3 Router Setup with 2 private lans and 1 public lan

zxedxz

Honorable
Sep 4, 2013
3
0
10,510
I have searched everywhere and still couldn't find any answer. I would really appreciate if anyone can help me. Here is the scenario.
1) I want to share one single cable internet.
2) 1 private lan for my brother that live upstair. (He have 2 pc and home office and access must be blocked for me)
3) 1 private lan for me. (I run some z-wave home automation and host some files for download)
4) We have ip camera that I want to connect to 1 public lan which can be accessed for both of us. We also have a LAN hard drive server which we use to share medias and must be accessible for both of us.

Can this be done? I read that I can have 3 routers. One used to connect to the modem and then connected to the 2 other routers. However, does this allow access to any peripheral connected to the 1st router? (Since they have different subnet, 192.168.1.1, 192.168.2.1, 192.168.3.1)

Thank you so much tomshardware
 
Solution
You need to have multiple NIC's in your computer (wired and/or wireless) to accomplish this.

The first router, would be the public one. Cabling from this router should go to the other 2 routers (input goes to the WAN port), and they should be setup as if they were connected directly to the cable/dsl modem. This makes the private LAN, and cabling from those routers should go to the PC's.

You will need to run cabling and/or wireless on the public lan to both computers as well. One NIC to the private LAN, one NIC to the public lan. Do not bridge the connections, and make sure that sharing it turned off on the public LAN.
You need to have multiple NIC's in your computer (wired and/or wireless) to accomplish this.

The first router, would be the public one. Cabling from this router should go to the other 2 routers (input goes to the WAN port), and they should be setup as if they were connected directly to the cable/dsl modem. This makes the private LAN, and cabling from those routers should go to the PC's.

You will need to run cabling and/or wireless on the public lan to both computers as well. One NIC to the private LAN, one NIC to the public lan. Do not bridge the connections, and make sure that sharing it turned off on the public LAN.
 
Solution
You can likely get it to work the way you want using 3 standard commercial router as long as they have the ability to put in a static route.

It will be much easier to use a real router (the things most people call routers are really gateways). The cheapest way to do this is to load dd-wrt on a router. The vast majority will let you assign the lan ports to different networks and define multiple SSID and also put them in different networks. You can then use traffic filtering rules to prevent or allow traffic between the networks. I fairly powerful router to do this since you are doing much more than your standard router. I like the ASUS line of routers they have lots of memory and fast processor and of course support dd-wrt.
 

zxedxz

Honorable
Sep 4, 2013
3
0
10,510
THank you so much for the suggestions. I have read an article online regarding this. Here is a diagram of the setup.
two_private_lans.gif


If I connect a peripheral to the middle router that connects to the modem, Can I still access it from both private lan?
 

zxedxz

Honorable
Sep 4, 2013
3
0
10,510
Thank you guys. I read the suggested thread and it basically mentions the same setup on the diagram I posted. So my only questions is, Can i still access the devices from subnet 192.168.1.1 when my pc subnet is 192.168.2.1?
 
Using your diagram and assuming you have not put any firewall rules in. All machines in 192.168.2.x ans 192.168.3.x can access any 192.168.1.x device. They can not however access between 192.168.2.x and 192.168.3.x because of nat unless you configure port forwarding.
 

DaveNet

Reputable
Jul 21, 2015
1
0
4,510
[hope the thread is not dead] I have a follow-on question/scenario. In addition to the above:

I would like devices on the 192.168.1.x subnet to be able to access devices on the 192.168.2.x network. I'm thinking static routes but can figure out what they would be.