Question : VLAN, segmenting networks with IP pass through

I currently need to setup a segmented network where one network can use the internet normally but only one computer on the other network can use it.

I am thinking of getting a managed L2 switch and assigning 2 VLANs:  192.168.1.0/24 and 192.168.2.0/24

There is only one internet connection via DSL and the DSL router will assign IPs on the 192.168.1.0 subnet. I need the computer 192.168.2.10 to able to see the other computers on the 192.168.2.0 subnet AND be able to go out onto the internet.

How can i do this? At first I thought about using two IP addresses (one on each VLAN) on the 192.168.2.10 machine but I would rather not have to resort to that. Would I need a separate bridge?

Answer : VLAN, segmenting networks with IP pass through

You would be unable to do this with a layer 2 switch unless you bought a router with 2 ethernet interfaces and did a "router on a stick" setup.

In this setup you would have one router ethernet interface in 192.168.1.x and one in 192.168.2.x. You could then use Access lists and NAT to allow access from 192.168.2.10.

A better option may be to get hold of a Layer 3 switch and have 3 seperate Vlans, one for 192.168.1.x, one for 192.168.2.x and one for the router. Then, again thorugh access lists and NAT, you would have ultimate control over who has access to what.