5punk

I have a question for any of you networking genii biches
I'm pondering a network setup that I've never tried, and wonder if its possible using standard routers & connections.
Can you have an single internet connection with a standard modem router, and then off the back of that use a DSL type router to provide a separate network?

Helpful diagram:


Router A is a D-Link DSL-2640R, connected to a standard ADSL connection, with a single wan IP.
LAN A has a variety of computers and servers attached, and some port-forwarding rules are required to the servers.

Router B would be a D-Link DIR-615, connected to LAN A on it's wan port.
LAN B again has a few PCs, devices etc and servers - again needing some ports (But not necessarily the same ports as the servers on LAN A).
I was thinking of having a static IP set on RouterB's WAN port on LAN A, then setting it's IP as a DMZ on Router A. Both routers need NAT.

LAN B basically "doesn't trust" LAN A, so its not a problem if LAN B can access devices on LAN A, but not vice versa (unless specifically allowed through the firewall on Router B).

Does anyone know if this would work? How would port forwarding work with a DMZ? Ideally I don't want to have to port-forward on both routers to get through to LAN B.

>inb4 Why are you using D-Link shit - Only 'caus I have them lying around already.

It should be doable, I'm pretty sure the DIR-615 has a WAN port so as long as you configure LAN B with different network info from LAN A it should work fine. This is why they're actually Routers and not just Switches. It could potentially complicate things like playing games and hosting servers on LAN B but for the majority of things it'll work just fine.

How many computers are going to be on each LAN? If it's not more than like 10-20, then you could stick with 192.168.xxx.xxx networks, i.e. LAN A could use 192.168.10.xxx and LAN B could use 192.168.20.xxx, so that you can tell by the IP a computer has which network it is on.

Port forwarding will be a bitch because you will have to do it on both routers if you do need to do it at all. If you want LAN A device in the DMZ, that's going to cause a lot of problems, and you'll need to make sure to forward everything that needs to go to B manually. If you want something in LAN B in the "overall" DMZ, then you'd have to set the LAN A DMZ to point to Router B, then have Router B's DMZ set to the right IP.

Did something like this the other day. Works fine. Helps to use different subnet masks if you can be arsed, just to prevent confusion.

Yes. It will work.

Cheers, yep - I just had a quick mess with it plugging the dir615 into my home network and it does work as expected mostly
Accessing the internet works fine from the new network, but i have so far been unable to get port forwarding to work into it. But then again i was having trouble testing it as i havent got enough spare computers to test with. ill experiment more at the office. I'll need to get the port forwarding to work, or the LAN B servers are inaccessible otherwise.

ProfHawking wrote:Cheers, yep - I just had a quick mess with it plugging the dir615 into my home network and it does work as expected mostly
Accessing the internet works fine from the new network, but i have so far been unable to get port forwarding to work into it. But then again i was having trouble testing it as i havent got enough spare computers to test with. ill experiment more at the office. I'll need to get the port forwarding to work, or the LAN B servers are inaccessible otherwise.

The way I have port forwarding set up here at home (as our DSL modem has a built in router, along with our primary one) is to just forward ports from the internet through Router A to Router B, then forward from Router B to the appropriate server. It works well for the most part.

Fix'd

deject wrote:

ProfHawking wrote:Cheers, yep - I just had a quick mess with it plugging the dir615 into my home network and it does work as expected mostly
Accessing the internet works fine from the new network, but i have so far been unable to get port forwarding to work into it. But then again i was having trouble testing it as i havent got enough spare computers to test with. ill experiment more at the office. I'll need to get the port forwarding to work, or the LAN B servers are inaccessible otherwise.

The way I have port forwarding set up here at home (as our DSL modem has a built in router, along with our primary one) is to just forward ports from the internet through Router A to Router B, then forward from Router B to the appropriate server. It works well for the most part.

What deject said. I too would favour doing it with port forwarding rather than the lazy DMZ method which just forwards every single port.

Until bobbins clarified the diagram I was a little curious as to why you trusted the entire of the internet more than you trusted the machines on LAN A (as you say you want LAN B's servers to be accessible). I assume you don't want LAN A to have NetBIOS/media sharing access to LAN B as opposed to not having any access - again port forwarding only what you need is the answer - but LAN A would still be able to access LAN B's servers via the internet.