Forum Thread

How to set up 2 networks with two routers on one modem?

chewspam 7,238 1,820 February 17, 2013 at 07:39 AM
So here's what I want to do. I want to use my existing modem and router. The modem is a modem and router, but I have turned wireless off and am using it as a bridge to the router. DHCP is still enabled on the modem, but I don't know if that makes a difference. Currently, I use my wirelss computers to connect to the router and get online and access files on my PC which is wired to the router (router 1). I have another router (router 2) that I want to connect to a lan port on router 1. I want router 2 to broadcast it's own network SSID and allow access to the internet. I want router 1 to broadcast it's own network SSID and connect to the wired PC and the internet. Is this possible, and how do I do it? I'm using dd-wrt on both routers. I've searched the dd-wrt forums, and haven't found anything specifically like this setup.

Code:
_________     ___________      ___________
|              |      |                |       |                 |
| modem  |------|   router1   |-------|   router2    |
|________|      |_________|       |__________|
                             |      |            |
                             |      |            |
                             |      |            |
                      ____  _____        _____
                      | PC || web |        | web |
                      |____||____|        |_____|

Modem: DHCP enabled (don't know if that matters)

Router1:  DHCP enabled
	  192.168.1.1
	  SSID = Router 1
	  Purpose:  Connect to internet and shared folders

Router2:  DHCP enabled
          192.168.10.1
	  SSID = Router 2
	  Purpose:  Connect to internet only

18 Comments

1 2

Sign up for a Slickdeals account to remove this ad.

#2
Quote from chewspam View Post :
So here's what I want to do. I want to use my existing modem and router. The modem is a modem and router, but I have turned wireless off and am using it as a bridge to the router. DHCP is still enabled on the modem, but I don't know if that makes a difference. Currently, I use my wirelss computers to connect to the router and get online and access files on my PC which is wired to the router (router 1). I have another router (router 2) that I want to connect to a lan port on router 1. I want router 2 to broadcast it's own network SSID and allow access to the internet. I want router 1 to broadcast it's own network SSID and connect to the wired PC and the internet. Is this possible, and how do I do it? I'm using dd-wrt on both routers. I've searched the dd-wrt forums, and haven't found anything specifically like this setup.

Code:
_________     ___________      ___________
|              |      |                |       |                 |
| modem  |------|   router1   |-------|   router2    |
|________|      |_________|       |__________|

Modem: DHCP enabled (don't know if that matters)

Router1:  DHCP enabled
	  192.168.1.1
	  SSID = Router 1
	  Purpose:  Connect to internet and shared folders

Router2:  DHCP enabled
          192.168.10.1
	  SSID = Router 2
	  Purpose:  Connect to internet only
Yes its possable, its double Nating, I do it all the time. All you need to do is setup router 2 like you would any other router, plug a cable from one of router1's lan port in to the wan port of router2.

I think it will be possible though for devices on router2 to access shares on router1. I would consider reversing your setup and putting your shared folders on router2.
Reply Helpful Comment? 0 0
....


...
Joined Dec 2007
Grand Poobah of the LD
7,238 Posts
1,820 Reputation
Original Poster
#3
Quote from mrbobhcrhs View Post :
Yes its possable, its double Nating, I do it all the time. All you need to do is setup router 2 like you would any other router, plug a cable from one of router1's lan port in to the wan port of router2.

I think it will be possible though for devices on router2 to access shares on router1. I would consider reversing your setup and putting your shared folders on router2.
Thanks. In order to set this up, what do I need to do. I currently have the IP address of router 1 set to 192.168.1.1. Should I connect the modem to router 2 and set it up as 192.18.2.1 so that I can access both routers when the lan from router 1 is plugged in to the wan from router 2? Should DHCP be enabled for everything?
Reply Helpful Comment? 0 0
Quote from vviles View Post :
This ordeal is like a fire tempering a sword. It's making chewy even tougher. If he got leprosy and his arm fell off, he'd beat the shit out of a bear, dip his stump in lemon juice and sew it back on with his good hand.
Joined Feb 2007
L10: Grand Master
7,354 Posts
2,746 Reputation
#4
What you want is a "guest" network.... easiest way is to buy a router that does that.


See NAT does not care and it will be hard to implement and segregate with the two routers you have .

IF one of the routers allows you to do just an AP (NO ROUTING) then you could isolate the second network... and assign the original default gateway for Internet.... most consumer router don't let you turn off routing and go straight AP. Also make sure the subnet mask is different to further isolate the networks.

Bottom line probably be less frustrating to have a wireless router with built in "guest network" capability.

Also you only need DHCP when you want dynamically assigned clients. Otherwise turn it off.
Reply Helpful Comment? 0 0
Last edited by boltman2007 February 17, 2013 at 08:00 AM
Joined Dec 2007
Grand Poobah of the LD
7,238 Posts
1,820 Reputation
Original Poster
#5
Quote from boltman2007 View Post :
What you want is a "guest" network.... easiest way is to buy a router that does that.


See NAT does not care and it will be hard to implement and segrgate with the two routers you have .

IF one of the routers allows you to do just an AP (NO ROUTING) then you could isolate the second network... and assign the original default gateway for Internet.... most consumer router don't let you turn off routing and go straight AP. Also make sure the subnet mask is different to further isolate the networks.

Bottom line probably be les frustrating to have a wireless router with built in "guest network" capability.

Also you only need DHCP when you want dynamically assigned clients. Otherwise turn it off.
I'm not sure if my routers will do that. How do I set up the subnet masks differently? I currently have one set up for OpenDNS.
Reply Helpful Comment? 0 0
#6
Quote from chewspam View Post :
Thanks. In order to set this up, what do I need to do. I currently have the IP address of router 1 set to 192.168.1.1. Should I connect the modem to router 2 and set it up as 192.18.2.1 so that I can access both routers when the lan from router 1 is plugged in to the wan from router 2? Should DHCP be enabled for everything?
Ok so you know how to setup the router from the modem. Just do it again with router2 and change the network ip to 192.168.2.1


Though as boltman2007 said if your goal is a guest network (I have no idea what your goal is) A few routers already have them and its probably simpler just to get one that does it.
Reply Helpful Comment? 0 0
Joined Feb 2007
L10: Grand Master
7,354 Posts
2,746 Reputation
#7
Quote from chewspam View Post :
I'm not sure if my routers will do that. How do I set up the subnet masks differently? I currently have one set up for OpenDNS.
You are using private addresses so you can pick any subnet you want...


192.168.1.0 w/ 255.255.255.0 is a different network from 192.168.1.0 with 255.255.254.0

DHCP assigns the IP and subnet mask.

Then you need a router to get from one network to another (Thats why turning off routing would isolate it)

This has nothing to do with OpenDNS...as DHCP could assign client DNS addresses.
Reply Helpful Comment? 0 0
#8
Changing your subnet mask does not change your network. But since the op would be natting the 2nd network it would not matter anyway. I would still do one as .1.0 and the other network as 2.0 for ease of management.
Reply Helpful Comment? 0 0

Sign up for a Slickdeals account to remove this ad.

Joined Feb 2007
L10: Grand Master
7,354 Posts
2,746 Reputation
#9
Quote from mrbobhcrhs View Post :
Changing your subnet mask does not change your network. But since the op would be natting the 2nd network it would not matter anyway. I would still do one as .1.0 and the other network as 2.0 for ease of management.

Incorrect... different sub-net definitely change's the network that's all what CIDR is about

192.168.1.0 /24 is different network/host division from 192.168.1.0 /25 so it is a different (sub) network

192.168.1.0 and 192.168.2.0 w/ 255.255.255.0 are same network... OP wants to segregate (sub)networks. Different subnet mask is one way.

The other would be a different private range (note the different subnet masks)

RFC1918 name IP address range number of addresses classful description largest CIDR block (subnet mask) host id size mask bits
24-bit block 10.0.0.0 - 10.255.255.255 16,777,216 single class A network 10.0.0.0/8 (255.0.0.0) 24 bits 8 bits
20-bit block 172.16.0.0 - 172.31.255.255 1,048,576 16 contiguous class B network 172.16.0.0/12 (255.240.0.0) 20 bits 12 bits
16-bit block 192.168.0.0 - 192.168.255.255 65,536 256 contiguous class C network 192.168.0.0/16 (255.255.0.0) 16 bits 16 bits

Thats what OP needs is a different (sub)network or network so it would require routing to send data from network to network

That is why they need the second access point to be an AP only (no routing) to truly segregate the traffic as in a guest network.
Reply Helpful Comment? 0 0
Last edited by boltman2007 February 17, 2013 at 09:45 AM
#10
Quote from boltman2007 View Post :
192.168.1.0 /24 is different network/host division from 192.168.1.0 /23 so it is a different (sub) network

192.168.1.0 and 192.168.2.0 w/ 255.255.255.0 are same network... OP wants to segregate (sub)networks.
A /23 would be a super net on a class C and go from 192.168.0.0-192.168.1.255
A /23 would be a normal class c and go from 192.168.1.255. So they would conflict in the 192.168.1.0 network. Unless I'm really missing something its been a while since I did my cisco class.

OP what is your goal? Why are you doing this? It would better help answer how to do things.
Reply Helpful Comment? 0 0
Last edited by mrbobhcrhs February 17, 2013 at 09:40 AM
Joined Oct 2004
facebook = malware
12,296 Posts
4,912 Reputation
#11
FWIW, here's what I do.

I have a guest router (dd-wrt) that's daisy chained via its WAN port behind my primary router. So yes, the guest network is double NAT'd. This works fine except for one thing; clients of the guest network have access to any upstream resources, including the private network on the primary router. To prevent this, you can add the following two lines to the firewall of the guest router:

iptables -I INPUT -i br0 -d `nvram get lan_ipaddr` -j DROP
iptables -I FORWARD -i br0 -o `nvram get wan_iface` -d `nvram get wan_ipaddr`/`nvram get wan_netmask` -j DROP

Note, although it makes it harder to read/understand, I’ve made extensive use of variables so it works w/ any network configuration.

What this does is deny access to the upstream network's IP range by clients of the guest network. The ONLY thing guests can do is access the internet.

Just make sure the two networks are different. For my private network, it’s 192.168.1.x. For the guest network, it’s 172.16.1.x. I also define a static IP from the private network on the guest router’s WAN, specify the primary router as the gateway IP, and enable HTTP access from the guest router’s WAN side so I can easily administer it without having to connect to it from the LAN side.

And when you don’t want to have guest users, you simply turn off the radio, or pull the plug on the guest router.
Reply Helpful Comment? 0 0
Last edited by eibgrad February 17, 2013 at 06:14 PM
"That means that no matter how we reform health care, we will keep this promise to the American people: If you like your doctor, you will be able to keep your doctor, period. If you like your health care plan, you'll be able to keep your health care plan, period. No one will take it away, no matter what."
-- Barack Obama, speech to the AMA, June 15, 2009
Joined Feb 2007
L10: Grand Master
7,354 Posts
2,746 Reputation
#12
Quote from mrbobhcrhs View Post :
A /23 would be a super net on a class C and go from 192.168.0.0-192.168.1.255
A /23 would be a normal class c and go from 192.168.1.255. So they would conflict in the 192.168.1.0 network. Unless I'm really missing something its been a while since I did my cisco class.
You are correct I meant /24 and /25 that would be sub-netting not supernetting

Quote from eibgrad View Post :
FWIW, here's what I do.

I have a guest router (dd-wrt) that's daisy chained via its WAN port behind my primary router. So yes, the guest network is double NAT'd. This works fine except for one thing; clients of the guest network have access to any upstream resources, including the private network on the primary router. To prevent this, you can add the following two lines to the firewall of the guest router:

iptables -I INPUT -i br0 -d `nvram get lan_ipaddr` -j DROP
iptables -I FORWARD -i br0 -o `nvram get wan_iface` -d `nvram get wan_ipaddr`/`nvram get wan_netmask` -j DROP

Note, although it makes it harder to read/understand, I've made extensive use of variables so it works w/ any network configuration.

What this does is deny access to the upstream network's IP range by clients of the guest network. The ONLY thing guests can do is access the internet.

Just make sure the two networks are different. For my private network, it's 192.168.1.x. For the guest network, it's 172.16.1.x. I also define a static IP from the private network on the guest router's WAN, and enable HTTP access from the guest router's WAN side so I can easily administer the it without having to connect to it from the LAN side.

And when you don't want to have guest users, you simply pull the plug on the guest router.

Iagree

Best way to do it with your current setup...essentially using the firewall to segregate traffic for "guest network" and using different network IDs
Reply Helpful Comment? 0 0
Last edited by boltman2007 February 17, 2013 at 09:46 AM
#13
Quote from boltman2007 View Post :
You are correct I meant /24 and /25 that would be sub-netting not supernetting




Iagree

Best way to do it with your current setup...essentially using the firewall to segregate and different networks.
OK got you Smilie

If he plans on daisy chaining the routers he will still run in to issues as he has 2 dhcp servers. If he goes that method he should setup a vlan on port one of router 1 that connect to router 2 to seperate them.
Reply Helpful Comment? 0 0
Joined Oct 2004
facebook = malware
12,296 Posts
4,912 Reputation
#14
Quote from mrbobhcrhs View Post :
OK got you Smilie

If he plans on daisy chaining the routers he will still run in to issues as he has 2 dhcp servers. If he goes that method he should setup a vlan on port one of router 1 that connect to router 2 to seperate them.
Multiple DHCP servers is only an issue if daisy chained LAN to LAN. I'm recommending LAN to WAN (of the guest router). So it's a non issue.
Reply Helpful Comment? 0 0
#15
Quote from eibgrad View Post :
Multiple DHCP servers is only an issue if daisy chained LAN to LAN. I'm recommending LAN to WAN (of the guest router). So it's a non issue.
Yea your double natting and using acl's to prevent the guest from accessing the other network kind of like a vlan.
Reply Helpful Comment? 0 0
Page 1 of 2
1 2
Join the Conversation
Add a Comment
 
Copyright 1999 - 2016. Slickdeals, LLC. All Rights Reserved. Copyright / Infringement Policy  •  Privacy Policy  •  Terms of Service  •  Acceptable Use Policy (Rules)  •  Interest-Based Ads
Link Copied to Clipboard