A detailed accounting of the steps to take when adding a second router to a LAN for the purpose of protecting adult computers from those of children
Previously, I wrote about using a second router to provide additional protection to high-value computers--specifically, to protect computers used by adults from those used by children on a shared Local Area Network (LAN).
That article was mostly conceptual, this one covers the nitty-gritty technical details.
First, the good news. Adding a second router has no effect on the first router and no effect on the untrusted (kids) computers. Each is blissfully ignorant of the following changes.
In describing the steps, the existing/first router will be referred to as the kids router since the untrusted kids computers connect to it. The new, second router will be referred to as the adults router since its job is to protect the computers used by adults.
For the sake of simplicity, I'll start with wired Ethernet connections and assume, as is usually the case, that the kids router is handing out private IP addresses* in the range 192.168.1.x using DHCP. The steps below apply regardless of the operating system employed on any particular computer.
Here's what needs to be done:
Once this is done, an adults computer, which used to have a TCP/IP default gateway of 192.168.1.1, will now have a default gateway of 10.0.0.1. Likewise, the DNS server and DHCP server for an adults computer will now also be 10.0.0.1.
Not to switch subjects, but elsewhere I've written that I'm a big fan of OpenDNS. Any computer can be manually set up for OpenDNS, but another approach is to configure the router to use the OpenDNS servers and the router will then pass along this setting to computers that connect to it with DHCP.
More about living with this setup, and about Wi-Fi, next time.
*For more on public vs. private IP address, see What does your IP address say about you?
See also How to check if a computer is using OpenDNS
See a summary of all my
Defensive Computing postings.