• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Creating two distinct LAN's that share internet connection, but can't talk to each other

Y

Yohhan

Senior member
I have two linksys BEFSR41 Cable/DSL routers, and I'm trying to set up two distinct networks (that can't talk to one another) but can share the same cable modem for internet access.

I've been told I can do this, and I've tried emailing Linksys, but so far they haven't really helped me. Here's how I have it setup. If anyone can help me out here, I'd appreciate it. Maybe someone who has used the Linksys equipment before.

Router 1's WAN port hooks into the cable modem. Router 2's WAN port is connected to a regular port on Router 1.

All computers connected to Router 1 can access the internet, and talk with each other. Computers behind Router 2 can talk to each other, but can't access the internet.

Even though Router 2 is a client on Router 1, I am unable to ping it (it's WAN-side IP). However, I can ping Router 2's LAN side IP with clients within.

Any suggestions?
 
Your best bet would be to get two IP's from your ISP and a cheapo four-pourt switch. Give each Linksys one of the IP's and plug their WAN ports into the switch, along with the cable modem. Voila, problem solved.

The other viable solution would be three linksys routers - One "head" router connecting to the Internet allowing a single shared IP, and one router per secured network plugging into it. Just make sure you set the "head" router to use a different IP address range for it's inside network than the other two.

- G
 
What about one router, static routes and incompatible IP addresses on each net?


Note: That wouldn't work on a real router, but consumer grade routers like the linksys are really just overeducated switches. So it might work. Try it. Whaddaya got to lose?
 
I never personally tried such a concoction. From what I saw in other posts, it seems that some Entry level Cable/DSL Routers can be configured with a Private IP on the WAN side. Such a Router can be connected to a regular port on the first Router, and be configured at the other side as a separate LAN.
Take this info with a grain of salt hopefully it can be done.
 
I don't think it will work, because as long as traffic can get out of that second router, it will be able to be routed to the machines on the first router. Unless you set up some static routes to nullroute certain traffic, but I don't know how it would affect wanted traffic.
 
DOUBLE DOUBLE NAT

Have router no. 1 with at least two ports

Then attach another rotuer to two ports

There you go....

EDIT: comsumer routers have limited routing abilities so therfore this setup will not allow you to configure inter-vlan communication..you need layer 3 for that😎
 
I know, not what you are looking for with your equipment, but a 'BSD box with three nics can do it very easily, with total control. you can grant access to servers on either side, to specific machines, so you can manage both LAN's from one. It is a thing to behold, but there is a learning curve🙂
 
Well if you can buy a third router, you could connect the first router to your internet connection and then connect the two other routers to the first router for the separate networks.
 
Originally posted by: dude8604
Well if you can buy a third router, you could connect the first router to your internet connection and then connect the two other routers to the first router for the separate networks.
Click to expand...

exactly.
 
Turn off nat on the second box, you're natting the already natted if that makes sense. I have the same setup to keep a small training lab out of another network. Router A is hooked up to the modem and does dhcp and firewall, Router B goes from its wan port to any switch port on Router A. Set Router B up to get dynamic ip from Router A dhcp and use whatever lan ip you want behind Router B, or give Router B a fixed wan ip and exclude that ip from the Router A dhcp pool. Hope that makes sense.
 
Pinhead, I am glad to see this.

Can you tell me please the Brand, and model of the Router B.
 
I had the same sort of setup with my freebsd router as router A, and an MSN wireless AP/router as router B. The router did not block traffic from net B to net A, however. For example, I could print to my network printer on net A, from net B. I realize being in different octets will prevent the normal browsing of network resources from B to A, but that was the only protection I observed.
Net A could not see net B at all, however, due to the firewall features of router B.
 
The main router hooked up to the cable modem is a netgear fvs318 and the second one is an smc 700br. When I first hooked it up it didn't work, I scratched my head a mo0ment, logged on to the smc and turned off the firewall and it works fine. If you have any questions I'll help if I can, I'm no genius but I'll try. Hit me with email if you need to, rbenet@crosslink.net.
 
Originally posted by: pinhead
The main router hooked up to the cable modem is a netgear fvs318 and the second one is an smc 700br. When I first hooked it up it didn't work, I scratched my head a mo0ment, logged on to the smc and turned off the firewall and it works fine. If you have any questions I'll help if I can, I'm no genius but I'll try. Hit me with email if you need to, rbenet@crosslink.net.
Click to expand...
Good I have SMC7004BR.

How do I turn the Firewall off?

 
I could buy a real router, but I probably don't have the money, and I definitely wouldn't know how to use it🙂 It's more along the lines of something I'd like to get done, rather than something that must get done. So if I'm unable to do it with the equipment I have, I'll probably just move on for the time being.

Pinhead: I don't think it's possible to turn off natting on the Linksys BEFSR41. At least I sure don't know how... Does anyone know?
 
I believe one reason you probably cant ping the WAN side on Router 2 is that Linksys has the disgard ping enabled by defualt on the WAN port, this prevents the "Ping of Death" attacK. I have not tried this dual Lans with two router from Linksys but I did set one up using a D-link and a SMC router. Pinhead was on the right track

"Router A is hooked up to the modem and does dhcp and firewall, Router B goes from its wan port to any switch port on Router A. Set Router B up to get dynamic ip from Router A dhcp and use whatever lan ip you want behind Router B, or give Router B a fixed wan ip and exclude that ip from the Router A dhcp pool"

except you should have leave NAT turned on the second router so it can route between the "LAN's IP address"

So in a nut shell

Router A
WAN port to DSL/Cable (set to what ever your ISP standards are, fixed or dynamic IP addressing)
Turn DHCP on set range to what ever range desired, Ex 192.168.1.1

Router B
Wan port, plug into one of the switch ports on Router A
Turn on DHCP, set range to different IP range , Ex 192.168.200.1
Check in Admin program to make sure Wan port received address in Router A's Ip range, Ex 192.168.1.xxx
also check DNS settings in router A.

Depanding on the router you might need to set the WAN port on Router B to a fixed IP and assign the gateway and DNS Settings from router A.

That should allow the DHCP server to distribute IP's in a new address range with proper gateway and DNS settings.

I hope this helps.
 
Can't really remember how I turned it off, it's been up and running for over a year and a half now and I haven't had to touch it again. After reading the last post though I think what I did was on router b I gave the wan port an ip from the lan hooked up to router a and put the dns info in as well, using the ip of router a as the gateway entry. On router a I did dhcp but did a static ip to match router b's wan ip, usually you'll need the mac and ip of router b's wan port to do this. On the smc you can find that info on the status page I think. Hope this isn't getting more confusing. I'll log into it tomorrow if I get a chance and look at the admin console for the settings.
 
🙁 Even after you sort out the tech probs with the LinkSys, you still won't be able to separate traffic from both networks.

At the router level things are fairly simple :
Router A connects to the Internet, serves the first internal subnet and has a DHCP service for that subnet. All necessary info to provide access to the internet to the subnet clients is derived from the WAN interface (which in turns gets the info from the ISP's DHCP server).
Router B does the same for it's internal subnet, and then the problems start :
By default router B will do NAT to it's WAN port, and you need to be able to disable this (as mentioned in previous posts)
Once the NAT issue is out of the way, things "almost" work : Router B's WAN interface receives an IP adres from Router A's internal network, and the DHCP info also contains the required info about DNS, default gateway etc. The reason for the "almost" instead of "it works" is that Router A does not realize that Router B is a router, instead of just a computer. You will have to add a static route to Router B's internal network to the routing table of Router A (provided your LinkSys box support this).
IF all of this is technically possible on your LinkSys box, then you will have established Internet connectivity for both you subnets, BUT... ALL workstations will be able to communicate with each other on BOTH internal LAN's (because each of the routers can now see the other and route traffic to each other's internal & external networks.

Since the whole idea was to separate traffic on both internal networks, you will still need to look further... Basically I think you can only do this by installing a 3rd router "on top" of the 2 others. This router should then have the possibility, not only to add static routes but also to define more complex routing rules so that you can effectively prevent both internal subnets to communicate with each other. A possible option there would be to use an older pc and something like Winroute Pro form www.kerio.com. (Hint : the Kerio software would only recognize the 2 LinkSys routers as clients, not every single pc behind those routers. That might make a substantial difference in license cost). The software solution has the added benefit that it will also work even if you can not add static routes to your LinkSYS or disable NAT on the WAN interface : simply use the 3 Nics in the Winroute PC to do all routing and use the LinkSys devices as HUB/Switch. The downside : it'll cost you a pc...

Hope this helps a bit,

Eric
 
I think if you set the option on a linksys to router instead of gateway the nat turns off. I know most of the nat setup screens go away.
 
Just decided to play arround a little with my spare router and I just set this up. Follow my first post but you will have to configure the DNS and Internet gateway settings for each workstation behind the second router. I have NAT turned on the second router! Works like a charm. I am typing this message from behind the second router now.


I hope this helped.
 
Rwalter63

Can you please enable you PM or PM me your email. I would like you to ask you to try something qucik as long as the double network is On.

Thanks Jack.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top