Network on 2 Ranges

threegig · 06-30-2006, 11:44 AM

Hi Everyone,

I am re organising my home network and wanted to seperate the wireless clients from my internal wired network. My slackbox will have 2 nics and will act as a small fileserver for a wireless client.

Say I gave one of the nics in the slack box a ip of
192.168.1.1 For the wifi side
and
192.168.0.1 For the internal side would this improve security?
And my other major question is the 2 ip's above have the same subnet is there any problem or disadvantage with using 2 different subnets. For instance-
wifi side - 192.168.1.1
internal side - 10.0.0.1
How is this compared to the same subnet scenario?

Here is a diagram of my setup

Code:

[wifi.1]  ----|----   [wifi.2]
              |
              |
       [Billion 7402VGP]
              |
              |
          [Slackware] 2 x nics
              |
              | 
           [switch]
  |-----------|-----------|
[NIX]	-   [XP2]   -   [XP3]

Thankyou very much

acid_kewpie · 06-30-2006, 12:53 PM

keeping your wifi clients in a dmz is a reasonable thing to be looking to do, certainly, but you've not mentioned a nomber oft higns like where your internet connection comes into it and such. there is only more security if you are enabling a firewall between the two subnets and not just directly routing between the two.

for your second issue i think you believe there is some form of connection between 192.168.0.0/24 and 192.168.1.0/24 as opposed to 10.0.0.0/24? no there is nothign in common, they are *not* in the same subnet at all, you've got your terminology mixed up there.

ramram29 · 06-30-2006, 02:18 PM

You can do that. You can also use just one NIC and assign mulitple IP addresses to it; to the same NIC card.

acid_kewpie · 06-30-2006, 02:25 PM

putting multiple subnets on a single nic without formal vlan's is a really really bad idea. often works, but only from dumb luck, and creates massive security issues.

threegig · 06-30-2006, 05:03 PM

Thanks Guys for your replys.

acid_kewpie - Thanks. The billion will pass out the net connection. So I am hoping that my internal pc's can use the billion ip as the gateway and that will be fine.
Also on the slack box I am going to set up a firewall between the 2 nics. Letting web pages out but nothing in. Will this be ok?
And with my question sorry I meant different subnet mask like this -
192.168.1.1
192.168.0.1
Subnet Mask - 255.255.255.0

or the other way I though

192.168.1.1
10.0.0.1
2 Subnet Masks - Sorry got mixed.

Is having 2 seperate subnet masks a issue?

Thanks for you expertese.

acid_kewpie · 07-01-2006, 03:51 AM

you mean you'd have 10.0.0.0/255.0.0.0 instead of 10.0.0.0/255.255.255.0 ? if so that is still not a concern, but i'd always suggest using a 24 bit mask if you don't need that much local ip space.