TD-W9970: how to connect to a modem ISP via LAN/WAN port
Hi all,
I'm configuring a little webserver at home and I would like to separate it from the rest of my LAN.
I bought this router TD-W9970 for that.
I know I have to connect, by ethernet cable (see the picture below):
- the LAN/WAN port of TC-W9970 to a LAN port of my modem ISP (the rest of my local network will be on the other LAN ports of the modem ISP).
- the PC webserver to a LAN port of TD-W9970
This way I should "separate" my Local network from the PC webserver.
but it isn't. I tried pinging from both sides and they "see" each other....
Then I think I have to configure my TD-W9970 in some way...
Can someone help me on that?
many thanks!
mf
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
mfran2002 wrote
update:
step1:
to block the traffic from the webserver to the home lan, I have enabled a rule on the firewall of the router tplink
deny ALL from webserver lan (192.168.1.0/24) to home lan (192.168.178.0/24)
the only problem (maybe) is that with this rule I also reject teamviewer traffic from outside: to allow, I should remove the modemISP (192.168.178.1) from the firewall rule...and I don't know if it can be safe... any idea?
Yes, that's what you'll have to do - exclude the modemISP (192.168.178.1) from that rule.
This way the devices in 192.168.1.0/24 will have access to Internet through home lan GW (192.168.178.1 - modemISP), but the rest of the home lan (192.168.178.0/24)
- Copy Link
- Report Inappropriate Content
You should set TD-W9970 in Wireless Router mode.
Thus, when connected on its LAN4/WAN port to your ISP router LAN4 port it will separate its LAN in a different subnet.
You'll introduce a double NAT this way but this is what you're trying to achieve - isolate your WebServer in a different subnet.
Remember that you'll need to configure a Virtual Server on TD-W9970 to be able to access WebServer from the Internet:
In this scenario you'll need to configure Virtual Server (Port Forwarding) on your ISP Router to the TD-W9970 WAN port IP address (which is in your ISP Router LAN subnet).
Also you'll need to configure as a Virtual Server on the TD-W9970, the LAN IP address of your WebServer.
Here you can set the ping behavior:
- Copy Link
- Report Inappropriate Content
Hi @terziyski and many many thanks for your suggestions!
really appreciated
I followed your suggestion and first of all I have switched to Wireless Router mode (the initial configuration was the original one, from the farm).
My webserver has taken IP address from TD-W9970 and this one has taken its IP (home_lan side) from the modem ISP: good
then I tried to see if the subnets (home_lan and webserver_lan) were separated:
my home_lan can't reach the webserver: ok
the webserver can reach my home_lan, it can navigate and ping as well
before to go ahead: how can I sort this? indeed my main goal is that from webserver nobody can reach my home lan...
- Copy Link
- Report Inappropriate Content
update:
step1:
to block the traffic from the webserver to the home lan, I have enabled a rule on the firewall of the router tplink
deny ALL from webserver lan (192.168.1.0/24) to home lan (192.168.178.0/24)
the only problem (maybe) is that with this rule I also reject teamviewer traffic from outside: to allow, I should remove the modemISP (192.168.178.1) from the firewall rule...and I don't know if it can be safe... any idea?
step2:
to be able to reach the webserver via http from outside I created two forwarding port rules:
- forward http traffic (port 80) to router TPLINK (192.168.178.149)
- forward http traffic (port 80) to webserver (192.168.1.2)
- Copy Link
- Report Inappropriate Content
mfran2002 wrote
update:
step1:
to block the traffic from the webserver to the home lan, I have enabled a rule on the firewall of the router tplink
deny ALL from webserver lan (192.168.1.0/24) to home lan (192.168.178.0/24)
the only problem (maybe) is that with this rule I also reject teamviewer traffic from outside: to allow, I should remove the modemISP (192.168.178.1) from the firewall rule...and I don't know if it can be safe... any idea?
Yes, that's what you'll have to do - exclude the modemISP (192.168.178.1) from that rule.
This way the devices in 192.168.1.0/24 will have access to Internet through home lan GW (192.168.178.1 - modemISP), but the rest of the home lan (192.168.178.0/24)
- Copy Link
- Report Inappropriate Content
@terziyski you are my legend!
MANY MANY TAHNKS!
without your help I would never sorted this out!
if you come in London (better after omicron...), wagons of beer approaching for you my friend!
cheers!
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 2423
Replies: 6
Voters 0
No one has voted for it yet.