How do you use a seperate subnet?

okay, and then there's this problem.


i tried hooking my router to the other router, i set it up and everything, but i could not connect to the net with both routers in line.

the only way to get the firewall from my router to be valuable against possible attacks from the other pc to be hooked to this LAN WAN system, is to hook my router (router 2) to router 1 with the wan socket, right?


how does one get this to work?

In most cases you'd need to make sure that router 1 is setup to hand out DHCP addresses (DHCP server) on it's internal interface, and then need to setup router 2 to get a DHCP address on it's "WAN" interface.

Overall that solution should work... you just gotta figure out what's wrong with your config.

and that would apply the separate sub net as well?

You're trying to make separate subnets using 2 routers. You don't need to do that... in your way you're running into a headache.

The easiest way is to upgrade your router to encorporate VLANs if you can. You can static set the IP addresses on the computer and let the router do the math to figure out where to send the traffic... you'll want an internal DNS server or at least a WINS server. You're getting in deep to get it working.

VLANs will be the easier route to go.

But the question is what are you trying to accomplish? Is this really needed?

i'm trying to prevent traffic from or to the other computer from reaching mine (it belongs to another person and had several viruses on it) while using the same modem for cost reasons.

VLAN's are a great solution if you have a managed switch... however if he's just got the soho routers like most on here do... then he probably won't have access to that type of setup. If he's just looking to separate the two then I don't see why what he's talking about should be all that difficult and should accomplish what he wants.

so, how would i go about setting up the separate sub net and and getting these routers to work together while protecting my pc from the other pc?

Router 1 Config:

External Network (WAN) - set this up to connect to your ISP / internet. These settings should be provided by your ISP, but typically are just a DHCP'd address delivered by the modem. DSL sometimes uses PPPoE however which requires a login / pwd.

Internal Network - The defaults for your router should be fine here, it'll probably default to something like a ip 192.168.1.1 / netmask 255.255.255.0 network basically means internal network is 192.168.1.0 through 192.168.1.255. And it will also normally default to handing out DCHP addresses to the clients to point at itself ( gateway 192.168.1.1) and will usually use have itself doing DNS caching as well (meaning your DNS server is 192.168.1.1 as well). If you can find the DHCP settings in it's configuration that would be ideal, you want to note what range it's going to use to assign (ie 192.168.1.50 - 192.168.1.150) to the internal clients when they connect.

Once you have the above working for your friend / roommate / virus-freak / whatever... then you can move on to working on the internal router.

On the internal, router 2, you'll want something like the below:

External Interface (WAN) - Statically pick an IP address outside of the range that you found in the DCHP list above.... so in our example, pick say 192.168.1.200. The rest of the settings should be something like this:
IP- 192.168.1.200
Netmask: 255.255.255.0 (aka "/24" if they don't use the dot'd format)
Gateway: 192.168.1.1
DNS: 8.8.8.8 and 8.8.4.4 (Google DNS, I prefer it to trying to troubleshoot connecting to some crazy caching dns that may cause more headaches than it's worth)

Internal Network - This MUST be configured to something other than the internal network used in the #1 router. So in this case let's just pick 192.168.2.1. So your settings should be something like the below:

IP: 192.168.2.1
Netmask: 255.255.255.0 (or /24)

You'll then want to setup your DHCP server to hand out the 192.168.2.x addressed to computers that connect inside this network, so basically just set it up to hand out say 192.168.2.50 - 192.168.2.100. It may want to default to caching the DNS itself, but you can again here just use the google ones, 8.8.8.8 and / or 8.8.4.4. Gateway will be 192.168.2.1 (internal ip of the router)

Once you do the above you should be able to connect your computer to the LAN side of router 2, get an IP like 192.168.2.51, gateway 192.168.2.1, and dns set to the google 8.8.8.8 and 8.8.4.4.

Everything should work from here... if you have specific questions on how to set those up I'd recommend looking at the web sites for each of the router's manufactures for the instructions. If you have overall questions / concerns / need clarification / troubleshooting steps just ask here.

Two ways that I can think of that will work.
1.
ISP
|
Modem
|<---WAN port on router
Router1 (set up a 192.168.1.1 - 192.168.1.x subnet 255.255.255.0)
|PC (goes on one LAN port)
|<---WAN Port of router to LAN port on the first router
Router2 (Set up a 10.0.0.1-10.0.0.x subnet 255.255.255.0)
|PC (goes on one LAN port

Then for DNS lookup I set both routers to use "Google DNS", I find their lookups to faster than the ISP's. You can also use another free DNS lookups, or just use your ISP's it will not be that big of a difference.

Nothing from Router1 can get past Router2, unless you port forward. Although anything on router2 can get to Router1's network.

2.
ISP
|
Switch - 5 port (two ports are used, three are unused)
| |
Router Router <-- PC
|
|
PC

This will only work if your ISP allows you more than on IP address. In my case, TWC allows me up to 5 dynamic IP's. However I only use one.

Hopefully this helps!

Or you could just use static IP addresses on each computer, both using different subnets, and connect to the same router for forwarding to the internet. It would require only one router and be a much, much simplier setup... but the other explanations are detailed enough that there is no need to go into it unless one of the others wants to rethink the setup.

Not trying to be picky (cause I'm curious how you'd do that) but I can't say I've seen the ability to define multiple internal interfaces on most soho gear. Ie... they both computers still have to talk to the router, so for that to happen the router would need multiple internal interfaces (either multiple or via alias) on both subnets. I know how to do it on say a Linux / iptables box or most Cisco gear... just not sure how you get that setup in say a uhh... Linksys.

You would need to configure static routes on your computer to point to the gateway. The computers would only be able to communicate to the router and not have direct access to the other computer. While a connection would remain throught the router, the requesting computer would need to know what subnet and IP address of the other computer to find it.

Which is why I said I wouldn't go into all the details on it.  

Hmm... I get that part, still not seeing how you'd IP that so that the machines on seperate subnets would be able to access the gateway. Ie... your gateway needs to be on your subnet, not seeing how you'd have both machines on separate subnets both talking to the router.... unless you mean having one that shares the subnet and one that doesn't... Is this what you're meaning?

Gateway 192.168.1.1/24

Computer #1: 192.168.1.2/30
Computer #2: 192.168.1.10/24

Something like that. I would go with a class B and set static routes pointing to the gateway. The only way they'd find each other is it the request was sent to the router to find other internal computers on differing subnets. That would elminate sharing the same subnet and viruses from spreading.

okay (i had to go on a trip, that's why i'm so late... that and i really don't want my computer connected to the other one   ), so, what i do is

1)turn off files sharing on both pc's
2) se the other pc to have a permanent static ip
3)block that ip with avira and the router
4)make sure work group names for both pc's are different


5)this is the part that gets me

"Modem
|<---WAN port on router
Router1 (set up a 192.168.1.1 - 192.168.1.x subnet 255.255.255.0)
|PC (goes on one LAN port)
|<---WAN Port of router to LAN port on the first router
Router2 (Set up a 10.0.0.1-10.0.0.x subnet 255.255.255.0)
|PC (goes on one LAN port "

how does one do that?


and would that be all that needs be done?

and how do i change the subnet mask? the 255.255.255.0 thing? i suppose i need to i need to change it to? seems that it won't take just any number.

Class A: 255.0.0.0
Class B: 255.255.0.0
Class C: 255.255.255

So your IP address with a class B would be 192.168.x.x instead of a class C using 192.168.1.x.

i still don't get it. O_o

i still don't get it. O_o

Which part are you having issues with here? You'll need to find details on how to "statically assign" the WAN / Public IP address on Router 2. I'd just good for the model # and "users guide". Should help you there. Then you just need to find in the instructions how to change the LAN / local network to something other than the good old 192.168.1.0/24 (aka 255.255.255.0 subnet).

Does that help? If not can you be more specific?

Also to add... there are TWO ways to document the "subnet mask" option... one is "dotted decimal" aka 255.255.255.0... the other way is by it's "bit mask" which represents the binary number of bits set. For your case, all you need to know is that if it wants a 2 digit number, just set it to "24" which is effectively the same as 255.255.255.0.

i got both of the routers to work together. setting a static ip on the computers made it to where i could not connect to the net, so, i didn't do that. i set my dlink router to a different ip address than my trendnet router. i turned off most of the lan options on the dlink router (except for the ones needed for video and windows to work).

is that enough to protect my pc, or does more need to be done?


and about the post with the ip address quote. i was having trouble getting it to let me change the ip address at one point for some reason.

actually, this part i don't get "Router2 (Set up a 10.0.0.1-10.0.0.x subnet 255.255.255.0)
|PC (goes on one LAN port " i'll try it and see if it works.


and it does work. so, is that all that needs be done?

(i should clarify. i've set one router to 192.168.X.X and the second one to 10.0.0.X)



(i apologize for all this. i've been distracted lately)

If you have one on the 192. And another on the 10 then you should be good to go assuming you didnt open up ports on router #2

how do i check for the open ports?

Port forwarding ir firewall options are usually where youd find it. defaults should have it closed so probably not a huge concern.

and do these ips have to be static... well, i guess they are static or otherwise i couldn't find my router online... right?