2 seperate networks. One internet connection.

Ajelvani

Member
Aug 5, 2015
95
0
0
In our house, I have one Comcast cable coming in that is connected to a modem. The modem is then connected to our router. I am in need of two separate networks. Since our main network will have a server, a nas, as well as my PC connected to it. The second network will have everything from everyone else's devices, to our Apple TV, to our printer connected to it. I also need to be able to access the second network from the first network, but not allow the second network to access the first network. How would I do this?
 
Feb 25, 2011
16,964
1,597
126
You would need a router that supports multiple subnets/networks, basically. Your current router might already have a guest network function built in. (Very simplified version of what you're talking about.)

The hard part is getting it so clients on network A can talk to network B, but not the other way around. (Since when I contact another system, it's gotta be able to send data back to me.) Depending on the router you have, this may not be possible.

Or you can set up the router's firewall to only allow traffic to/from certain IPs or on certain ports (so you could, say, block file sharing protocols on your second network so guests can't access your NAS, but leave open the ports used for printing.)

But it depends on the router you have, and whether or not it supports these features. Cisco has had a stranglehold on the network admin and training stuff for decades, so there are a lot of people with CCNAs or most of a CCNA who could probably do this if you had an old enterprise-grade piece of Cisco kit.
 

Ajelvani

Member
Aug 5, 2015
95
0
0
I think I forgot to mention, but I'm buying an old wrt 54gl off eBay to have a second router. How would I go about doing something like this with 2 routers. And the part where the main network has access to the other but not the other way around doesn't have to happen but if it could that would be great.
 

pcm81

Senior member
Mar 11, 2011
584
9
81
How about connecting wan port of one router (B) to lan port of the router A. Clients connecting to router b would all be just 1ip to hosts on router a so hosts from A can't distinguish among hosts in B. But hosts from B can look up hosts on A sisince router B having not found requested ip on its ports should forward to A through its wan port?
 

pcm81

Senior member
Mar 11, 2011
584
9
81
Dam. Typing on cell is slow. If I only saw post from 4 minutes earlier...
 

Ajelvani

Member
Aug 5, 2015
95
0
0
So I did some research and I'm not sure of what I have understood is right:
If I connect the second router, whatever it may be, to the first router lan to lan, and setup some IP address stuff and get it working, then the second router should even be able to access the first router and all its devices but the first router and its devices can not access the devices connected to the second router correct?
 

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,103
126
So I did some research and I'm not sure of what I have understood is right:
If I connect the second router, whatever it may be, to the first router lan to lan, and setup some IP address stuff and get it working, then the second router should even be able to access the first router and all its devices but the first router and its devices can not access the devices connected to the second router correct?

not LAN to LAN but WAN to LAN. You connect second router's WAN to one of first router's LAN port, and this will create a double NAT.

Yes, 2nd router can see first router, but not vice versa. Just like 1st router can see internet, but not vice versa.

2nd router & 1st router can't be on same IP range.

Cascading routers and creating double NAT is not recommended, however.
 
Last edited:

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,103
126
Double NAT adds latency and devices behind 2nd router might experience more internet problems if internet is not stable.

Besides, if you put your server, NAS and your PC behind 2nd router, you have to do port forwarding twice on both routers if you want to reach your server, NAS & your PC from outside, and you have to assign a fixed IP to 2nd router.

If your printer is an all-in-one device with scanner function, you will have difficulty setting it up from 2nd router since it require some extra ports to be opened up if the printer/scanner is on 1st router.

And if you do torrents, I don't know if it will work properly behind double NAT.
 
Last edited:

Ajelvani

Member
Aug 5, 2015
95
0
0
I just realized: would all I need be a sepereate/ dedicated firewall which would connect to a port on my existing router and then any device connected to the firewall would not be accessible from the any device not connected to the firewall?
 

kevnich2

Platinum Member
Apr 10, 2004
2,465
8
76
I'm curious, what is your actual intended purpose with what your wanting to do?
 

Ajelvani

Member
Aug 5, 2015
95
0
0
Well I'm creating a home network. And I'm wiring the house with cat 6 to have an Ethernet jack in each room. The second network is then for my server running as of now a website and also for a nas which stores a lot of pictures
 

kevnich2

Platinum Member
Apr 10, 2004
2,465
8
76
Well I'm creating a home network. And I'm wiring the house with cat 6 to have an Ethernet jack in each room. The second network is then for my server running as of now a website and also for a nas which stores a lot of pictures

That's the part I'm curious on. What's the purpose of the secondary network? Why add the complexity of the second network with NAT into the picture?
 

Ajelvani

Member
Aug 5, 2015
95
0
0
That's the part I'm curious on. What's the purpose of the secondary network? Why add the complexity of the second network with NAT into the picture?


The second network is so people on the first network can't access the second network such as when guests are over. Also, if the first network was to become infected with a virus, it wouldn't affect the second network. The first network is almost like a dmz