Hello Guest, Welcome to Apnea Board !
As a guest, you are limited to certain areas of the board and there are some features you can't use.
To post a message, you must create a free account using a valid email address.

or Create an Account


New Posts   Today's Posts

2 routers, share internet, but isolate subnets
#1
If I take Router #1 which is connected to the internet. Has DHCP enabled; with LAN IP range of 192.168.2.100 ...

Then put a second router in the first router switch with its DHCP enabled; with LAN IP range 192.168.4.100 ... will I end up with isolation between the two subnets; but access to the internet for both subnets.

Also, router 1 will have DNS servers listed. Do I need to also have them listed in router 2; or can I point to 192.168.2.1?

Admin Note:
JustMongo passed away in August 2017
Click HERE to read his Memorial Thread

~ Rest in Peace ~
Post Reply Post Reply
#2
as long as you have routes setup to allow internet traffic from the near-net to/thru the far one.

I have a router that is connected to a linux box whose sole purpose is to run shorewall, and my wired network is behind the shorewall. the wirelss is all on the external router, since that is where i have a wireless device Smile

my routes are setup so that the shorewall network can get to the internet and it is on a different subnet. No reason that can't work just as well with 2 routers.

in order to share things like printing across both nets, had to allow protocol over port and provide route, but you can keep it completely isolated, or share whatever bits you choose this way.
هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه
Tongue Suck Technique for prevention of mouth breathing:
  • Place your tongue behind your front teeth on the roof of your mouth
  • let your tongue fill the space between the upper molars
  • gently suck to form a light vacuum
Practising during the day can help you to keep it at night

هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه
Post Reply Post Reply
#3
Thanks DV. Nice to have you back.

Admin Note:
JustMongo passed away in August 2017
Click HERE to read his Memorial Thread

~ Rest in Peace ~
Post Reply Post Reply


#4
If you are going for security, I recommend that you change the second IP address more than just the third octet value. Of course that's relative to the expertise of the user on that network.
______________________
Useful Links -or- When All Else Fails:
Posting SleepyHead Charts in 5 Easy Steps
Robysue's Beginner's Guide to Sleepyhead
Apnea Helpful Tips
Post Reply Post Reply
#5
With these routers, my first two octets are fixed at 192.168

Admin Note:
JustMongo passed away in August 2017
Click HERE to read his Memorial Thread

~ Rest in Peace ~
Post Reply Post Reply
#6
if you used something other than the default internal networks it could hose DNS. that said, there are other internal networks besides the class C 192.168 networks. hopefully your routers have flexible enough settings available to do what you want.
هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه
Tongue Suck Technique for prevention of mouth breathing:
  • Place your tongue behind your front teeth on the roof of your mouth
  • let your tongue fill the space between the upper molars
  • gently suck to form a light vacuum
Practising during the day can help you to keep it at night

هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه هههههه
Post Reply Post Reply


#7
First, turn off IPv6 on both routers if you can. More on that later.

Second, almost every home router I've had the misfortune to deal with is a really amateurish piece of carp with big design flaws, security holes, missing features, and features that are, in theory, implemented and configurable, but don't work.

Is Router #1 a standalone router, or is it a modem/router? If it's a standalone router, what's it plugged into, and does what it plugs into have more than one output port?

What are the model numbers of the two routers?

Call it LAN #1 and LAN #2. (Or L1, L2, Router#1/R1, R2)

Also, assume you have a 256 address subnet with a subnet mask of 255.255.255.0. You can use a larger address space, but some of the examples below will change numbers.

First, off assume you just plug the routers in and let them figure it out. R2 is plugged into a LAN port on R1.

Lan#1 devices should not have access to Lan #2 devices, except R2 itself.

Lan#2 devices may have access to Lan#1 devices. Can you arrange the devices such that this isn't a problem? i.e. "good guys" on L2, and bad guys on L1.

If you can live with L2 devices being able to see L1 devices, you're done.

If you need to keep L2 devices from seeing L1 devices, then just set both networks to the same IP range.

For instance, suppose R1 is delivering subnet 192.168.0.1 to all of its clients, including R2. Configure R2 to also deliver subnet 192.168.0.1 to all its clients.

A device on L1 will see addresses 192.168.0.1 to 192.168.0.255 and all of those will be on L1.
A device on L2 will see addresses 192.168.0.1 to 192.168.0.255 and all of those will be on L2.

Note that L1 and L2 may use the same exact IP address numbers, but those numbers will actually go to different physical devices. Home routers do NAT (Network Address Translation). Basically, all addresses in the 192.168.x.x are private networks and the addresses are bogus, and only make sense on your local network.

NAT allows devices on "private" networks use a "bogus" IP address, but still have access to the "real" internet.

For instance, L1 may have a Windows machine (call it A) at 192.168.0.15, and L2 may have Machine B at 192.168.0.15. Any device on L1 will see A at 192.168.0.15, and not see machine B at all. Any device on L2 will see B on 192.168.0.15 and will not see machine A at all.

Now suppose that Machine C is on L1 at 192.168.0.16. Nothing on L2 will be able to see Machine C.

At least that's the way it's supposed to work. I've seen many "home/small business" routers that flat out work wrong, often in surprising ways. Make some test pings, etc.

How to configure this depends on your model of router.

Make sure your router's IP address and subnet mask are the same. This makes the two LAN's use the same address numbers, so that devices on one LAN can't see the other network.

One problem with this setup is that if you plug your computer into L2, you cannot access R1 in order to configure it. If you need to configure Router #1, you'll have to plug your computer directly into LAN 1.

You can configure it to avoid this problem but that's more complicated.

IPv6 next post.
Get the free SleepyHead software here.
Useful links.
Click here for information on the main alternative to CPAP.
If it's midnight and a DME tells you it's dark outside, go and check it yourself.
Post Reply Post Reply
#8
(10-03-2016, 06:42 PM)justMongo Wrote: Also, router 1 will have DNS servers listed. Do I need to also have them listed in router 2; or can I point to 192.168.2.1?

In the simplest configuration, DHCP will configure R2 to ask R1 for DNS.

You could also configure R2 (or R1) to directly go to a DNS server on the "real" internet, such as Google's free DNS servers at 8.8.8.8 or 8.8.4.4. Comodo is also legit and uses 8.26.56.26 and 8.20.247.20. There are other legit free DNS servers. Some of the DNS servers do some things to block malware by blocking certain known malware sites.

Sometimes, your ISP will run really lousy DNS servers or even return fraudulent addresses to deliver ads for invalid hostnames. Some ISP's even deliver false DNS results for more nefarious purposes or "traffic management." Some may even intercept DNS requests to other DNS servers and return bogus results.

You can put multiple DNS servers into most routers or computers. It will try the second one if the first one is down.
Get the free SleepyHead software here.
Useful links.
Click here for information on the main alternative to CPAP.
If it's midnight and a DME tells you it's dark outside, go and check it yourself.
Post Reply Post Reply
#9
First, most home routers are buggy pieces of carp. IPv6 is newer and more complicated, and more likely to be implemented wrong.

Even if the router was implemented correctly, IPv6 is still in flux.

IPv4 routers generally put your LAN into a "Private Network" and devices on your LAN are not "routable" from the "real" internet. Your router has a "real" IP address, and can be reached from the big bad internet, but your individual devices have bogus IP address and there is no way for devices on the internet to connect to you. i.e. It's like a phone that can only dial out, not receive calls.

IPv6 has the potential for each device on your network to be "really" connected to the internet and have it's own REAL IPv6 address. Any device on the internet can directly connect to all of your devices.

I am not convinced the current IPv6 routers have appropriate setups to block malicious access the same way IPv4 NAT does. Even if they were, in theory, included, I have little confidence that they're done correctly by the router. The last time I dug into it, there didn't really seem to be a good protocol to do this.

In addition, I suspect many IPv6 functions on home/small business routers are buggy and/or insecure, even if the required functions are implemented.
Get the free SleepyHead software here.
Useful links.
Click here for information on the main alternative to CPAP.
If it's midnight and a DME tells you it's dark outside, go and check it yourself.
Post Reply Post Reply


#10
These are both 2009 era routers by Linksys. Model WRT610N. Dual band wireless N.
Neither has IPv6 capability. R1 is plugged into a Motorola 2210 DSL modem. The modem is in full bridge mode -- so the modem is just a dumb mod/demod. R1 initiates PPPoE. Both routers have a built in 4 port gigabyte switch.

Yes, I can isolate the bad actors on R1 and the protected stuff on R2. In fact, the untrusted devices are on an 8 port non-managed switch.

I use DHCP reservation via MAC get devices assigned to the same local IP address. I have a networked printer that I'd like all devices to see; I assume that would be in the switch for R1. And NAS shares I'd like to restrict -- so, that goes R2.


Admin Note:
JustMongo passed away in August 2017
Click HERE to read his Memorial Thread

~ Rest in Peace ~
Post Reply Post Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  [News] U.S. Delays Giving Up Oversight of Internet ApneaNews 1 574 08-20-2015, 10:12 PM
Last Post: archangle
  Do not use Internet Explorer! retired_guy 5 1,537 05-02-2014, 05:04 PM
Last Post: PollCat
  ACA aka Obamacare: Share your story! cowboy1970 15 3,308 03-16-2014, 04:04 PM
Last Post: zonk
  Authorities gain power to collect Australians' internet records SuperSleeper 4 1,593 08-27-2012, 06:22 PM
Last Post: SuperSleeper

Forum Jump:

New Posts   Today's Posts




About Apnea Board

Apnea Board is an educational web site designed to empower Sleep Apnea patients.

For any more information, please use our contact form.