TL;DR
Yes, a second router can act like a basic firewall, adding an extra layer of security to your network. It won’t replace a dedicated firewall but is better than nothing and can be useful in certain situations.
How it Works
Using a second router as a ‘firewall’ involves connecting it after your main router. This creates a DMZ (Demilitarized Zone) effect, isolating devices connected to the second router from direct exposure to the internet. Traffic has to pass through two routers, adding complexity for attackers.
Setting Up Your Router as an Artificial Firewall
- Connect the Routers: Connect a LAN port on your main router to the WAN (internet) port on your second router. This is crucial! Do not connect LAN-to-LAN.
- Configure the Second Router’s IP Address: The second router needs a different IP address range than your main router. For example:
- Main Router: 192.168.1.1 (default is common)
- Second Router: 192.168.2.1
You’ll access the second router’s settings through a web browser, usually by typing its IP address (e.g., http://192.168.2.1) into the address bar. The username and password are often ‘admin’ for both, but check your router’s documentation.
- Disable DHCP on the Second Router: This is very important! You only want one DHCP server (your main router) assigning IP addresses. In the second router’s settings, find the DHCP server section and disable it.
# Example setting in a typical router interface - Set Static IPs for Devices on the Second Router: Assign static IP addresses to devices connected to the second router within its IP range (e.g., 192.168.2.x). This makes management easier.
- Configure Port Forwarding (Optional): If you need access to services running on devices behind the second router from the internet, configure port forwarding on the second router. Forward traffic to the internal IP address of the device.
# Example port forward rule for a web server on 192.168.2.100: - Firewall Rules (Basic): Most routers have basic firewall settings. You can block specific IP addresses or ports if needed.
- Test the Connection: Connect a device to the second router and test internet access. Make sure it’s working correctly. Also, check that devices on the main network cannot directly access devices on the second network without going through the second router’s configuration (e.g., port forwarding).
Limitations
- Performance: Adding another router can slightly reduce internet speed.
- Complexity: Managing two routers is more complex than managing one.
- Not a Replacement for a Dedicated Firewall: This setup provides basic protection but lacks the advanced features of a dedicated cyber security firewall (intrusion detection, VPN support, etc.).
- Double NAT: This creates Double Network Address Translation which can cause issues with some online games and applications.
When is this useful?
- Guest Networks: Isolating guest devices from your main network.
- Testing: Creating a separate network for testing purposes.
- Old Router Repurposing: Giving an old router a new life as a basic security layer.