-2

Lets say I have a network layout similar to this:

Subnet

What do I need in the ? node so that all of the PC's are not discoverable form the main network, but can access the main network/internet? I don't know if the "Main network" is a subnet in itself or not. The main network should see only the equivalent to one IP address, masking all the traffic as if only one IP is being used. I was advised that using a subnet router (NAT?) can still render the network machines discoverable?

Is there any definitive solution for this? I can afford to use custom hardware or a another machine with a network card. I'm sorry for my low networking knowledge if this a simple setup.

Primemaster
  • 99
  • 1
  • 2
    This is exactly how a typical home router operates: the machines in your house can access the internet, but hosts on the internet don't have direct access to your individual machines. So "?" could just be a typical home internet gateway, or a Linux system configured with a `MASQUERADE` NAT rule, etc. – larsks Feb 02 '23 at 16:26
  • Just get a networking professional involved - or is this a home thing? – Chopper3 Feb 03 '23 at 15:52

1 Answers1

1

You need a NAT device.

  • the device can be a router with NAT capability
  • the device can be a firewall which is in fact a router with NAT capability + security features

the NAT device will:

  • perform SNAT when a PCs want to reach main network (change source PCs IP by the "one IP is being used" you defined)
  • perform DNAT if you configure a PC to be reachable by the main network (change destination "one IP is being used" by the destination PC IP)

I assume your environment is IPv4. for IPv6 it can be different but I don't want to complexify.

exeral
  • 1,787
  • 11
  • 21