Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

two seperate internal networks sharing same bb

Options
  • 12-01-2006 2:18pm
    #1
    JJSolutions
    Closed Accounts Posts: 156 ✭✭


    I have 2 internal networks that i need to keep seperate
    one is using broadband through a router
    the other lan on a seperate router

    I tried connecting the WAN port on router b to a lan port on the main router - the main router allocates an IP address to router b however clients on router b cannot ping the main router

    Can this be done? am i doing it right?

    when a client on router b pings the main router i get
    Reply from 127.0.0.1: TTL expired in transit.


Comments

  • Options
    #2
    Zab
    Registered Users Posts: 1,931 ✭✭✭Zab


    Hi JJ,

    You're using NAT on router B? These are all SOHO devices, I assume?

    Write out a small network map, including ip addresses (or ranges).

    Zab.


  • Options
    #3
    JJSolutions
    Closed Accounts Posts: 156 ✭✭JJSolutions


    I got it working - just had the wrong type of connection selected on router b for the wan port - chose a different one and everything works great

    thanks


  • Options
    #4
    JJSolutions
    Closed Accounts Posts: 156 ✭✭JJSolutions


    but.....

    when i was testing things out i can still ping 192.168.1.x even though i want that subnet seperate to the 192.168.0.1

    LAN 'A' I have:

    all computers

    192.168.1.x
    255.255.255.0

    broadband router :
    192.168.1.1
    255.255.255.0


    LAN B:
    router
    192.168.0.1
    255.255.255.0
    wan port 192.168.0.101 - lease from main router above
    acts as dhcp server to lan B

    5 WDS wireless access points
    IP range 192.168.0.95-99
    255.255.255.0

    clients on this network get ips from router
    192.168.0.x
    255.255.255.0
    default gw 192.168.0.1

    but these computers are still able to ping and get access to the pcs on lan A


    I thought they cant see 192.168.1.x as they are 192.168.0.x with 255.255.255.0

    Is there anything i need to do to fix this - thanks for any advice.


  • Options
    #5
    _CreeD_
    Registered Users Posts: 4,150 ✭✭✭_CreeD_


    Not 100% sure about this but it's what I'd try.

    Disable any dynamic routing protocols on RouterA, clear it's route table (Im presuming you didn't manually add any routes between A and B, if you did delete them).
    Im not sure how it will work on whatever routers you are using but you may need to make RouterA the default-gateway for RouterB, which it probably is already...but ya never know.

    Edit:
    Depending on the router it will likely still route between it's own connected subnets (the Lan and then Wan link to B). Is there a way for you to configure a new subnet for the LAN interface on RouterB. You'd have 3 subnets:
    LanA
    RouterA-RouterB
    LanB

    RouterA would still route traffic between the LanA and RouterA-B subnets, but with Dynamic routing disabled it would not receive routing information to LanB from via the RouterA-B subnet. In this case you would have to set RouterB's Wan link as the DG for the hosts on LanB manually. RouterB should have RouterA's own IP as it's DG.


  • Options
    #6
    Capt'n Midnight
    Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 91,863 Mod ✭✭✭✭Capt'n Midnight


    Not sure if I interpreted the question properly but..

    To have two LANs sharing BB but kept separate from each other..

    Properly configured each router should allow traffic to go from all LAN ports to all other LAN ports and to the WAN port. It should block all traffic from the WAN port to the LAN .

    Low tech solution is to buy a third router. ( also the most idiot proof if you aren't familiar with routing. )

    Connect the WAN port of the one with the best firewall to the internet, then the WAN ports of the other two into the LAN ports of the first one.

    The LAN of the first router can be seen by both separate LANs, you could put shared printers there.


  • Advertisement
  • Options
    #7
    Zab
    Registered Users Posts: 1,931 ✭✭✭Zab


    Yep, the Cap is right on this one. Three routers will do the job nicely.

    Otherwise it really depends on the hardware you're using. SOHO devices generally aren't able to do what you're looking for, but I guess it depends on the device itself.

    If LAN B is the insecure one, you could perhaps switch around the networks, so that A can access B + internet, but B can just access the internet. A's internet traffic would pass through B though. Other than this it depends on whether router B has any ability to decide what traffic to route and what not to. A linux box with a few network cards should be able to do it too.


  • Options
    #8
    rogue-entity
    Registered Users Posts: 1,656 ✭✭✭rogue-entity


    Cap is correct, but what Zab has suggested is a cheaper alternative, and is what is used at my old school to keep the student subnet isolated from the staff and admin subnets. There is also the advantage of being able to setup a proxy server and optionaly Internet Content Filtering/logging.

    You connect the DSL modem to one NIC on the Linux box, and assign it a static IP on its own subnet, e.g 192.168.0.2 (modem is 0.1)

    Then you connect the other two NICs to the routers for the other LANs. These then get there own static subnets such as 192.168.1.2 and 192.168.2.2

    You setup IPtables to allow the two lans to access the internet, but the internet cannot access your two lans, nor can the two lans communicate with each other. If you want to include a proxy and net filter as well, then use Censornet on an old PC with three NICs and it will do all the hardwork for you. And a Linux box is cheaper then a second router, with more features


Advertisement