Mikuro
Crotchety UI Nitpicker
I recently got a Windows PC for free, and I want to hook it up to the Internet, but I'd like to isolate it from the rest of my local network. (For the security of my Macs, I do not want a Windows PC running wild and free behind my firewall!)
I have a cable modem, and I currently share the internet connection with a few Macs on my local network.
What I would like to do is make it so that anything going from the PC to my Macs would be treated just like it came from the internet, and all computers would have internet access. (File sharing between my Macs and the PC is not my top priority.)
It seems like I should be able to rig this up if I use two routers, but I'm not sure exactly how. I have two ideas. (Let's call the router connected to all my Macs the "primary router" and the one connected to the PC the "sandbox router".)
1. I could connect the sandbox router's WAN port to the primary router (so it would go cable modem -> primary router -> sandbox router), and then connect the Windows PC to the sandbox router and put it on a different subnet than my Macs (say 192.168.1.x instead of 192.168.0.x, with subnet masks of 255.255.255.0). Would that work, or would the primary router still see anything coming out of the sandbox router as local, since the router itself would have a local IP (as far as the primary router is concerned)?
2. I could do the reverse and plug the primary router's WAN port into the sandbox router (so it would go cable modem -> sandbox router -> primary router). That way anything coming into my Macs from the sandbox would NEED to go through the primary router's WAN port, which I assume would mean the firewall would filter it. I'd rather not have two routers between my Macs and the Internet for ease of configuration, so would it be okay if I put the primary router in the sandbox's demilitarized zone? Since the primary router would use its own firewall, that would be just like my current one-router setup as far as the Macs are concerned, right?
Which (if either) of these is right/better? I'm not sure what makes sense, and this is not something I want to leave to trial and error.
Any insight would be appreciated.
I have a cable modem, and I currently share the internet connection with a few Macs on my local network.
What I would like to do is make it so that anything going from the PC to my Macs would be treated just like it came from the internet, and all computers would have internet access. (File sharing between my Macs and the PC is not my top priority.)
It seems like I should be able to rig this up if I use two routers, but I'm not sure exactly how. I have two ideas. (Let's call the router connected to all my Macs the "primary router" and the one connected to the PC the "sandbox router".)
1. I could connect the sandbox router's WAN port to the primary router (so it would go cable modem -> primary router -> sandbox router), and then connect the Windows PC to the sandbox router and put it on a different subnet than my Macs (say 192.168.1.x instead of 192.168.0.x, with subnet masks of 255.255.255.0). Would that work, or would the primary router still see anything coming out of the sandbox router as local, since the router itself would have a local IP (as far as the primary router is concerned)?
2. I could do the reverse and plug the primary router's WAN port into the sandbox router (so it would go cable modem -> sandbox router -> primary router). That way anything coming into my Macs from the sandbox would NEED to go through the primary router's WAN port, which I assume would mean the firewall would filter it. I'd rather not have two routers between my Macs and the Internet for ease of configuration, so would it be okay if I put the primary router in the sandbox's demilitarized zone? Since the primary router would use its own firewall, that would be just like my current one-router setup as far as the Macs are concerned, right?
Which (if either) of these is right/better? I'm not sure what makes sense, and this is not something I want to leave to trial and error.
Any insight would be appreciated.