Here's my configuration:

This arrangement allows computer(s) on router 2 to access the internet with no problems. However, ideally I'd like to prevent any computers being fed from Router 2 from seeing or interacting with any computers on the network supplied by Router 1. I'm thinking this would be done by setting the LAN netmask on router 2 to something other than 255.255.255.0? I've been reading up on subnetting, but I'm not sure this is exactly the ideal solution? Any insights appreciated.

You have both router on the same subnet 192.168.1. You should configure your second router to be on another subnet like 192.168.2. You'll need to setup a firewall between the routers to allow and disallow access from one network to the other.

You need to add a third router. You have the main router then connect the other two routers wan side to the lan side of the main router. So you have the main router then the only connections on the lan side are the wan connections of the two routers. One for each network.

Brian1

Ok, the first router here is a Linksys wrt54g. One of the admin screens is "Advanced Routing", in which you can specify a "Destination LAN IP". So in this scenario, the destination IP would be "192.168.2.(whatever)", correct? And then on the 2nd router, I would set it's LAN IP address to be 192.168.2.(whatever)? There is also a "Default Gateway" IP on the "Advanced Routing" screen - not sure what IP to use there?

Thanks for the help!

From what I see you are connecting one router to the other via a daisy chain. You can do that and you can even specify in the firewall rules which addresses to access. Below may be what you need.

router1 WAN ip address
router1 WAN netmask
router1 WAN gateway
router1 LAN ip address 192.168.2.1
router1 LAN netmask (usually 255.255.255.0)
router1 DHCP 192.168.2.10 - 192.168.2.254

router 2 WAN ip address 192.168.2.2
router2 LAN ip address 192.168.3.1
router2 LAN netmask (255.255.255.0)
router2 LAN gateway 192.168.2.1
router2 DHCP 192.168.3.10 - 192.168.3.254

Corrected:

router1 WAN ip address 64.78.92.13
router1 WAN netmask (255.255.255.252)
router1 WAN gateway 64.78.92.1
router1 LAN ip address 192.168.2.1
router1 LAN netmask (usually 255.255.255.0)
router1 DHCP 192.168.2.10 - 192.168.2.254

router2 WAN ip address 192.168.2.2
router2 WAN netmask (255.255.255.0)
router2 WAN gateway 192.168.2.1
router2 LAN ip address 192.168.3.1
router2 LAN netmask (255.255.255.0)
router2 DHCP 192.168.3.10 - 192.168.3.254

Your using internet sharing router (Linksys, Netgear, D-Link, etc..., In this case Linsys, The 4 ethernet ports are NOT indivitual interfaces. It's just one ethernet interface integrated into a built in switch. Switches don't route packets as they are layer 2 on OSI model and IP and subnetting is Layer 3 of OSI. In short you can't prevent router 2 from talking to the computers of router 1, the way you got it physically set up now.

The reason why your idea will not work is simply because Internet sharing routers only route packets from LAN (the devices connected to 4 port switch) to WAN and vice versa.

It's much easier to visualize a router with one WAN interface and One ethernet interface with one ethernet port. The way it's set up now, is like having a basic switch hooked to the ethernet IF. Now put two computers and a second router on the swtich. Obviously the router will not be involved when router 2 talks to the two computers.

You need to setup your firewall to allow outgoing http port 80 from the 192.168.2 network on to everything but to not allow everything else. Most routers have a basic firewall.

Thanks for the info, guys. I think I understand what's going on, and why I can't get exactly what I want here. It IS possible, I believe, to isolate LAN 2 from LAN 1 but not vice versa (meaning, computers on LAN 2 could see computers on LAN 1, but computers on LAN 1 could NOT see computers on LAN 2) and in fact that's what I've noticed while playing with this.

In case you were wondering, the whole reason I've been playing with this is that I've got an OLD laptop (Slackware runs just fine on it ) with an OLD Orinoco Silver wireless card (WEP, "40" bit encryption only) and I've also got an older (crappy) D-Link wireless router I wanted to use JUST for this laptop (my current network is the Linksys with 128 bit WPA) It's more of a learning exercise than anything, since I only use this particular laptop maybe once every 2 months and wouldn't even have the D-Link router on unless I wanted to use that laptop...

I see what you are doing. You just what to stop someone from cracking your 40bit wep lan2 and then they could gain access to your lan1 section. Is this what you are thinking.

This is a thought if the wireless link on the dlink can be turned off. Use the Dlink first as lan 1 and then move everything from lan1 to lan2. Then when you need wireless 40bit, turn on the wireless access portion and then if someone gets in then all they can do is go out the internet side and not back into the lan2 side. Same thing you were seeing in your earlier testing not being able to see lan 2 from lan1. When done turn off the wireless side. Only other thing one can add if supported is mac and IP filtering. Only set for 2 IP. One for the laptop and one for the wan side of the linksys router. Then only allow the 2 mac addresses.

Brian1

Yeah, I finally figured out that's the way to do it, but the DLink has a nasty habit of locking up at unpredictable intervals, so I can't use it as my main router, since my wife probably wouldn't understand when she couldn't get her email

So this brings up another (hypothetical) question: Is is possible to attach a switch to the DSL modem (a SpeedStream with just one Ethernet port) then attach the Linksys and D-link routers to THAT? I assume this would work, except I wonder about getting both routers to connect to the internet at the same time? Somehow I don't think that will work very well (or at all), would it?