Sign in with
Sign up | Sign in
Your question

Connecting two routers, sharing internet connection of router A with router B while keeping networks A and B separate?

Last response: in Networking
Share
August 5, 2013 10:01:20 AM

Hi!

I have recently gotten my hands on new hardware and would like to do the following:

I have cable internet. It's currently being distributed in my house by (WiFi) router A which has a built-in cable modem. Some devices are connected to it wirelessly while my main computer and adjacent devices are connected to it by a long ethernet cable with an 8-port switch at its end.

Now I would like to add (WiFi) router B to that switch and share my internet connection through a publicly accessible wireless connection as the switch is conveniently located at the street-facing side of the house. Router B should be set up in a way that the devices connected to router A can not be accessed by the public wireless users.

Currently, I have connected everything as by the following schematic:



Unfortunately I'm not very well-read regarding networking and would like to know if what I want to do is possible at all and what the setup optimally should look like.

Again, in short:
-Router B shall have access to router A's internet connection
-Router B shall provide internet through public wireless access
-Router B's users shall not be able to access devices that are connected to router A


From what I was able to find out and given that router B will not be used for anything other than public internet, I think keeping router B on a completely different network could be a simple solution for it (e.g. router A uses 192.168.0.x and router B uses 192.168.1.x). Would that be a good idea?

Thank you for your help!

F.
August 5, 2013 10:19:16 AM

You cannot do this with you run of the mill consumer routers. You need to have your "router a" be able to create a separate network between itself and router B. Then it must also prevent traffic between these networks normally with a firewall type of setup.

You can get more advanced routers or use something like dd-wrt. Although pretty simple for someone with a solid network background you need to understand the concept of vlans and subnet masks to be able to implement this.

Note I would not recommend you ever share your internet with someone you do not trust (even someone you trust can be a problem). It will always be you that has to deal with any complaints of misuse of the internet. Gets to be is it really worth always having to be prepared to prove you are not guilty of some wrong doing.....and there are somethings that just getting accused of will hurt you for the rest of your life.
August 5, 2013 10:33:55 AM

Since you only have an unmanaged switch the VLANs are out of question :( 

What is the make/model of the WiFi router? You need to specify the default route in the wireless router to the router that is connected to the internet. If you had cisco gear then I can tell you the commands to use otherwise you're going to have to consult your routers manufacturer.
Note that you may not be able to do it with your router as previously stated.

As for blocking, you would use a firewall to block all protocols to certain networks. In the cisco world it would be done using Access Lists (Standard). Your default subnet masks should be fine just as long as their is a different ip subnet between each network with the router being the dividing line.

Josh :) 
Related resources
August 5, 2013 12:10:21 PM

Thank you for your answers!

Router B is a TP-LINK TL-WR841N that will be running a slightly modified version of OpenWRT.

Router A is a FRITZ!Box 6360. They are fairly popular around central Europe and pretty powerful for consumer devices, especially compared to those that come as a standard device with your internet contract, but I doubt that that's a fact that'll help me here. :) 
These devices are usually open to extensive modding but that unfortunately doesn't apply to the model with the built-in cable modem.
August 5, 2013 7:29:03 PM

You only protection is though ignorance. since the wan interface on router B is on the same network as all the other machines they can talk. All traffic coming from the wireless will appear to come from that one address. you could put it on some strange subnet like 10.123.111.x or use one of the subnets assigned to the military since there are no sites you will even access with those ip so you can duplicate them in your network. As long as you told nobody your server ip its unlikely they would ever find them.

To do it correctly you would need to insert a device between the internet and this second network. maybe you could bridge your main router and then hook everything to the second router. If it has the feature it should be able to run 2 lan networks and you could assign lan ports and SSID to one network and different lan ports and ssid to the other network. It all depends if the openwrt has the ability to run vlans. If it does it generally can build 2 networks in the same device and it generally can restrict traffic. I know the dd-wrt versions can do this but it also is somewhat hardware dependant. There are some routers that all lan ports must be on the same network because of hardware limitations.
August 5, 2013 8:05:43 PM

Thanks again!

I just found out that we actually have a VLAN-capable switch lying around. That's another new topic for me but would it help with my plan?
August 6, 2013 4:34:06 AM

You would need to setup trunk ports on both router ports on the switch and then I would configure sub interfaces for each interface. Again If your router is limited then VLANs will not help

Josh
!