Looking for options for an unorthodox network setup

[Tripredacus]

I am trying to determine what the best way to accomplish my goal of being able to network a modern device (Roku) as well as a some legacy computers (9x, XP) together but using some rules. I have laid out an example diagram here, and this layout is working correctly at the present time.

What I want to accomplish is allow PC 3,4 and Server to see each other but not be able to see the rest of the network especially the internet. The server needs to see PC1 or 2 but not the internet.

I have considered that I may need to connect a device between the DECA CHA and the Switch. I may be able to accomplish this using VLANs but I am not sure. I do not know if I need one or more than one device and where it needs to be put in the chain. I know I need a firewall of some sort. Potentially the server can bridge the two networks if need be. I haven't built the server yet.

The various network equipment I have at my disposal to use to integrate into this are here, but I am unsure if any of these have the ability to do what I want (I am in the process of researching/testing them now)

Cisco 2811 with 4 port HWIC
Cisco 2821 (it has T1 ports but we'll pretend those aren't there)
Ameri.com S53R24i
Allied TeleSyn AT-8324SX
CentreCOM 8224XL
HP ProCurve 2910al-24G

All of the above are 10/100 except the HP which is gigabit. DECA limits out at 54mbps so Fast Ethernet is fine. I also have some 100FX stuff also but that is a project for future me.

[Tripredacus]

I had already gone through and tested the hardware listed above with exception of the ProCurve. The Cisco devices had the most promise, however they had issues where certain settings are not stored on the CF cards and the battery on the board was dead. The battery being soldered to the board meant that it would require more work than I was willing to invest to get them working. For an example, one of the things that is handled by the battery is ports being up, including the management port. So every time power was reset, I would have to use terminal over serial to up the ports again. 

Rather, the next step seems to be to use the "Server" as the go-between. I have already built a computer that has 2 LAN ports and 1 will connect into the DECA network and the other to a switch that the computers will connect to. I still have to work out this switch, as it may have to be a router since I have non-computer devices present now that I need DHCP for. I am not using a Server OS.  In general, the computers on the private end shouldn't have access to the internet, but a couple of them may be allowed to get to specific addresses. Bard says that I can make a Bridge on the server and use Windows Firewall to block all inbound on the private nic with exceptions, but I generally do not trust Windows Firewall. I suppose I could use the router for that instead, but a bridge still may be needed in any case.

[NotHereToPlayGames]

On 4/24/2024 at 1:43 PM, Tripredacus said:

The server needs to see PC1 or 2 but not the internet.

It's been too long, but doesn't a "null modem" cable between server and PC1 and between server and PC2 accomplish this?

Of course, I am assuming that all three are in the same "network closet".

[Tripredacus]

I've changed on that aspect. the server can see the internet. Originally when I was planning this setup I figured that the server would have an older OS like Windows NT or some other OS that shouldn't be exposed to the internet. Now I have changed those requirements, rather it won't be just a file server. I built (or repurposed) a Windows 10 PC for that spot and there is no issue with it being online. The file server role will not be handled with file sharing, rather I installed XAMPP on it and will use FileZilla to let the older systems get files via FTP. This is more ideal since I have a 4th spot (or more) potentially open for adding other computers such as a Mac or other things that may not play well with Windows file shares.

So in my diagram, the Server connects to PC4 and 5 (and 6) via a router., And the Server connects to the DECA network on a separate ethernet port.  It will be that physical bridge between the two networks, rather than the old plan to put some actual network hardware in between.