the right router or hardware firewall but I am not sure what I need. A second internet connection is out of the question. I have a spare D-link DIR-615 router that I daisy chained off the first main router (ethernet cable from a port on first main router to WAN port on DIR-615) and I can get internet to come out of the DIR-615 to the second group of people, but there is no type of wall between the two groups of people on the two different routers. People on the first router can see people on the second router and vice-versa, that is what I am trying to eliminate. Maybe the DIR-615 can be configured to separate its users from the users on the first router that are coming in through the WAN port? I know the DIR-615 has a ton of settings/options but I have know idea what one to use that would make this work. If the DIR-615 won't work, what other device could I use and how do I configure it properly? Any suggestions would be greatly appreciated! I am sure there is a simple/cheap solution. Thanks so much guys!
Did you make sure the 2nd network had a different IP range than the first? 192.168.2.1 and 192.168.1.1 networks.
Yep, sure did. First router uses the 192.168.1.x scope and the second ones uses 192.168.0.x scope yet I can still share everything between them. I can even access the first routers 192.168.1.1 configuration page from behind a 192.168.0.x IP address while attached to the second router. I know that some older routers I used in the past would put up this separation, but for some reason these new routers still make sharing possible even through different IP sets and WAN ports.. exactly what I don't want!
Try creating a Vlan on the second router,this would only allow pcs on the second router to communicate with each other and not communicate with router one.exclude the uplink port from the first router to the second router from the Vlan membership