Post Reply 
2 routers, share internet, but isolate subnets
Author Message
justMongo Offline

Monitors

Posts: 3,854
Joined: Sep 2013

Machine: ResMed VPAP Auto (S9)
Mask Type: Full face mask
Mask Make & Model: ResMed Mirage Quattro
Humidifier: ResMed H5i
CPAP Pressure: 18 IPAPmax - 11 EPAPmin, PS=5
CPAP Software: Other Software

Other Comments: μολὼν λαβέ

Sex: Male
Location: Калифорния

Post: #1
2 routers, share internet, but isolate subnets
If I take Router #1 which is connected to the internet. Has DHCP enabled; with LAN IP range of 192.168.2.100 ...

Then put a second router in the first router switch with its DHCP enabled; with LAN IP range 192.168.4.100 ... will I end up with isolation between the two subnets; but access to the internet for both subnets.

Also, router 1 will have DNS servers listed. Do I need to also have them listed in router 2; or can I point to 192.168.2.1?

INFORMATION ON APNEA BOARD FORUMS OR ON APNEABOARD.COM SHOULD NOT BE CONSIDERED AS MEDICAL ADVICE. ALWAYS SEEK THE ADVICE OF A PHYSICIAN BEFORE SEEKING TREATMENT FOR MEDICAL CONDITIONS, INCLUDING SLEEP APNEA. INFORMATION POSTED ON THE APNEA BOARD WEB SITE AND FORUMS ARE PERSONAL OPINION ONLY AND NOT NECESSARILY A STATEMENT OF FACT.
10-03-2016 06:42 PM
Find all posts by this user Post Reply Quote this message in a reply

Donate to Apnea Board
DariaVader Offline
Apnea Board Facebook Editor
Monitors

Posts: 1,827
Joined: Nov 2014

Machine: Resmed S9 AutoSet
Mask Type: Nasal pillows
Mask Make & Model: Airfit P10 for Her
Humidifier: H5i humidifier with ClimateLine heated hose
CPAP Pressure: 8-15
CPAP Software: SleepyHead

Other Comments: diabetes II, Thyroidectomized, Primary Immune Deficiency, and the list goes on :P

Sex: Female
Location: Oregon

Post: #2
RE: 2 routers, share internet, but isolate subnets
as long as you have routes setup to allow internet traffic from the near-net to/thru the far one.

I have a router that is connected to a linux box whose sole purpose is to run shorewall, and my wired network is behind the shorewall. the wirelss is all on the external router, since that is where i have a wireless device Smile

my routes are setup so that the shorewall network can get to the internet and it is on a different subnet. No reason that can't work just as well with 2 routers.

in order to share things like printing across both nets, had to allow protocol over port and provide route, but you can keep it completely isolated, or share whatever bits you choose this way.

هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه
Tongue Suck Technique for prevention of mouth breathing:
  • Place your tongue behind your front teeth on the roof of your mouth
  • let your tongue fill the space between the upper molars
  • gently suck to form a light vacuum
Practising during the day can help you to keep it at night

هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه
(This post was last modified: 10-03-2016 07:02 PM by DariaVader.)
10-03-2016 06:57 PM
Find all posts by this user Post Reply Quote this message in a reply
justMongo Offline

Monitors

Posts: 3,854
Joined: Sep 2013

Machine: ResMed VPAP Auto (S9)
Mask Type: Full face mask
Mask Make & Model: ResMed Mirage Quattro
Humidifier: ResMed H5i
CPAP Pressure: 18 IPAPmax - 11 EPAPmin, PS=5
CPAP Software: Other Software

Other Comments: μολὼν λαβέ

Sex: Male
Location: Калифорния

Post: #3
RE: 2 routers, share internet, but isolate subnets
Thanks DV. Nice to have you back.

INFORMATION ON APNEA BOARD FORUMS OR ON APNEABOARD.COM SHOULD NOT BE CONSIDERED AS MEDICAL ADVICE. ALWAYS SEEK THE ADVICE OF A PHYSICIAN BEFORE SEEKING TREATMENT FOR MEDICAL CONDITIONS, INCLUDING SLEEP APNEA. INFORMATION POSTED ON THE APNEA BOARD WEB SITE AND FORUMS ARE PERSONAL OPINION ONLY AND NOT NECESSARILY A STATEMENT OF FACT.
10-03-2016 07:55 PM
Find all posts by this user Post Reply Quote this message in a reply

Donate to Apnea Board
Crimson Nape Offline

Monitors

Posts: 1,332
Joined: Oct 2014

Machine: ResMed S9 Autoset
Mask Type: Other
Mask Make & Model: P-10 / F&P Simplus / DreamWear
Humidifier: H5i w/Climateline
CPAP Pressure: 8 - EPR 3
CPAP Software: SleepyHead

Other Comments: CMS-50F & 50IW

Sex: Male
Location: Georgia

Post: #4
RE: 2 routers, share internet, but isolate subnets
If you are going for security, I recommend that you change the second IP address more than just the third octet value. Of course that's relative to the expertise of the user on that network.

Statistics prove that people who have more birthdays live longer.
(This post was last modified: 10-03-2016 10:07 PM by Crimson Nape.)
10-03-2016 10:07 PM
Find all posts by this user Post Reply Quote this message in a reply
justMongo Offline

Monitors

Posts: 3,854
Joined: Sep 2013

Machine: ResMed VPAP Auto (S9)
Mask Type: Full face mask
Mask Make & Model: ResMed Mirage Quattro
Humidifier: ResMed H5i
CPAP Pressure: 18 IPAPmax - 11 EPAPmin, PS=5
CPAP Software: Other Software

Other Comments: μολὼν λαβέ

Sex: Male
Location: Калифорния

Post: #5
RE: 2 routers, share internet, but isolate subnets
With these routers, my first two octets are fixed at 192.168

INFORMATION ON APNEA BOARD FORUMS OR ON APNEABOARD.COM SHOULD NOT BE CONSIDERED AS MEDICAL ADVICE. ALWAYS SEEK THE ADVICE OF A PHYSICIAN BEFORE SEEKING TREATMENT FOR MEDICAL CONDITIONS, INCLUDING SLEEP APNEA. INFORMATION POSTED ON THE APNEA BOARD WEB SITE AND FORUMS ARE PERSONAL OPINION ONLY AND NOT NECESSARILY A STATEMENT OF FACT.
10-05-2016 12:27 PM
Find all posts by this user Post Reply Quote this message in a reply

Donate to Apnea Board
DariaVader Offline
Apnea Board Facebook Editor
Monitors

Posts: 1,827
Joined: Nov 2014

Machine: Resmed S9 AutoSet
Mask Type: Nasal pillows
Mask Make & Model: Airfit P10 for Her
Humidifier: H5i humidifier with ClimateLine heated hose
CPAP Pressure: 8-15
CPAP Software: SleepyHead

Other Comments: diabetes II, Thyroidectomized, Primary Immune Deficiency, and the list goes on :P

Sex: Female
Location: Oregon

Post: #6
RE: 2 routers, share internet, but isolate subnets
if you used something other than the default internal networks it could hose DNS. that said, there are other internal networks besides the class C 192.168 networks. hopefully your routers have flexible enough settings available to do what you want.

هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه
Tongue Suck Technique for prevention of mouth breathing:
  • Place your tongue behind your front teeth on the roof of your mouth
  • let your tongue fill the space between the upper molars
  • gently suck to form a light vacuum
Practising during the day can help you to keep it at night

هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه
10-05-2016 12:41 PM
Find all posts by this user Post Reply Quote this message in a reply
archangle Offline
Wiki Editor
Advisory Members

Posts: 3,159
Joined: Feb 2012

Machine: ResMed S9 AutoSet
Mask Type: Nasal pillows
Mask Make & Model: ResMed Swift FX
Humidifier: ResMed S9 H5i
CPAP Pressure: 16-20
CPAP Software: ResScan SleepyHead EncoreBasic

Other Comments: Happy PAPper

Sex: Undisclosed
Location: USA

Post: #7
RE: 2 routers, share internet, but isolate subnets
First, turn off IPv6 on both routers if you can. More on that later.

Second, almost every home router I've had the misfortune to deal with is a really amateurish piece of carp with big design flaws, security holes, missing features, and features that are, in theory, implemented and configurable, but don't work.

Is Router #1 a standalone router, or is it a modem/router? If it's a standalone router, what's it plugged into, and does what it plugs into have more than one output port?

What are the model numbers of the two routers?

Call it LAN #1 and LAN #2. (Or L1, L2, Router#1/R1, R2)

Also, assume you have a 256 address subnet with a subnet mask of 255.255.255.0. You can use a larger address space, but some of the examples below will change numbers.

First, off assume you just plug the routers in and let them figure it out. R2 is plugged into a LAN port on R1.

Lan#1 devices should not have access to Lan #2 devices, except R2 itself.

Lan#2 devices may have access to Lan#1 devices. Can you arrange the devices such that this isn't a problem? i.e. "good guys" on L2, and bad guys on L1.

If you can live with L2 devices being able to see L1 devices, you're done.

If you need to keep L2 devices from seeing L1 devices, then just set both networks to the same IP range.

For instance, suppose R1 is delivering subnet 192.168.0.1 to all of its clients, including R2. Configure R2 to also deliver subnet 192.168.0.1 to all its clients.

A device on L1 will see addresses 192.168.0.1 to 192.168.0.255 and all of those will be on L1.
A device on L2 will see addresses 192.168.0.1 to 192.168.0.255 and all of those will be on L2.

Note that L1 and L2 may use the same exact IP address numbers, but those numbers will actually go to different physical devices. Home routers do NAT (Network Address Translation). Basically, all addresses in the 192.168.x.x are private networks and the addresses are bogus, and only make sense on your local network.

NAT allows devices on "private" networks use a "bogus" IP address, but still have access to the "real" internet.

For instance, L1 may have a Windows machine (call it A) at 192.168.0.15, and L2 may have Machine B at 192.168.0.15. Any device on L1 will see A at 192.168.0.15, and not see machine B at all. Any device on L2 will see B on 192.168.0.15 and will not see machine A at all.

Now suppose that Machine C is on L1 at 192.168.0.16. Nothing on L2 will be able to see Machine C.

At least that's the way it's supposed to work. I've seen many "home/small business" routers that flat out work wrong, often in surprising ways. Make some test pings, etc.

How to configure this depends on your model of router.

Make sure your router's IP address and subnet mask are the same. This makes the two LAN's use the same address numbers, so that devices on one LAN can't see the other network.

One problem with this setup is that if you plug your computer into L2, you cannot access R1 in order to configure it. If you need to configure Router #1, you'll have to plug your computer directly into LAN 1.

You can configure it to avoid this problem but that's more complicated.

IPv6 next post.

Get the free SleepyHead software here.
Useful links.
Click here for information on the main alternative to CPAP.
If it's midnight and a DME tells you it's dark outside, go and check it yourself.
10-06-2016 03:46 AM
Find all posts by this user Post Reply Quote this message in a reply

Donate to Apnea Board
archangle Offline
Wiki Editor
Advisory Members

Posts: 3,159
Joined: Feb 2012

Machine: ResMed S9 AutoSet
Mask Type: Nasal pillows
Mask Make & Model: ResMed Swift FX
Humidifier: ResMed S9 H5i
CPAP Pressure: 16-20
CPAP Software: ResScan SleepyHead EncoreBasic

Other Comments: Happy PAPper

Sex: Undisclosed
Location: USA

Post: #8
RE: 2 routers, share internet, but isolate subnets
(10-03-2016 06:42 PM)justMongo Wrote:  Also, router 1 will have DNS servers listed. Do I need to also have them listed in router 2; or can I point to 192.168.2.1?

In the simplest configuration, DHCP will configure R2 to ask R1 for DNS.

You could also configure R2 (or R1) to directly go to a DNS server on the "real" internet, such as Google's free DNS servers at 8.8.8.8 or 8.8.4.4. Comodo is also legit and uses 8.26.56.26 and 8.20.247.20. There are other legit free DNS servers. Some of the DNS servers do some things to block malware by blocking certain known malware sites.

Sometimes, your ISP will run really lousy DNS servers or even return fraudulent addresses to deliver ads for invalid hostnames. Some ISP's even deliver false DNS results for more nefarious purposes or "traffic management." Some may even intercept DNS requests to other DNS servers and return bogus results.

You can put multiple DNS servers into most routers or computers. It will try the second one if the first one is down.

Get the free SleepyHead software here.
Useful links.
Click here for information on the main alternative to CPAP.
If it's midnight and a DME tells you it's dark outside, go and check it yourself.
10-06-2016 04:04 AM
Find all posts by this user Post Reply Quote this message in a reply
archangle Offline
Wiki Editor
Advisory Members

Posts: 3,159
Joined: Feb 2012

Machine: ResMed S9 AutoSet
Mask Type: Nasal pillows
Mask Make & Model: ResMed Swift FX
Humidifier: ResMed S9 H5i
CPAP Pressure: 16-20
CPAP Software: ResScan SleepyHead EncoreBasic

Other Comments: Happy PAPper

Sex: Undisclosed
Location: USA

Post: #9
Why not IPv6?
First, most home routers are buggy pieces of carp. IPv6 is newer and more complicated, and more likely to be implemented wrong.

Even if the router was implemented correctly, IPv6 is still in flux.

IPv4 routers generally put your LAN into a "Private Network" and devices on your LAN are not "routable" from the "real" internet. Your router has a "real" IP address, and can be reached from the big bad internet, but your individual devices have bogus IP address and there is no way for devices on the internet to connect to you. i.e. It's like a phone that can only dial out, not receive calls.

IPv6 has the potential for each device on your network to be "really" connected to the internet and have it's own REAL IPv6 address. Any device on the internet can directly connect to all of your devices.

I am not convinced the current IPv6 routers have appropriate setups to block malicious access the same way IPv4 NAT does. Even if they were, in theory, included, I have little confidence that they're done correctly by the router. The last time I dug into it, there didn't really seem to be a good protocol to do this.

In addition, I suspect many IPv6 functions on home/small business routers are buggy and/or insecure, even if the required functions are implemented.

Get the free SleepyHead software here.
Useful links.
Click here for information on the main alternative to CPAP.
If it's midnight and a DME tells you it's dark outside, go and check it yourself.
10-06-2016 04:18 AM
Find all posts by this user Post Reply Quote this message in a reply

Donate to Apnea Board
justMongo Offline

Monitors

Posts: 3,854
Joined: Sep 2013

Machine: ResMed VPAP Auto (S9)
Mask Type: Full face mask
Mask Make & Model: ResMed Mirage Quattro
Humidifier: ResMed H5i
CPAP Pressure: 18 IPAPmax - 11 EPAPmin, PS=5
CPAP Software: Other Software

Other Comments: μολὼν λαβέ

Sex: Male
Location: Калифорния

Post: #10
RE: 2 routers, share internet, but isolate subnets
These are both 2009 era routers by Linksys. Model WRT610N. Dual band wireless N.
Neither has IPv6 capability. R1 is plugged into a Motorola 2210 DSL modem. The modem is in full bridge mode -- so the modem is just a dumb mod/demod. R1 initiates PPPoE. Both routers have a built in 4 port gigabyte switch.

Yes, I can isolate the bad actors on R1 and the protected stuff on R2. In fact, the untrusted devices are on an 8 port non-managed switch.

I use DHCP reservation via MAC get devices assigned to the same local IP address. I have a networked printer that I'd like all devices to see; I assume that would be in the switch for R1. And NAS shares I'd like to restrict -- so, that goes R2.

INFORMATION ON APNEA BOARD FORUMS OR ON APNEABOARD.COM SHOULD NOT BE CONSIDERED AS MEDICAL ADVICE. ALWAYS SEEK THE ADVICE OF A PHYSICIAN BEFORE SEEKING TREATMENT FOR MEDICAL CONDITIONS, INCLUDING SLEEP APNEA. INFORMATION POSTED ON THE APNEA BOARD WEB SITE AND FORUMS ARE PERSONAL OPINION ONLY AND NOT NECESSARILY A STATEMENT OF FACT.
(This post was last modified: 10-06-2016 04:33 AM by justMongo.)
10-06-2016 04:23 AM
Find all posts by this user Post Reply Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  [News] U.S. Delays Giving Up Oversight of Internet ApneaNews 1 456 08-20-2015 10:12 PM
Last Post: archangle
  Do not use Internet Explorer! retired_guy 5 1,315 05-02-2014 05:04 PM
Last Post: PollCat
  ACA aka Obamacare: Share your story! cowboy1970 15 2,873 03-16-2014 04:04 PM
Last Post: zonk
  Authorities gain power to collect Australians' internet records SuperSleeper 4 1,439 08-27-2012 06:22 PM
Last Post: SuperSleeper

Forum Jump:

Who's Online (Complete List)