New Posts  All Forums:Forum Nav:

2 Routers Together

post #1 of 6
Thread Starter 
So I am trying to set up two networks at my home.

The first is 10.1.2.X (gateway 10.1.2.1) that my ps3, wife's laptop, my laptop, and my desktop are on. Its a 'safe' network.

Also, I have a 10.1.3.X (gateway 10.1.3.1) that I use for my development server and the network I fix computers (full of viruses, usually) on.

I want to keep the two somewhat separate (hence, not just making the second router on the same subnet) for client computers but I still want a few devices to be able to 'talk' (dev server -> my laptop) when I need them. I also expose some web services on my dev server.

Any thoughts on how I would do this?

(Note: the first router is in my attic, the second in my basement; hence, two routers).
    
CPUMotherboardGraphicsRAM
Intel Core i7 920 @ 4Ghz Rampage II GENE PNY GTX 680 G.Skill Sniper (12GB) 
Hard DriveOptical DriveCoolingOS
Seagate Momentus XT SATA Optical Drive Kuhler 920 Windows 7 Ultimate 
MonitorKeyboardPowerCase
Dell U2410 Logitech G11  Silverstone ST75 750W Antec Mini P180B 
MouseMouse PadOther
Logitech MX518 Steelpad G19 Gaming Headset 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel Core i7 920 @ 4Ghz Rampage II GENE PNY GTX 680 G.Skill Sniper (12GB) 
Hard DriveOptical DriveCoolingOS
Seagate Momentus XT SATA Optical Drive Kuhler 920 Windows 7 Ultimate 
MonitorKeyboardPowerCase
Dell U2410 Logitech G11  Silverstone ST75 750W Antec Mini P180B 
MouseMouse PadOther
Logitech MX518 Steelpad G19 Gaming Headset 
  hide details  
Reply
post #2 of 6
What kind of routers do you have?
You should be able to do something like this with DD-WRT
Any kind of enterprise router that supports access lists will be able to facilitate this function.

If you had a more demanding/secure environment it might be worth looking into something like a Cisco ASA.

Ghetto rig wise you could probably achieve this from:

WAN -> (Wan Port) Router 1 (LAN Port) -> (WAN Port) Router 2

Devices on router 2 would be hidden behind NAT and not directly accessible by devices in router 1's network (Unless you port forward). However, devices in router 2's network can access the devices in router 1's network since router 2 will make the appropriate NAT translation for outbound communications.

Keep in mind, I wouldn't hang any unsecure AP's or anything off of router 1's network, as you can easily capture data flowing between the WAN and router 2 from this 'less secure' network.

Also, your PS3 will HATE you for being behind double PAT..
Edited by beers - 1/23/11 at 7:23pm
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
post #3 of 6
Or you could use one router and just create different VLANs (if your router supports VLAN tagging).

The benefits...reduced chance of ARP poisoning and the VLAN will keep the traffic truly isolated.
ShoopDaWoop
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 920 ASUS P6T6 WS Revolution eVGA GTX 280 Corsair Dominator 6x2GB DDR3 
Hard DriveOptical DriveOSMonitor
150GB Velociraptor LG 22x DVD +-R/RW SATA Windows 7 Ultimate x64 2x SAMSUNG 206BW 
KeyboardPowerCaseMouse
Logitech G15 Gaming Keyboard Corsair 1 kW Cosmos 1000 Logitech G5 
  hide details  
Reply
ShoopDaWoop
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 920 ASUS P6T6 WS Revolution eVGA GTX 280 Corsair Dominator 6x2GB DDR3 
Hard DriveOptical DriveOSMonitor
150GB Velociraptor LG 22x DVD +-R/RW SATA Windows 7 Ultimate x64 2x SAMSUNG 206BW 
KeyboardPowerCaseMouse
Logitech G15 Gaming Keyboard Corsair 1 kW Cosmos 1000 Logitech G5 
  hide details  
Reply
post #4 of 6
Thread Starter 
I have a DIR-655 and a (bleh) WGT624.... probably no vlan, though I hadn't thought of that...
    
CPUMotherboardGraphicsRAM
Intel Core i7 920 @ 4Ghz Rampage II GENE PNY GTX 680 G.Skill Sniper (12GB) 
Hard DriveOptical DriveCoolingOS
Seagate Momentus XT SATA Optical Drive Kuhler 920 Windows 7 Ultimate 
MonitorKeyboardPowerCase
Dell U2410 Logitech G11  Silverstone ST75 750W Antec Mini P180B 
MouseMouse PadOther
Logitech MX518 Steelpad G19 Gaming Headset 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel Core i7 920 @ 4Ghz Rampage II GENE PNY GTX 680 G.Skill Sniper (12GB) 
Hard DriveOptical DriveCoolingOS
Seagate Momentus XT SATA Optical Drive Kuhler 920 Windows 7 Ultimate 
MonitorKeyboardPowerCase
Dell U2410 Logitech G11  Silverstone ST75 750W Antec Mini P180B 
MouseMouse PadOther
Logitech MX518 Steelpad G19 Gaming Headset 
  hide details  
Reply
post #5 of 6
Quote:
Originally Posted by rocketman331 View Post
Or you could use one router and just create different VLANs (if your router supports VLAN tagging).

The benefits...reduced chance of ARP poisoning and the VLAN will keep the traffic truly isolated.
Pretty much what I would shoot for.

The router up stairs configured with 2 Vlans and DHCP pools. Say Vlan 2 (10.1.1.0) and Vlan 3 (10.1.2.0). Both seprated by an access list, deny Vlan 3 any access to Vlan 2. Open a few IP addresses between the Vlans so that your Dev machine can talk to the needed laptops. The remaining machines on Vlan 3 can only go out to the internet if needed, Firewall-Nat->DMZ.

You can have a managed switch for downstairs that only has Vlan 3 tagged on it's user ports.

This way all the DHCP, Routing, Firewall rules and NAT are taking place on one router.
Steak_N_Eggs
(17 items)
 
ESXi 5.x Server
(13 items)
 
 
CPUMotherboardGraphicsRAM
Intel 2500K @ 4.8GHz 1.36v ASRock P67 Extreme4 Gen3 Sapphire Radeon HD 6970 8GB Corsair Vengeance 1600MHz 
Hard DriveHard DriveOptical DriveCooling
Kingston HyperX 3K 120GB x2 Samsung Spinpoint f3 1TB Donkey with Laser Pointer CoolerMaster Hyper 212+ 
OSMonitorMonitorKeyboard
Windows 8.1 Pro with Media Center 2008 Apple Cinema HD Display 23" Samsung 2443BWX Logitec K750 Solar & Steelseries Zboard 
PowerCaseMouseMouse Pad
Corsair hx650w Corsair Graphite 600t Logitec M705 & Razer DeathAdder IAMS pet food Vet Clinic pad 
Audio
M-Audio Studio LX-4 5.1 
CPUMotherboardGraphicsRAM
AMD FX 8320 Stock ASRock Extreme 3 970 ATX Radeon HD 2400 32GB Corsair Vengeance Black CL9  
Hard DriveHard DriveHard DriveCooling
Seagate 2TB 64MB 7200RPM Seagate 320GB 16MB 7200RPM Seagate 500GB 16MB 7200RPM CoolerMaster GeminII S524 
OSPowerCaseOther
VMWare ESXi 5.1 Corsair CX500 80 Plus CoolerMaster Elite 361 Intel PRO/1000 PT Dual Port Server 
Other
Intel PRO/1000 PT Dual Port Server 
CPUMotherboardGraphicsRAM
Intel Core i7 "Sandy Bridge" @ 2.7GHz Apple Logic Board Intel 3000 8GB Crucial 1600MHz 
Hard DriveOptical DriveCoolingOS
Crucial M4 - 128GB Apple Super Drive Stock OSX Mountain Lion 
OSMonitorKeyboard
Windows 7 Ultimate 64bit 13" Apple IPS Backlit Chiclet 
  hide details  
Reply
Steak_N_Eggs
(17 items)
 
ESXi 5.x Server
(13 items)
 
 
CPUMotherboardGraphicsRAM
Intel 2500K @ 4.8GHz 1.36v ASRock P67 Extreme4 Gen3 Sapphire Radeon HD 6970 8GB Corsair Vengeance 1600MHz 
Hard DriveHard DriveOptical DriveCooling
Kingston HyperX 3K 120GB x2 Samsung Spinpoint f3 1TB Donkey with Laser Pointer CoolerMaster Hyper 212+ 
OSMonitorMonitorKeyboard
Windows 8.1 Pro with Media Center 2008 Apple Cinema HD Display 23" Samsung 2443BWX Logitec K750 Solar & Steelseries Zboard 
PowerCaseMouseMouse Pad
Corsair hx650w Corsair Graphite 600t Logitec M705 & Razer DeathAdder IAMS pet food Vet Clinic pad 
Audio
M-Audio Studio LX-4 5.1 
CPUMotherboardGraphicsRAM
AMD FX 8320 Stock ASRock Extreme 3 970 ATX Radeon HD 2400 32GB Corsair Vengeance Black CL9  
Hard DriveHard DriveHard DriveCooling
Seagate 2TB 64MB 7200RPM Seagate 320GB 16MB 7200RPM Seagate 500GB 16MB 7200RPM CoolerMaster GeminII S524 
OSPowerCaseOther
VMWare ESXi 5.1 Corsair CX500 80 Plus CoolerMaster Elite 361 Intel PRO/1000 PT Dual Port Server 
Other
Intel PRO/1000 PT Dual Port Server 
CPUMotherboardGraphicsRAM
Intel Core i7 "Sandy Bridge" @ 2.7GHz Apple Logic Board Intel 3000 8GB Crucial 1600MHz 
Hard DriveOptical DriveCoolingOS
Crucial M4 - 128GB Apple Super Drive Stock OSX Mountain Lion 
OSMonitorKeyboard
Windows 7 Ultimate 64bit 13" Apple IPS Backlit Chiclet 
  hide details  
Reply
post #6 of 6
Thread Starter 
Unfortunately, none of my hardware supports vlanning.

What ill do is connect my DIR-655 (10.1.2.1) to another switch downstairs. Then hook a port of that switch to the WAN of the WGT624 (10.1.3.1). Ill use another port from the switch to connect to my development box (it needs to be downstairs) so that I can use it on my home network.

Very ghetto, but its the best I can do with typical consumer hardware.
    
CPUMotherboardGraphicsRAM
Intel Core i7 920 @ 4Ghz Rampage II GENE PNY GTX 680 G.Skill Sniper (12GB) 
Hard DriveOptical DriveCoolingOS
Seagate Momentus XT SATA Optical Drive Kuhler 920 Windows 7 Ultimate 
MonitorKeyboardPowerCase
Dell U2410 Logitech G11  Silverstone ST75 750W Antec Mini P180B 
MouseMouse PadOther
Logitech MX518 Steelpad G19 Gaming Headset 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel Core i7 920 @ 4Ghz Rampage II GENE PNY GTX 680 G.Skill Sniper (12GB) 
Hard DriveOptical DriveCoolingOS
Seagate Momentus XT SATA Optical Drive Kuhler 920 Windows 7 Ultimate 
MonitorKeyboardPowerCase
Dell U2410 Logitech G11  Silverstone ST75 750W Antec Mini P180B 
MouseMouse PadOther
Logitech MX518 Steelpad G19 Gaming Headset 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security