• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Shared local network security question

C

c0brakai

n00b
Joined
Aug 22, 2011
Messages
60
Hi everyone. Quick couple of questions I hope!

I share an internet connection with a neighbor via a wireless bridge. The neighbor's router is connected to the internet, so I plugged a LAN port on my router into the neighbor's LAN port. So I can access the both router configurations and the bridge from my computer, and see all of our connected devices as if it's a home network. I understand this is the preferred method, rather than plugging into my routers WAN port and having a separate subnet going with double DHCP servers.

Question 1: Is my assumption correct that this is the preferred method? Can someone explain WHY this is? Are there any downsides to being on a different subnet for privacy reasons?

Question 2: I had a remote desktop app on my phone and was inadvertently able to see my neighbors computer files. If it was that easy, they could easily access ours since this is basically a home network, correct?

I'm sure this has been done many times before, but perhaps is less common. I essentially want ease of device maintenance, while being able to isolate both home networks. I am using two ASUS routers, so I set up the primary router in Wireless Router mode, and my router in Access Point mode which disables the firewall and NAT since it would be redundant.

Thanks in advance if someone can clear up these 2 things!! :D
 
You said you're connected via a wireless bridge but you said you plugged in LAN ports? Are you saying you have (Your Router's LAN port) <-> Bridge <-> Bridge <-> (Their Router's LAN port)? I'm going to assume this...

#1 If you plugged in to the WAN port you wouldn't have dual DHCP. You would have DHCP on their network and DHCP on your network. The router wouldn't be a bridge at that point it would be a router...

The WAN port would get its IP address via their DHCP server and then it would act as a DHCP server for everything on its LAN.

#2. Yes, you're LAN and their LAN are not separated by any firewall at this time. It's one big LAN.

#3. If you're going to use your neighbors network to get to the internet the only way you would be safe from them being able to see your traffic would be to use some kind of VPN. However, if you plug into your WAN port then your router's firewall can keep them from initiating connections inward but still allow you to get out...

I bring up the second part because unless they are tech savvy the first part is usually not important because they won't know how to snoop your traffic anyway. Allowing your router to keep them from getting into your LAN is usually good enough for most people. It would still allow you to access their LAN so hopefully they trust you...
 
MysticRyuujin said:
You said you're connected via a wireless bridge but you said you plugged in LAN ports? Are you saying you have (Your Router's LAN port) <-> Bridge <-> Bridge <-> (Their Router's LAN port)? I'm going to assume this...

#1 If you plugged in to the WAN port you wouldn't have dual DHCP. You would have DHCP on their network and DHCP on your network. The router wouldn't be a bridge at that point it would be a router...

The WAN port would get its IP address via their DHCP server and then it would act as a DHCP server for everything on its LAN.

#2. Yes, you're LAN and their LAN are not separated by any firewall at this time. It's one big LAN.

#3. If you're going to use your neighbors network to get to the internet the only way you would be safe from them being able to see your traffic would be to use some kind of VPN. However, if you plug into your WAN port then your router's firewall can keep them from initiating connections inward but still allow you to get out...

I bring up the second part because unless they are tech savvy the first part is usually not important because they won't know how to snoop your traffic anyway. Allowing your router to keep them from getting into your LAN is usually good enough for most people. It would still allow you to access their LAN so hopefully they trust you...
Click to expand...

Thanks for the help!

Yes, when I said that I plugged in the LAN ports, I meant exactly what you described. I have a point-to-point 'invisible' bridge setup that makes it look like the routers are directly connected with a cable.

#1 Okay I see, that makes sense. Is there a downside to this? It seems like the generic internet tutorials for setting up multiple routers says to avoid this. Does it make it less reliable, or just more complex to set-up?

#2 Alright, good to know. There aren't any trust issues, but you know. It would be nice to keep it separate so they couldn't accidentally print stuff on our printer and whatnot.

I guess I will switch it to my WAN port and enable DHCP again to isolate my network from theirs. Do you have any advice for the best way to set up the IP address, gateway, and subnet mask for this scenario to still allow me to manage the devices somewhat easily? Right now, the neighbor's router is 192.168.0.1, and all connected devices are 192.168.0.2 and up.

Thanks again, it's helpful. The reason I ask these is I can make things work, but I want to know what is the best way a real tech savvy person would do it.
 
Alright if your neighbors network is 192.168.0.1 - 192.168.0.254 then you'll want to set up your router with DHCP and put it on a different network. Set your WAN port to DHCP (you want it to get its IP address and gateway from their router). Then set your LAN to use a different range such as 192.168.1.1 - 192.168.1.254

The guides that are telling you not to use two DHCP servers are correct, but they are for setting up two routers on the same network.

What they really mean is don't have two independent DHCP servers on the same layer 2 domain. However, since you're plugging into the WAN port your firewall is seperating those networks. Your equipment will never send or receive DHCP packets to or from their DHCP server.
 
MysticRyuujin said:
Alright if your neighbors network is 192.168.0.1 - 192.168.0.254 then you'll want to set up your router with DHCP and put it on a different network. Set your WAN port to DHCP (you want it to get its IP address and gateway from their router). Then set your LAN to use a different range such as 192.168.1.1 - 192.168.1.254

The guides that are telling you not to use two DHCP servers are correct, but they are for setting up two routers on the same network.

What they really mean is don't have two independent DHCP servers on the same layer 2 domain. However, since you're plugging into the WAN port your firewall is seperating those networks. Your equipment will never send or receive DHCP packets to or from their DHCP server.
Click to expand...

Awesome! I appreciate it.
 
You must log in or register to reply here.
Back
Top