Community discussions

 
Charlie86
newbie
Topic Author
Posts: 26
Joined: Thu Apr 05, 2018 6:54 pm

CyberCaffe network

Wed May 16, 2018 6:37 pm

Hi,

What is best solution to separate one public PC from all other PC and servers on same LAN? Should I use VLANs, DMZ or something else?

Thank you.
 
anav
Forum Guru
Forum Guru
Posts: 1106
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: CyberCaffe network

Wed May 16, 2018 8:36 pm

If its just one.
I am just a beginner so hopefully other will freak out and provide the right advice.

1. create bridges
a. public_bridge - create a new lan network 192.168.2.1 etc...... (will need to configure IP Pool, then IP Address, then DHCP server.....)
b. cafe_bridge (use existing default network of 192.168.88.1 etc........

assign ether1 (to ISP assuming) and lets say a five port hex router.
ether2 to 4 to cafe_bridge
ether 5 to public_bridge

Ensure Forward Rules are setup such that last forward rule is DROP ALL.
looks like
default fastrack rule accept
allow established, connected
drop invalid
allow LAN to WAN (for cafe bridge)
allow LAN to WAN (for public bridge)
drop all log only (log prefix - DROPPED TRAFFIC)
drop all

Ip route by default should be good to go.
Assuming no port forwarding required.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1624
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: CyberCaffe network

Wed May 16, 2018 9:42 pm

Hi,
What is best solution to separate one public PC from all other PC and servers on same LAN? Should I use VLANs, DMZ or something else?
Thank you.
Are you going to have Internet Cyber Caffe without any deeper knowledge of networking?
Real admins use real keyboards.
 
anav
Forum Guru
Forum Guru
Posts: 1106
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: CyberCaffe network

Wed May 16, 2018 9:54 pm

BartozSp, Welcome to the wacky and wonderful age of DIY IT. :-)
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1624
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: CyberCaffe network

Wed May 16, 2018 11:46 pm

DIY is not bad but you should be at least aware what LAN, VLAN, DMZ means and what are they used for.
Real admins use real keyboards.

Who is online

Users browsing this forum: adr988, ashpri, ixirion and 31 guests