I need help with dmz

i have a small business that needs open wifi hotspot but i also need to have all the computers for the business safe for hackers. what i was thinking is to have roter one connected to the internet and have a dmz port thing set to another router. the second router would hand the open wifi. 

would the internal network be safe (router 1) 

would the open wifi network be able to see/talk with router 1

and how would i set this up

i am on the range now but that can change at eney pont because i am geting rid of the comcast all in one in faver of a modem     

i have ddwrt flashed on all of my routers 

i am open to ideas. 

Set it up with router 1 connected to the internet.  Then connect your wireless access point (or use built in wifi) to this router and use it for your public wifi. Then connect a second router to the first one and put your private network behind that.

Using dd-wrt or openwrt you'll have a lot of control over the firewall but the general way these routers work is that things on the LAN side can access anything on the WAN side but things on the WAN side can't access things on the LAN side. 

i got that far but i need to know the set up and configuration 

when i tried i could not connected to the internet

but it could be the comcast router being weird  

This is not a huge deal because you are using ddwrt and it supports AP isolation ( <--- This is the key ) AP isolation prevents devices on a wireless network from interacting with other network traffic.

you should be able to create two SSIDs and isolate your public network. using the DMZ is ehh potential for packet sniffing and other things may still be possible.



I will have 2 public APs and I still want a dmz so can you help


i figure it out. i don't need dmz like you said. i am using vlan to separate the networks