How do i separate 2 networks BUT share internet b/w the 2?

C

Cytomax

n00b
Joined
Jan 3, 2005
Messages
14
*EDIT* I completely changed my original post BUT this post is still about the same thing, i just feel this is an easier way to ask the same question PLUS i have a NEW picture*/EDIT*

Hello all... i think after all the answers i have gotten on this i have decided on a hybrid setup that will suit my needs...
I only want 3 things
1) Both networks can not access each other
2) Both networks have internet access
3) Router #1 A and Router #1 B each have DIFFERENT WAN IP addresses (My speakeasy dsl modem has 2 WAN IP Addresses)

This is what i am hoping the future network will look like
*Sidenote*
Kamikaze is a firmware from www.openwrt.org that allows me to play with vlans
Tomato is a firmware from www.polarcloud.com/tomato that is just easier for me to work with
*/Sidenote*

Drawing1.jpg


Thanks in Advance
Eddie
 
Do you want to keep these two networks separate but just have a separate route allowing external access?

If you don't care if they're completely separate you can just run a cable from router to router (switch to switch) and be done with it.

If you want to keep them completely separate you'll be going into different subnets and routing rules. . .
 
Get 1x inexpensive managed switch....create port based VLANs...wicked easy, and effective. So you're using 2x devices.

If I remember Tomato firmware though...like DD-WRT, it can do port based VLANs within the 4 built in LAN ports on the router...so you could make two different VLANs there, and uplink a cheap unmanaged switch to each of them. This approach requires 3x devices.

IMO port based VLANs are easier to setup, less troubleshooting, and very effective...versus dealing with doubling up routers with double NAT or getting into subnetting.
 
Couldn't you just set up both networks to be on different networks and then point both to the router as the gateway?
 
VLAN is the answer. inexpensive managed switch. The port which Network 1 is connected goes on VLAN #2, The port which Network 2 is connected goes on VLAN #3, the port the DSL modem is connected goes on both VLAN 2 and 3.
 
Man you guys are killing me... i somehow knew that the vlan option was the option most of you would pick... it does sound easiest to do i guess if you know what your doing... and i do get the basic concept now that i have read
http://en.wikipedia.org/wiki/VLAN
http://wiki.openwrt.org/OpenWrtDocs/NetworkInterfaces

After spending a few hours reading that vlan stuff my friend just called me up with a good idea that i think ill be using...
DSl-->Switch-->Routers # 1 (WAN IP X & LAN IP 192.168.0.1/24) and Router # 2 (WAN IP Y & LAN IP 192.168.1.1/24 )

What do you guys think?
To me this is easier since im not familiar with vlan
I would like to know if this would accomplishes the same thing as vlan and isolate both networks?

Thanks in Advance
Eddie
 
Cytomax said:
After spending a few hours reading that vlan stuff my friend just called me up with a good idea that i think ill be using...
DSl-->Switch-->Routers # 1 (WAN IP X & LAN IP 192.168.0.1/24) and Router # 2 (WAN IP Y & LAN IP 192.168.1.1/24 )
Click to expand...

That's double NAT'ing...YUCK! The inside network suffers performance, some online apps can get quirky...plus the inside network can actually find and browse the outside network. Not visa versa though.

Port Based VLANs are wicked easy.
Take your router...plug it into port 1 on your managed switch.
Take Network A...and plug them into..say....ports 2-8. Make ports 2-8 members of VLAN1..and also make port 1 a member.
Take Network B..and plug them into say..ports 9-15..and make them VLAN2...also adding port 1 as a member of this VLAN.

Done. Network A computers cannot see Network B computers..and Network B computers cannot see Network A computers. They both share access to the router via port 1.

Todays managed switches are just as easy to log into and configure as your regular old Linksys router...through a web management interface.
 
@ YeOldeStonecat
Thank you for taking interest and being so helpful
I didnt know that what i was going to do was essentially double NATing...
I thought double NATing was putting the routers in series and not parallel but again im sure i dont know as much as you guys so ill take your word for it..
Back to VLAN....
I understand the concept now behind it... and i would love to do it ... my problem is simply i dont know the exact command to type into the cli to get it to work... i guess i can try and go back to openwrt.org and use thier firmware and ask them what is the command to use....
Ill search around and read some more to see if i can figure it out then...then ill come back and let you know if i figured it out
Thanks for the help...
Eddie
 
I would definitely just get a switch and plug the WAN port of both routers into it, as well as the DSL modem. As long as your ISP provides you with 2 IP addresses, this will be your best option. If you really wanted to, you could use the same settings on the LAN side of both routers, but I would reccomend using two separate subnets, just to make managing the computers a little bit easier (ie: Use 192.168.1.0/24 on one router, and use 192.168.2.0/24 on the other)
 
Well i just updated my original post and i added a new picture so what do you guys think... will this work?
Thanks in Advance
Eddie
 
Your picture is not linked right.

I'm just curious but why don't you want to use 1 network and put a firewall (like Sygate) on each computer to refuse sharing of files? But yeah, if you want to separate the Internet then VLANs is the way to go.
 
I see your diagram now (Needed to Copy & Paste). That would probably work, but what would be easier would be to replace the Kamikaze WRT54GL with a basic switch. It would be much simpler to configure, and it would remove any possible headaches of running through a double NAT.
 
I agree i need a switch there but this is what i am thinking...
If i put a basic $20 switch there with no vlans or anything wouldnt that mess up the whole isolate network from network thing?
I thought i needed to have a switch with vlans in that area so that i keep each network isolated... if i am wrong PLEASE let me know because that would save me LOTS of work
Thanks in Advance
Eddie
 
Cytomax said:
I agree i need a switch there but this is what i am thinking...
If i put a basic $20 switch there with no vlans or anything wouldnt that mess up the whole isolate network from network thing?
I thought i needed to have a switch with vlans in that area so that i keep each network isolated... if i am wrong PLEASE let me know because that would save me LOTS of work
Thanks in Advance
Eddie
Click to expand...

You would be fine putting a switch in there. Since each network has a router, they will be 100% separated from each other thanks to NAT. The routers would each grab a different IP from your ISP, and everything will run good.

Trust me, putting a switch in there will do exactly what you want it to do, and it will alleviate any of the headaches you will have in the future with running a double NAT.
 
The bigger question here IMO is what is the DSL Modem outputting as far as IPs? Is it doing any sort of NAT or is it simply bridging both WAN IPs?

If it is doing any sort of NAT, putting another router behind it will create a double NAT situation. If it is outputting WAN IPs to the network, then doing the switch w/2 routers like you show in your picture will be fine as the routers will pickup the WAN IPs properly.
 
A man after my own heart... you most likely wont see it here but.... you would be amazed as to how many places i have been that have internet problems and have a setup where they have a modem NAT and a linksys router behind it ... for whatever reason a lot of ppl dont understand that....

To answer your question it is just a bridge and does not do any sort of NAT....

This is the first time i do a setup with dual ip so i am HOPING it will be simple...
just put a switch and set up 2 routers like i normally do and each will get its own ip.....

BTW i hope the picture showing up now...
i did the url tag instead of the img tag.. silly me...

@ Dawizman and EVERYONE else that has helped me... thank you very much... i will try out the setup and let you know how it goes..

Thanks in Advance
Eddie
 
You must log in or register to reply here.
Back
Top