Question Is one modem and two routers possible?

Lil'John

Senior member
Dec 28, 2013
287
31
91
Title is the short.

I have ATT business fiber optic with their 'modem' hardware. It currently goes to a Tomato firmware router. I'm hoping to covert over to a PFsense computer for routing duties. I can't have an extended downtime while I play around with PFsense. I'm not confident in a smooth or perfect transition... it has been 25 years since I did Cisco classes:D

Can I connect a hub to the fiber source and then connect one port to the Tomato router and existing network. Then connect PFsense box to another port? The PFsense box has four network ports so I would connect another hub/switch/router to another port for another LAN?
 

mv2devnull

Golden Member
Apr 13, 2010
1,500
145
106
You have fiber and a "modem" (or more likely "media converter") that converts that to copper ethernet? Something, that does not act as a router nor necessarily have IP address.
Put other way: ISP device in the other end of the fiber has IP address on the same subnet as the "wan-port" of your Tomato (and that address is the "upstream gateway"/"default route" of the Tomato)?

Now, you propose to insert a switch ("hubs" are out of fashion) between ISP machine and your Tomato. A layer 2 switch has no IP address.

The question is, does the ISP allow you to have multiple public IP addresses or are you limited to only one address?
If you can have only one address, then you can't have two (devices, like Tomato and PFsense).
 
  • Like
Reactions: Lil'John

Lil'John

Senior member
Dec 28, 2013
287
31
91
You have fiber and a "modem" (or more likely "media converter") that converts that to copper ethernet? Something, that does not act as a router nor necessarily have IP address.
Put other way: ISP device in the other end of the fiber has IP address on the same subnet as the "wan-port" of your Tomato (and that address is the "upstream gateway"/"default route" of the Tomato)?
Correct, I have a fiber line/cable to a piece of equipment that converts it to copper ethernet. From that piece of equipment("modem" or "converter"), I have a single ethernet cable going to my Tomato router.

Now, you propose to insert a switch ("hubs" are out of fashion) between ISP machine and your Tomato. A layer 2 switch has no IP address.
Hubs are what in my storage closet:D From what I recall at a basic level, hubs just blast all traffic; switches direct traffic based upon MAC addresses; routers direct traffic based upon IP addresses. But you are correct, I want to insert a multiport device in from of Tomato.

The question is, does the ISP allow you to have multiple public IP addresses or are you limited to only one address?
If you can have only one address, then you can't have two (devices, like Tomato and PFsense).
I would have to check my paperwork from 5 years ago. But my brain says I have more than one public facing IP address available to me.

So if I have two public facing IPs, it sounds like I can do what I am proposing. Correct?

May be this can help.


:cool:
I'll take a look into this. But my bad memory says VLAN wasn't quite what I was looking for.
 

mv2devnull

Golden Member
Apr 13, 2010
1,500
145
106
5-port 1Gbps unmanaged switch is quite cheap now, if the hub seems to choke.

VLAN is indeed something else.

So if I have two public facing IPs, it sounds like I can do what I am proposing. Correct?
The Tomato does get "wan port" IP address (etc) from ISP with DHCP, doesn't it?

You definitely can add the hub and PFsense, and set it use DHCP too. I expect some possibilities:
  • ISP allows only one address and PFsense does not get address
  • ISP allows one or more addresses, but one has to register each MAC
  • ISP allows multiple addresses. PFsense "just works" gets address
  • If ISP does not provide DHCP service, then they would have given you the network config required to manually set up your ISP-facing device
So yes, it would/could, and you can test that with minimal network downtime.
 
  • Like
Reactions: Lil'John

Lil'John

Senior member
Dec 28, 2013
287
31
91
5-port 1Gbps unmanaged switch is quite cheap now, if the hub seems to choke.
I'm hoping to only have to use this setup for max of a day or two while I get the PFsense working correct. Once PFsense is working, I am going to pull the Tomato completely. So buying more hardware for very temporary setup is out of the question.

The Tomato does get "wan port" IP address (etc) from ISP with DHCP, doesn't it?

You definitely can add the hub and PFsense, and set it use DHCP too. I expect some possibilities:
  • ISP allows only one address and PFsense does not get address
  • ISP allows one or more addresses, but one has to register each MAC
  • ISP allows multiple addresses. PFsense "just works" gets address
  • If ISP does not provide DHCP service, then they would have given you the network config required to manually set up your ISP-facing device
So yes, it would/could, and you can test that with minimal network downtime.
My ISP gives me four static IP addresses due to business class fiber:rolleyes:. So from what I've seen so far, it sounds like my plan should work:
  • ISP equipment to hub (DLink DGS-108)
  • Tomato router to hub using static IP address(x.y.z.13) I'm currently using and leaving rest of network intact
  • PFsense device to hub using a new static IP address(x.y.z.14) with switch and test computer "network" for testing
I understand that the hub will potentially cause some slow down due to blasting packets. But this shouldn't be an issue for the time I'll be doing this.
 
  • Like
Reactions: mv2devnull

Hans Gruber

Platinum Member
Dec 23, 2006
2,159
1,113
136
I have never heard of a router being able to function well on DD-WRT/Tomato for a long period of time without serious issues. So any weird behavior or unusual requests would beg the question of open source firmware.
 

mindless1

Diamond Member
Aug 11, 2001
8,106
1,458
126
^ I've had several routers running DD-WRT long term, without issues. It's among my primary criteria picking a router and it's been great, EXCEPT, DD-WRT doesn't support wifi6 yet (unless that happened while I was away from the scene), so currently sticking with my Netgear R6700 v3 and D-Link DIR-882 a1, both with DD-WRT for a while longer.
 
Last edited:

Lil'John

Senior member
Dec 28, 2013
287
31
91
I've run Tomato on two routers for years. Current router has been running it for ~6 years with no issues. Main reason I'm going from Tomato to PFsense is to rack mount all my hardware.
 

Fallen Kell

Diamond Member
Oct 9, 1999
6,047
433
126
PFsense sounds like a good solution for you. Just try and not make it more complicated than it needs to be for your own needs. Typically in a business environment, I would advocate for not having PFsense perform your local DHCP duties (especially if you have a large VLAN configuration, but it does not sound like you have that given you probably are just using Tomato at the moment).

I will suggest separating a couple kinds of your devices onto different VLANs for good business practices:

Production Server VLAN (your main servers/virtual machines go here)
Development Server VLAN (test/backup servers and virtual machines should be on this)
Management Console VLAN (connect out-of-bands management systems/BMC/network-consoles to this)
Desktop VLAN (as the name says, desktops go here)
IP Phones VLAN (place any kind of IP phones on this)
Security VLAN (security devices, sensors, cameras, etc)
IoT VLAN (items like TVs, coffee pots, refrigerators, etc)
Admin VLAN (your system administrators' machine(s) should be on this one)
Guest VLAN
 
  • Like
Reactions: Lil'John

George Nasir

Member
Sep 20, 2022
26
1
16
Several static IP addresses to link two routers to a single modem
Multiple firms sharing one location is a surprisingly widespread practice, even though it almost certainly reduces the bandwidth available.
 

Lil'John

Senior member
Dec 28, 2013
287
31
91
PFsense sounds like a good solution for you. Just try and not make it more complicated than it needs to be for your own needs. Typically in a business environment, I would advocate for not having PFsense perform your local DHCP duties (especially if you have a large VLAN configuration, but it does not sound like you have that given you probably are just using Tomato at the moment).

I will suggest separating a couple kinds of your devices onto different VLANs for good business practices:

Production Server VLAN (your main servers/virtual machines go here)
Development Server VLAN (test/backup servers and virtual machines should be on this)
Management Console VLAN (connect out-of-bands management systems/BMC/network-consoles to this)
Desktop VLAN (as the name says, desktops go here)
IP Phones VLAN (place any kind of IP phones on this)
Security VLAN (security devices, sensors, cameras, etc)
IoT VLAN (items like TVs, coffee pots, refrigerators, etc)
Admin VLAN (your system administrators' machine(s) should be on this one)
Guest VLAN

This is actually a home network with some software consulting work on the side ;) The fiber was my only choice for low latency, minimal/no weather impacted networking. I get too much rain/snow to reply upon Starlink, DirectTv, or similar satellite/wireless solutions. My neighbor continues to try other options since fiber costs an arm and a leg.

My network has four or five servers sitting on it plus another four of five desktops and two or three laptop/tablets.

My PFsense box has two onboard gigabit ports and two 10G ports provided by Intel X550-T2. One of the gig ports will go to fiber device. One of the 10G ports will go for internal cam network.