Dual Home Router Setup

[Nucleus111]

Has anyone here run a dual "home" router setup? My wife will be working from home soon, but her work computer needs to be wide open for the services/apps she'll be running.

I was wondering if I had my line coming into the first router with say a class C address going to her work computer. Then, have my second router run into the first router using a static IP for the outgoing address and say class A addresses for the rest of my computers. This way our home computers will be completely isolated from her work computer.

So, has anyone tried anything like this?
Thanks.

 

[JackMDS]

With one IP? One way to go is to cascade two Routers.

Modem ? WAN of Router1 ? Regular Port ? to WAN of second Router.

The second Router has to be able to be configured with private IP at the WAN (not all entry level Routers can do so).

Wife?s Computer goes on the DMZ of first WAN. All the rest of the Network behind Router 2.

 

[Nucleus111]

Thanks for the reply.
Thats exactly what I was thinking on doing. Just wasn't sure how 2 NAT routers would play together???

Also, if I couldn't enter a private IP on the WAN of the second router, I'll just use a standard IP there. Doesn't matter since the NAT on the first router will convert it anyway.

Have you ever tried this?
Thanks again.
George

 

[ClearToLand]

Originally posted by: JackMDS:

One way to go is to cascade two Routers.

Modem ? WAN of Router1 ? Regular Port ? to WAN of second Router.

The second Router has to be able to be configured with private IP at the WAN (not all entry level Routers can do so).

Wife?s Computer goes on the DMZ of first WAN. All the rest of the Network behind Router 2.

I've been trying to accomplish something "similar" to this (without success). Maybe you can point me in the right direction.

Modem -> WAN of Router1(wired) -> LAN Port -> WAN of Rounter2(wireless) -> LAN Port -> Laptop1
Modem -> WAN of Router1(wired) -> LAN Port(s) -> Other Desktop PCs

Router1 has an ISP assigned dynamic WAN IP address of 68.xx.xx.xx
Router1 has an ISP assigned Gateway of 68.xx.xx.1
Router1 has an ISP assigned DNS of 68.xx.xx.6, 68.xx.xx.7
Router1 has a manually assigned static LAN IP address of 192.168.0.254
Router1 is the DHCP Server, handing out 192.168.0.1 thru 192.168.0.10 to the private LAN
Router1 has the DMZ assigned to 192.168.0.251 (I'll try anything!)

Router2 has a manually assigned static WAN IP address of 192.168.0.251
Router2 has a manually assigned Gateway of 192.168.0.254
Router2 has a manually assigned DNS of 68.x.x.6, 68.x.x.7
Router2 has a manually assigned static LAN IP address of 192.168.0.253

Desktop1 has a DHCP assigned dynamic LAN IP address of 192.168.0.3
Desktop1 has a DHCP assigned Gateway of 192.168.0.254
Desktop1 has a DHCP assigned DNS of 68.xx.xx.6, 68.xx.xx.7

Laptop1 cannot reach Router1 "DHCP Server Unavailable"

Desktop1 cannot reach Router2 or Laptop1
Desktop1 can reach the INTERNET and all the other PCs on the private LAN

If I change Router2's WAN IP to ISP assigned dynamic, Router1 gladly assigns it to 192.168.0.8

All subnet masks are set to 255.255.255.0

 

[JackMDS]

Quote: ?If I change Router2's WAN IP to ISP assigned dynamic, Router1 gladly assigns it to 192.168.0.8?.
Does it work well under this setting?

To be honest it is a little confusing. Not clear to me what you are trying to achieve.

Some of the manually assigned IPs are either conflicting or can not go through double Routing.

Leave all the setting of the 2nd Router dynamic (every thing not just the WAN) and let the Router handle it.

Star at a point that it is generally working, than play with constant setting and DMZ.

 

[ClearToLand]

Originally posted by: JackMDS:

Does it work well under this setting?

No.

Originally posted by: JackMDS:

To be honest it is a little confusing. Not clear to me what you are trying to achieve.

• Router2's internal clock resets to April 1, 2002 @ 03:00 whenever you change any of its parameters
• Router2 has the ability to retrieve the correct time from a NTP server, but only if connected via its WAN port
• Most of my equipment is located in the basement - not the best location for a wireless access point (Router2). So, I replaced a switch upstairs in the den with Router2, but it only works when connected via its LAN port.

Originally posted by: JackMDS:

Some of the manually assigned IPs are either conflicting or can not go through double Routing.

Leave all the setting of the 2nd Router dynamic (every thing not just the WAN) and let the Router handle it.

I don't see what's conflicting and I don't understand what "double Routing" means.

Originally posted by: JackMDS:

Star at a point that it is generally working, than play with constant setting and DMZ.

• Router2 allows Laptop1 to access the private LAN and the INTERNET when connected to Router1 via its LAN port. But, it cannot access the NTP Server (that Server1 on Router1 successfully accesses daily) and generates an error in its log file every 30 seconds.
• Router2 doesn't do squat when connected to Router1 via its WAN port. I had hoped that manually setting the WAN IP address to 192.168.0.251 would allow Router1 to "accept" it into the private LAN. Maybe when I learn the meaning of "double Routing" I'll understand why it's not working...

 

[Nucleus111]

ClearToLand-

Router2 has a manually assigned static WAN IP address of 192.168.0.251
Router2 has a manually assigned Gateway of 192.168.0.254
Router2 has a manually assigned DNS of 68.x.x.6, 68.x.x.7

This could be your problem right here. Your router has no idea of the .254 or .6/.7 addresses.

 

[ClearToLand]

Originally posted by: Nucleus111:

This could be your problem right here. Your router has no idea of the .254 or .6/.7 addresses.

Except for the WAN IP address of 192.168.0.251, the next three entries (Gateway and DNS) are exactly what IPCONFIG /ALL shows on a Win2K Desktop that automatically gets everything assigned by the DHCP server in Router1.

If Desktop1 can access the INTERNET with the .254 Gateway and .6/.7 DNS addresses, why can't Router2?

Isn't Router1 acting as the ISP for Router2 (and all the other PCs on the private LAN), just like Comcast is the ISP for Router1?

 

[Nucleus111]

Isn't Router1 acting as the ISP for Router2

No. Router2 is just a client like everyone else behind Router1.

 

[Nucleus111]

Well, I found my answer for using 2 NAT routers (w/firewall enabled) together here

 

[p0lar]

Take that article with a grain of salt... or five.

I believe that MOST of those models are now equipped with an option to do ROUTING instead of NAT as well. They also have RIP v1/2 if memory serves. If they're going to do it, they should do it correctly and ROUTE packets from one subnet to the other rather than doing NAT from one RFC1918 address space to yet another RFC1918 address space.

My $0.02...

 

[gunrunnerjohn]

I'd like to hear how to enable true routing, and not just NAT, because none of the routers I have here seem to offer that option.

 

[ClearToLand]

Originally posted by: p0lar
Take that article with a grain of salt... or five... ...My $0.02...

The answer was SUBNETS???

I followed the instructions in the article referenced by Nucleus 111 with the following results:

• Router2 successfully gets a DHCP assigned IP address of 192.168.0.6 (and Gateway and DNS) from Router1
• I converted a Win2K Workstation into a SNTP Server, inserted the IP address into Router2, and now Router2's log shows "Feb/07/2036 01:28:16 get Time successful"
• I inserted the IP address of Columbia University's NTP Server into Router2 and Router2 FINALLY gets the correct date and time! One down!!!
• I enabled the DHCP Server on Router2 and Laptop1 successfully gets a DHCP assigned IP address of 192.168.1.1 from Router2
• Laptop1 can successfully access the INTERNET! Two down!!!
• On Router2 I opened ports 137-139 for TCP and UDP, but Laptop1 CANNOT access Desktop1 (RUN \\192.168.0.1)
• On Router2 I entered Laptop1's IP address into the DMZ, but Laptop1 CANNOT access Desktop1 (RUN \\192.168.0.1)
• I temporarily shutdown ZoneAlarm on both PCs - NG
• Desktop1 CANNOT access Laptop1 (RUN \\192.168.1.1)

Getting closer! Thanks Nucleus 111!! What's the next step?

 

[Nucleus111]

ClearToLand-

What you're trying to do and what I was wondering about are 2 different things. I wish to enable both firewalls to completely isolated a work computer. You wish to combine two routers to use both wired and wireless ethernet. You should not be going into the WAN port on router2. Think of router2 as a switch/hub and nothing more. Use an uplink or cross-over cable from lan port of router2 to lan port of router1. Disable ALL functions of router2 and everything will play nice:beer: