Quantcast

Maximum PC

It is currently Fri Nov 28, 2014 9:03 pm

All times are UTC - 8 hours




Post new topic Reply to topic  [ 12 posts ] 
Author Message
 Post subject: Two routers need to share 1 cable modem connection - Help
PostPosted: Sun Feb 21, 2010 4:19 pm 
Willamette
Willamette

Joined: Tue Feb 01, 2005 12:17 pm
Posts: 1489
OK, I need some advice/help here:

Here's what I have (hardware):
I have two routers (A DLink DI-634M Wireless G MIMO 108G router) and a DLink DIR-655 Wireless N Gigabit router. One cable modem with one (1) eithernet port that connects to Comcast Highspeed Internet.

What I need to do:
I have two networks in my house. A "public" network that I let visitors and other use (which runs off the Wireless G router). I have this router set so that there is no security so that people can use it as they please (my Internet connection to Comcast is free where I live--included in my rent).

I have a second network for my own personal use that is within my home which is connected to my Media Center computer/HTPC computer and my TV.

Now, here's my questions:
I want my PCs to be able to access the Internet somehow, but don't want to have to make my Wireless N router's wireless public. So,, if I plug the Wireless N router into one of the ehternet ports on the Wireless G router, can people then access the Wireless N router via the Wireless G router?

The main computer that needs to acess the Internet is my desktop. The HTPC does not. What if I put two NIC cards into my desktop. Can I have one plugged into each router so I can access both routers from the same machine, but not have the two routers plugged into eachother? Is it possible then for someone to gain access to the Wireless N router (through my desktop)?

Basically, I want my Wireless N setup to be seperate from the Wireless G, (and I can do that by putting a password on the Wireless N), but what about the LAN ports. How can I seperate these and keep my Wireless N network private to myself while not loosing my access to the Internet through the G router?


Top
  Profile  
 
 Post subject:
PostPosted: Sun Feb 21, 2010 4:45 pm 
8086
8086

Joined: Tue Feb 16, 2010 10:04 am
Posts: 91
Just connect the WAN port of the DI-634M (public network) to the cable modem, then connect the DIR-655 (private network) to the DI-634M, WAN to LAN, respectively. Finally, place the DIR-655's WAN IP in the DMZ of the DI-634M.

[modem]<--wire-->[di-634m](lan)<--wire-->(wan)[dir-655]

Anyone on the DI-634M has Internet access, but is prevented entry to the DIR-655 by its firewall. Yet the DIR-655 still has internet access. And by placing the DIR-655 in the DMZ of the DI-634M, it will allow unsolicited traffic (online gaming, remote access, etc.) to be redirected to the private network unless otherwise forwarded on the DI-634M (not likely you'll be forwarding anything on the DI-634M anyway). Notice this also gives you administrative access to the DI-634M from the DIR-655.

This obviously creates two subnets, one per router. Make sure you use different IP networks, perhaps 192.168.1.x for the DI-634M and 192.168.2.x for the DIR-655. And make sure the DIR-655 uses a STATIC WAN IP from the DI-634M's network (remember, that IP is in the DI-634M's DMZ, so you don't want that to ever change).

NOTE: I believe the DIR-655 supports a Guest Zone that essentially does the same thing without resorting to a second router. You might want to investigate that option as well.


Last edited by eibgrad on Sun Feb 21, 2010 9:55 pm, edited 6 times in total.

Top
  Profile  
 
 Post subject:
PostPosted: Sun Feb 21, 2010 6:38 pm 
Million Club [PC]*
Million Club [PC]*
User avatar

Joined: Sun Feb 12, 2006 5:29 pm
Posts: 4914
Location: Motor City, folding for Mom
Very nicely put, eibgrad. That would work quite well.

Option 2: Smoothwall. Hang your '655 off of the Green LAN interface, and the '634M off of the Purple interface. Purple is completely isolated from Green (one-way isolation - Green can access Purple, but not vice-versa), but still has full access to the internet.

cbasset01 wrote:
The main computer that needs to acess the Internet is my desktop. The HTPC does not. What if I put two NIC cards into my desktop. Can I have one plugged into each router so I can access both routers from the same machine, but not have the two routers plugged into eachother? Is it possible then for someone to gain access to the Wireless N router (through my desktop)?
1- Are you sure that your HTPC needs zero access to the 'net? Media Center (were you using the term loosely, or referring to Windows Media Center?) especially really needs 'net access - Guide updates, MC app updates, movie data.....
2- Multi-homing your desktop (what you want to do with two NICs there) is a Very Bad Idea, especially with your 'public' WLAN being completely unprotected. Big security risk, not very hard for someone to break down that door.

Oh, and, I trust that you've disabled "wireless admin access" on the 'public' router, yes? ;)


Top
  Profile  
 
 Post subject:
PostPosted: Sun Feb 21, 2010 6:42 pm 
Hired Gun
Hired Gun
User avatar

Joined: Sat Jul 30, 2005 8:29 pm
Posts: 6409
Location: N 47° 04.525 W 122° 17.315
eibgrad wrote:
NOTE: I believe the DIR-655 supports a Guest Zone that essentially does the same thing without resorting to a second router. You might want to investigate that option as well.


Yes it does. You can see check it out here. I never suggest two routers on a home network unless it just can't be avoided.


Top
  Profile  
 
 Post subject:
PostPosted: Sun Feb 21, 2010 10:07 pm 
Willamette
Willamette

Joined: Tue Feb 01, 2005 12:17 pm
Posts: 1489
My main concern here is I don't want people to be able to access my HTPC shared folders (the people who are using the "free" wireless). But I do want my home network to be able to use the Internet. I guess I'm not so worried about whether the HTPC needs the Internet as i am just not allowing others into the Wireless N network I want to create for myself privately.

Basically, I want my HTPC and other computers to be able to talk to eachother with the Wireless N gigabit router (for speed purposes), and I want that network to be able to access the Internet. But I also need to provide an unlocked wireless (unencrypted) access for guests and other stuff (with the DI-634M), but I don't want these guests to be able to log onto my network that has my HTPC and desktop PC connected to it (which would be the DIR-655 router's network).

Is there a chance that the two firewalls can get in the way of each other??


Top
  Profile  
 
 Post subject:
PostPosted: Mon Feb 22, 2010 2:01 am 
Hired Gun
Hired Gun
User avatar

Joined: Sat Jul 30, 2005 8:29 pm
Posts: 6409
Location: N 47° 04.525 W 122° 17.315
Yeah we get it, but I get the feeling you don't, we explained how to do it the easy way and the hard way. What you want is two different subnets, one for guests and one for you. Your DIR-655 is capable of creating a virtual network for guests (Guest Zone), they won't be able to access anything on your main network. It's very easy to setup it and it's exactly what you are wanting without making it all complicated. You don't need the 2nd router.


Top
  Profile  
 
 Post subject:
PostPosted: Mon Feb 22, 2010 6:02 am 
8086
8086

Joined: Tue Feb 16, 2010 10:04 am
Posts: 91
cbassett01 wrote:
Is there a chance that the two firewalls can get in the way of each other??


Using the two router solution as I've described it, no.

The DI-634M (public network) that fronts the Internet just blindly forwards any traffic it receives to the DIR-655 (private network). That traffic and any other traffic from someone connected to the DI-634M is prevented access into the DIR-655 except by the rules you establish w/ the DIR-655’s firewall. Yet because firewalls are like “one way valuesâ€


Top
  Profile  
 
 Post subject:
PostPosted: Thu Apr 01, 2010 12:53 am 
8086
8086

Joined: Wed Mar 31, 2010 5:10 pm
Posts: 2
Could there be someone out there who could explain this a bit better? When you get on the control panel of a router, it's more complicated than that. When you enable static IP it still wants the gateway, primary DNS, secondary, and a router IP address. I'm trying to link a D-Link DI-524m (made only for the China Market---I live here) and a DIR-655. I'm trying to have the DI-524m be the part of the network I share with other people (I need to have a wired and wireless to share---hence the Guest Zone in the DIR-655 wouldn't work, as it only separates it for wireless) and the DIR-655 be my internal private network. I do not want computers on either networks to be able to see across to devices on the other router's network. Is this possible? I know when you connect a router's LAN to another router's LAN all you're doing is expanding your switch. There is no separation between the LAN ports at all. So this is not what I want to do. Anyone know specifics on what to do? Or do I need to buy a router that offers configurable VLAN ports?


Thanks all...


eibgrad wrote:
Just connect the WAN port of the DI-634M (public network) to the cable modem, then connect the DIR-655 (private network) to the DI-634M, WAN to LAN, respectively. Finally, place the DIR-655's WAN IP in the DMZ of the DI-634M.

[modem]<--wire-->[di-634m](lan)<--wire-->(wan)[dir-655]

Anyone on the DI-634M has Internet access, but is prevented entry to the DIR-655 by its firewall. Yet the DIR-655 still has internet access. And by placing the DIR-655 in the DMZ of the DI-634M, it will allow unsolicited traffic (online gaming, remote access, etc.) to be redirected to the private network unless otherwise forwarded on the DI-634M (not likely you'll be forwarding anything on the DI-634M anyway). Notice this also gives you administrative access to the DI-634M from the DIR-655.

This obviously creates two subnets, one per router. Make sure you use different IP networks, perhaps 192.168.1.x for the DI-634M and 192.168.2.x for the DIR-655. And make sure the DIR-655 uses a STATIC WAN IP from the DI-634M's network (remember, that IP is in the DI-634M's DMZ, so you don't want that to ever change).

NOTE: I believe the DIR-655 supports a Guest Zone that essentially does the same thing without resorting to a second router. You might want to investigate that option as well.


Top
  Profile  
 
 Post subject:
PostPosted: Thu Apr 01, 2010 2:09 am 
Hired Gun
Hired Gun
User avatar

Joined: Sat Jul 30, 2005 8:29 pm
Posts: 6409
Location: N 47° 04.525 W 122° 17.315
TreeFrog wrote:
Could there be someone out there who could explain this a bit better? When you get on the control panel of a router, it's more complicated than that. When you enable static IP it still wants the gateway, primary DNS, secondary, and a router IP address. I'm trying to link a D-Link DI-524m (made only for the China Market---I live here) and a DIR-655. I'm trying to have the DI-524m be the part of the network I share with other people (I need to have a wired and wireless to share---hence the Guest Zone in the DIR-655 wouldn't work, as it only separates it for wireless) and the DIR-655 be my internal private network. I do not want computers on either networks to be able to see across to devices on the other router's network. Is this possible? I know when you connect a router's LAN to another router's LAN all you're doing is expanding your switch. There is no separation between the LAN ports at all. So this is not what I want to do. Anyone know specifics on what to do? Or do I need to buy a router that offers configurable VLAN ports?


Thanks all...


eibgrad wrote:
Just connect the WAN port of the DI-634M (public network) to the cable modem, then connect the DIR-655 (private network) to the DI-634M, WAN to LAN, respectively. Finally, place the DIR-655's WAN IP in the DMZ of the DI-634M.

[modem]<--wire-->[di-634m](lan)<--wire-->(wan)[dir-655]

Anyone on the DI-634M has Internet access, but is prevented entry to the DIR-655 by its firewall. Yet the DIR-655 still has internet access. And by placing the DIR-655 in the DMZ of the DI-634M, it will allow unsolicited traffic (online gaming, remote access, etc.) to be redirected to the private network unless otherwise forwarded on the DI-634M (not likely you'll be forwarding anything on the DI-634M anyway). Notice this also gives you administrative access to the DI-634M from the DIR-655.

This obviously creates two subnets, one per router. Make sure you use different IP networks, perhaps 192.168.1.x for the DI-634M and 192.168.2.x for the DIR-655. And make sure the DIR-655 uses a STATIC WAN IP from the DI-634M's network (remember, that IP is in the DI-634M's DMZ, so you don't want that to ever change).

NOTE: I believe the DIR-655 supports a Guest Zone that essentially does the same thing without resorting to a second router. You might want to investigate that option as well.


In your case you want two separate networks, so you would connect Router 2 to Router 1 via WAN port, leave DHCP enabled, ensure both routers are on separate subnets and you should be good to go. All computers will be able to connect to the internet but the computers on Router 2 will not have access to the computers on router 1.


Top
  Profile  
 
 Post subject:
PostPosted: Thu Apr 01, 2010 3:54 am 
8086
8086

Joined: Wed Mar 31, 2010 5:10 pm
Posts: 2
You mean the subnet numbers for 255.255.0? What would I change them to? I'd only need to change the subnet for the router I'm plugging into the other router's LAN port, to its WAN--in my case, the DIR-655, right? I could leave the other one's (DI-524m) DHCP/IP/Subnet values alone?


Hitman wrote:

In your case you want two separate networks, so you would connect Router 2 to Router 1 via WAN port, leave DHCP enabled, ensure both routers are on separate subnets and you should be good to go. All computers will be able to connect to the internet but the computers on Router 2 will not have access to the computers on router 1.


Top
  Profile  
 
 Post subject:
PostPosted: Thu Apr 01, 2010 5:27 am 
Hired Gun
Hired Gun
User avatar

Joined: Sat Jul 30, 2005 8:29 pm
Posts: 6409
Location: N 47° 04.525 W 122° 17.315
no that's the subnet mask, subnet (ip range) for most standard routers is 192.168.0.x or 192.168.1.x. So for example you could change the 2nd router to 192.168.2.x


Top
  Profile  
 
 Post subject:
PostPosted: Thu Apr 01, 2010 6:15 pm 
Million Club [PC]*
Million Club [PC]*
User avatar

Joined: Sun Feb 12, 2006 5:29 pm
Posts: 4914
Location: Motor City, folding for Mom
^ ^ ^ This.
Leave the subnet mask alone. Leave the DHCP servers running on both. Don't change the DHCP range on either.
Leave every setting on the first router (the one connected to the modem) as it currently is. That one works - no need to screw around with it yet.

On the second router, only two changes that you will (or may) need to make:
1- if the WAN (internet) connection is not currently set to "autoconfiguration / DHCP", change it to that.
2- If necessary, change the LAN IP address to one that isn't within the first router's IP range.
Assuming that you've made no changes to it, your DI-524 should be on a 192.168.0.x network (with its address at 192.168.0.1); so, set the DIR-655's LAN IP address to 192.168.2.1.

Simple as that. We'll get into port-forwarding later, and only if necessary.


Top
  Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 12 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group

© 2014 Future US, Inc. All rights reserved.