I am trying to simplify my network wiring and need advice on how to securely (this is relative, I understand that anytime packets run on the same wire there could be compromise). What I have is a MT being used as a gateway Ether1 is the WAN and Eth2 is private (192.168.10.101/24). Ideally I would use Eth3 to connect to my MT that is acting as a hotspot gateway to my wireless clients, but I don’t have 2 wires between the two MT’s. I could use VLAN’s in the 3 COM switches but lightning has taken out ports in the past so simply having the customers move cat5 cables is not an option when they go down. SO I would like to have the hotspot MT on the private network and NAT to the wireless clients. This is all set and working but the wireless clients can now get at all the resources on my private network. So what routing/firewall rules could I put in to restrict wireless clients to only be able to hit the gateway on the private network and not have that MT route them back out?? What about a VPN between the two MT’s? Thoughts?
WAN ->
<- MT1 {Eth1 <--> Eth2(192.168.10.101/24)} ->
<- Private Clients
<- MT2 {Eth1 (192.168.10.102) <--> WLAn1 (102.168.1.101/24)}