I would like to isolate my private WiFi network from my business's public WiFi network using two routers (so that no one on the public network can access the devices on the private network). I currently have the topology below:
Internet — Router1 (public) — Router2 (private)
Router2's WAN port is plugged into Router1's first LAN port. Router1 has address 192.168.0.1 and Router2 has address 192.168.0.2. The two routers are broadcasting different SSIDs, and Router1 is acting as the DHCP server, assigning IP addresses in the range 192.168.0.3-254.
Wireless isolation is enabled on Router1. Is this enough to provide the security I need?
Best Answer
You need to move router2's lan address to another subnet.
10.90.0.1/24 for example. Enable dhcp on router2 at the same time and you will have the kind of setup you were hoping for.
..... When you decide you need to forward a port from the public IP to a private LAN IP, you will need to forward the port on router1 to router2's "WAN" address (ass seen by router2). Then in router2 you will have to forward the port to the correct private lan IP....
Maybe you won't have a need for this kind of forwarding. If you do, I would recommend buying a real router that can handle multiple subnets.