lan to wan Setting up 2nd Home LAN

[kbdavis]

I am currently building a house and I've moved in with family for the time being. I want to keep our networks separate and I am running into some issues.

 

I have 2 routers. Router 1 (R1), which is what is connected directly to the ISP, is working fine. I am trying to connect R2's WAN to R1's LAN, and here is what I currently have configured:

 

Router 1

Gateway: 192.168.0.1
Subnet: 255.255.255.0

Set up static IP to R2 as: 192.168.0.253

 

---------------------------------

 

Router 2 

 

I guess for some reason I thought that on the LAN TCP/IP settings that the IP (which is the 10.0.0.1) should have matched the first image of 192.168.1.1, but when I use this the router resets it to the 10.0.0.1 after I update it.

 

With it being it's own network, I am keeping DHCP active on R2.

 

Can someone tell me what I'm not doing properly here? I've also tried using a subnet of 255.255.255.128 on R2 without much success. I can connect to R2's admin page but it has no internet.

[LIGISTX]

21 minutes ago, kbdavis said:

I am currently building a house and I've moved in with family for the time being. I want to keep our networks separate and I am running into some issues.

 

I have 2 routers. Router 1 (R1), which is what is connected directly to the ISP, is working fine. I am trying to connect R2's WAN to R1's LAN, and here is what I currently have configured:

 

Router 1

Gateway: 192.168.0.1
Subnet: 255.255.255.0

Set up static IP to R2 as: 192.168.0.253

 

---------------------------------

 

Router 2 

 

I guess for some reason I thought that on the LAN TCP/IP settings that the IP (which is the 10.0.0.1) should have matched the first image of 192.168.1.1, but when I use this the router resets it to the 10.0.0.1 after I update it.

 

With it being it's own network, I am keeping DHCP active on R2.

 

Can someone tell me what I'm not doing properly here? I've also tried using a subnet of 255.255.255.128 on R2 without much success. I can connect to R2's admin page but it has no internet.

So…. This isn’t really a “preferred” config since you are inducing a double NAT situation in the R2 domain. But if you want to get it working, you should set R2 to use DHCP on the WAN side since it’s getting an IP from R1 (or you can set it static, but it has to reside within R1’s subnet, which you have as 192.168.0.x, but in the screenshot you set it to 192.168.1.1, try 192.168.0.254 (254 is the highest number that can be used in R1’s subnet, likely it hasn’t tried to hand out that IP yet so you won’t try and assign an IP that has already been assigned by R1’s DHCP server)).

 

Back to the issue of double NAT… it’s not the most fun situation. It does work, but it can cause fun problems (not fun problems…). What is the purpose of this? What is the concern your trying to mitigate? The correct way to do this is with multiple subnets and 1 single firewall. But that isn’t something a standard consumer router can do. 

[kbdavis]

Thanks for the response. I was just able to get it working with these settings:

 

 

Guess I needed to keep the gateway the same for R2 as it is for R1, and set R2's WAN IP to the static IP from R1.

 

19 minutes ago, LIGISTX said:

Back to the issue of double NAT… 

Wouldn't each network have control over its own NAT? I suppose if I really needed to I can go LAN to LAN and disable DHCP on R2.

 

The major intent is to use R2's WiFi to keep the family's devices connected to the same SSID and my devices connected to R1's SSID without having to change everyone's devices. The reason I preferred to have separate networks is just simply because I don't want to see all of their devices. Not a huge deal, but if I could make it work then it would be nice.

 

And I know someone out there will say that this is a selfish approach by taking up more WiFi channel real estate from my neighbors - but I've disabled the 5G radio on R2 and the 2.4GHz radio on R1, essentially not taking any more channels than a single dual router would.

[LIGISTX]

4 minutes ago, kbdavis said:

Thanks for the response. I was just able to get it working with these settings:

 

 

Guess I needed to keep the gateway the same for R2 as it is for R1, and set R2's WAN IP to the static IP from R1.

 

Wouldn't each network have control over its own NAT?

Yup, had to get R2 on an IP that can talk to R1 (.0.x, .0.253 works fine, clearly). 

Yes, things will get internet and it’ll work. But devices will not know they are in a double nat, and UPNP for instance will not work since devices will open a port in R2 but that won’t translate up to R1, and other services won’t/may not work either. Google double NAT, plenty of articles will pop up

 

But, again, what are you trying to accomplish by this? Can’t offer proper advice without understanding the need. I run a pfsense router with multiple subnets… I understand why folks may want this, but without your specific use case all I can really say is “just don’t do this”. If you have a specific reason to do it, that’s fair, but what is it? Maybe there are other ways to do what your looking to accomplish. 

[kbdavis]

2 minutes ago, LIGISTX said:

But, again, what are you trying to accomplish by this? Can’t offer proper advice without understanding the need. I run a pfsense router with multiple subnets… I understand why folks may want this, but without your specific use case all I can really say is “just don’t do this”. If you have a specific reason to do it, that’s fair, but what is it? Maybe there are other ways to do what your looking to accomplish. 

Sorry I updated my post while you were in the process of responding, so you probably didn't see it.

 

Quote

The major intent is to use R2's WiFi to keep the family's devices connected to the same SSID and my devices connected to R1's SSID without having to change everyone's devices. The reason I preferred to have separate networks is just simply because I don't want to see all of their devices. Not a huge deal, but if I could make it work then it would be nice.

 

And I know someone out there will say that this is a selfish approach by taking up more WiFi channel real estate from my neighbors - but I've disabled the 5G radio on R2 and the 2.4GHz radio on R1, essentially not taking any more channels than a single dual router would.

 

[LIGISTX]

16 minutes ago, kbdavis said:

The major intent is to use R2's WiFi to keep the family's devices connected to the same SSID and my devices connected to R1's SSID without having to change everyone's devices. The reason I preferred to have separate networks is just simply because I don't want to see all of their devices. Not a huge deal, but if I could make it work then it would be nice.

 

And I know someone out there will say that this is a selfish approach by taking up more WiFi channel real estate from my neighbors - but I've disabled the 5G radio on R2 and the 2.4GHz radio on R1, essentially not taking any more channels than a single dual router would.

Ok, understood. While I do think this is a strange and funny use case, to each their own

 

What I would recommend here is to not set up multiple firewalls which is what you are effectively doing here. Each router has a firewall between WAN and LAN, and that is what causes the double nat situation. If all you want is separate Wifi, you should be able to turn the router into effectively just a wifi AP (access point).

 

To do this, every router is a bit diff, but you will want to put R2 in bridge mode, or DMZ mode, just depends what they call it. This will effectively turn off the firewall and basically just act as a switch. Then you can still set your secondary SSID for things to connect to via wifi, and it all should be happy, think. I have only ever done this with using the same SSID and same subnet. I know enough about networking to be dangerous, but I am no outright expert...

[kbdavis]

13 minutes ago, LIGISTX said:

Ok, understood. While I do think this is a strange and funny use case, to each their own

Here's a practical example. My wife works from home and does a bit of printing for work. Instead of using the family's injet printer, we brought our home office laser printer that is more economical for a work environment. Windows 10 has the nasty habit of adding printers it doesn't even have the drivers for - simply because it sees it on the network. This was essentially my reasoning to go this way.

 

Again, not a big deal. But if it was avoidable then I figured why not. However if it would cause NAT issues then it's not a big issue to just do a LAN-to-LAN and run a single network, I was just wanting to prevent random devices showing up on everyone's PCs from both sides of household

[LIGISTX]

11 minutes ago, kbdavis said:

Here's a practical example. My wife works from home and does a bit of printing for work. Instead of using the family's injet printer, we brought our home office laser printer that is more economical for a work environment. Windows 10 has the nasty habit of adding printers it doesn't even have the drivers for - simply because it sees it on the network. This was essentially my reasoning to go this way.

If you put R2 on bridge mode, you plug it’s WAN into R1 lan as before, and theoretically you are just creating a new subnet and things should be happy.

 

That said, in this setup, I am not fully sure if all things will be totally happy. They will be more happy then if R2 is not in bridge mode, but I just don’t know quite enough to say beyond that.