Expanding a network with a router

[Alir]

Q1: I'm planning on expanding a pre-existing network with a new router. Would the new router/LAN be treated as an individual network?

 

Q2: Can I re-use the router if I decide to purchase another broadband-service later? I know the answer is probably yes, but I already have another spare router lying around and I couldn't get it to work - I don't have any of the original documentation or manuals.

 

Q3: If I set up a cloud server on the new network, would I have to open up ports on the core router also to enable access from the outside world?

 

Q4a: What ways are there to connect a hard drive to this new router and then share that hard drive with my laptop and desktop? I would like to have a backup system where it created images of all my drives periodically. Though I am inclined not to go with this due to the privacy concerns. From my understanding, I'd need a NAS, opening up a can of privacy-concerning worms. Possibly real life computer worms. My main concern would be that these drives that I would like to backup would have to be accessible by all other devices on the network?

 

Q4b: How can I share the hard drive across my desktop and laptop (Minus the NAS or automatic backup part - I'd have to do it manually)? I've been wanting to do this in the past but the privacy concerns and my lack of networking knowledge have prevented me from doing this. I would like to do this by:

1) Eliminating any privacy concerns in regards to a compromised router or compromised device accessing these partitions. My desktop runs Windows and laptop runs Linux. Both backup images will be sent to a RAID 1 (mirrored) hard drive configuration which both will have 2 partitions, 1 for the Windows images and the other for the Linux images. The reason for this is to prevent the Windows machine from accessing the Linux files - I'm weary of Windows viruses such as Windows 10 . On top of that, I don't want the Windows machine to have ANY access whatsoever to the Linux backup partition and vice versa!

2) Not granting other family users access to these drives; and their devices also. Reason being, if a device which is infected, is connected to this router, I don't want that device to have access to these drives AT ALL. I will therefore want some kind of extra login system to prevent the hard drives from being tampered with or formatted, if this is possible.

So to conclude: 2 HDD partitions connected to a Linux and Windows machine. I don't want the Windows partition to have access to the Linux partition or the Linux partition access to the Windows partition (to prevent a rare Linux virus getting from my Windows-Linux, for paranoia reasons). I also don't want any other device that gets connected to this router to have access to these partitions.

If this is not possible, I'd probably resort to a RAID 1 config just backing up my Linux machine via USB and a separate cheap Desktop Hard Drive (non-RAID) backing up my Desktop files. My desktop will only really be used for gaming anyways.

 

Q4bi) Alternatively, I could connect the hard drive to two computers at the same time with a USB cable, eliminating the whole networking mess, but from my understanding, this is impossible? I imagine it could cause conflicts as well.

 

Q5) If the RAID 1 config has 2 HDDs of different brands, would there be some sort of way for some kind of malware or worm to infect the other partition, maybe through the firmware? I mentioned two different brands because it would surely complicate matters or make it impossible for the firmware of one to be infected, without also infecting the other, right? And thus it would be impossible since the 2 HDDs would only be seen as 1? I understand firmware-infections are less than rare, but I like to be extra careful. This isn't really even necessary when I could just buy another dedicated desktop hard drive just for backing up my games. But that would cost me another £70 or so.

 

 

try and keep the answers short, if possible. Wouldn't want to waste too much of your times.

 

http://www.cnet.com/news/nsa-planted-surveillance-software-on-hard-drives-report/

[BringBackLCT]

I would totally do it... I have a tall house so I have to run 2 routers. I am using Archer C9s from TP-Link and they are the best. They are so easy to setup and they never fail me... Highly recommended

[BOT Edward]

Alrighty then, i'm not 100% with the NAS related side but I can certainly help with the network related stuff.

 

Firstly, you CAN use the 2nd router on your existing network, reasons why it might not have worked as the primary router would be because you havn't punched in the correct ADSL login (usually account holder email with service provider + given password) OR it may even have the firmware locked down to only accept a single ISP and you have changed ISP.

 

It would be best to create a DHCP reservation for the 2nd router and set it as the DMZ, this basically opens everything up for that IP address, meaning when you have the second router on with the Uplink being given that IP reservation for DMZ you will have the entire subnet on the 2nd router as DMZ provided you configure the settings on the 2nd router as well to open all existing ports. This will allow you to run cloud services on devices using the 2nd router.

 

Any external facing services such as a webserver/ cloud storage server/ etc should be operating on router 2's network. This segregates the 2 networks meaning if there was an intrusion it would typically go to the router 2 network as that is the "honeypot" where your outwards facing stuff is (please make sure to use proper authentication for managing of services).

If you have the Nas on router 1's network you can use it with other devices and it is less likely to be the target of an attack.

 

See below for summary

 

 

Router 1 has network with IP range 192.168.0.2-192.168.0.254

Devices connected are user devices (computer/mobile/etc)

 

Router 1 has a reserved address for router 2's uplink 192.168.0.1, this is set as the DMZ

 

Router 2 connects to router 1 and gets reserved IP 192.168.0.1

Router 2's network range should be different so it's easily identifiable. say 192.168.1.1-192.168.1.254

Devices connected are outwards facing (External) such as web server/cloud server/etc.

 

 

 

Hope this helps man!

 

 

[suchamoneypit]

26 minutes ago, Alir said:

Q1: I'm planning on expanding a pre-existing network with a new router. Would the new router/LAN be treated as an individual network?

 

Q1:  if you are dropping the old router and simply putting in the new one, then yes, all the devices under this new router will be on one network together. If you talking about using both the new and old router, then it would create two networks.

 

Q2: Reuse the router for what? what do you mean by purchasing another broadband service? most services you pay form send the service to a cable which is connected to a modem, which in turn is then connected to your router, which all devices are then connected to either directly or via a switch (which is connected to the router).

 

Q3: Probably, yes, its dependant on what service/program you use to do it.

 

Q4a: Higher end routers like my Netgear R7500 do have eSATA connectors for this exact purpose, although I have never used it.

 

Q4b: As stated in 4a, I haven't done it before, I just know it can be done.

 

Q4bi: You can simply network share a drive on one PC, and then with the proper credentials, share this drive over your network, transfering information using your LAN's ethernet cables which give you internet access. On my Server's boot SSD, I have partioned 15GB of its space and then network shared it to easily transfer files about my computers using my network  ( have gigabit cables greatly increases transfer speeds). Using a USB cable to do this is not the way to do it.

 

Q5: Brand shouldn't matter, but your concern is of an extremely specific maleware that is extremely unlikely to happen even if it exists. I don't think what your describing is possible. And if its for backups, these HDDs are just for backuping up files, its not downloading anything or browsing the internet (which is how you pick up the malware). 

[Alir]

37 minutes ago, BringBackLCT said:

I would totally do it... I have a tall house so I have to run 2 routers. I am using Archer C9s from TP-Link and they are the best. They are so easy to setup and they never fail me... Highly recommended

Something like this? https://www.amazon.co.uk/TP-LINK-C9-Wireless-Beamforming-Efficient/dp/B00PK0JLCI/ref=sr_1_1?ie=UTF8&qid=1467592094&sr=8-1&keywords=Archer+C9+TP-Link

That's really expensive I was thinking more along the lines of a £30 or £40 router. One that is capable of gigabit ethernet. The WiFi would only really need to go through one wall to be strong enough for me to get stuff done.

[BringBackLCT]

1 hour ago, Alir said:

Something like this? https://www.amazon.co.uk/TP-LINK-C9-Wireless-Beamforming-Efficient/dp/B00PK0JLCI/ref=sr_1_1?ie=UTF8&qid=1467592094&sr=8-1&keywords=Archer+C9+TP-Link

That's really expensive I was thinking more along the lines of a £30 or £40 router. One that is capable of gigabit ethernet. The WiFi would only really need to go through one wall to be strong enough for me to get stuff done.

Ok, I got them on sale for $100 AUD (which is a good deal, like really good)

[BringBackLCT]

Sadly I don't think many people here are network-savvy so you might have to wait a bit to get a good response. I don't know much about pricing in the UK so I can't really make a recommendation. 

[Eniqmatic]

8 hours ago, Alir said:

Q1: I'm planning on expanding a pre-existing network with a new router. Would the new router/LAN be treated as an individual network?

 

Q2: Can I re-use the router if I decide to purchase another broadband-service later? I know the answer is probably yes, but I already have another spare router lying around and I couldn't get it to work - I don't have any of the original documentation or manuals.

 

Q3: If I set up a cloud server on the new network, would I have to open up ports on the core router also to enable access from the outside world?

 

Q4a: What ways are there to connect a hard drive to this new router and then share that hard drive with my laptop and desktop? I would like to have a backup system where it created images of all my drives periodically. Though I am inclined not to go with this due to the privacy concerns. From my understanding, I'd need a NAS, opening up a can of privacy-concerning worms. Possibly real life computer worms. My main concern would be that these drives that I would like to backup would have to be accessible by all other devices on the network?

 

Q4b: How can I share the hard drive across my desktop and laptop (Minus the NAS or automatic backup part - I'd have to do it manually)? I've been wanting to do this in the past but the privacy concerns and my lack of networking knowledge have prevented me from doing this. I would like to do this by:

1) Eliminating any privacy concerns in regards to a compromised router or compromised device accessing these partitions. My desktop runs Windows and laptop runs Linux. Both backup images will be sent to a RAID 1 (mirrored) hard drive configuration which both will have 2 partitions, 1 for the Windows images and the other for the Linux images. The reason for this is to prevent the Windows machine from accessing the Linux files - I'm weary of Windows viruses such as Windows 10 . On top of that, I don't want the Windows machine to have ANY access whatsoever to the Linux backup partition and vice versa!

2) Not granting other family users access to these drives; and their devices also. Reason being, if a device which is infected, is connected to this router, I don't want that device to have access to these drives AT ALL. I will therefore want some kind of extra login system to prevent the hard drives from being tampered with or formatted, if this is possible.

So to conclude: 2 HDD partitions connected to a Linux and Windows machine. I don't want the Windows partition to have access to the Linux partition or the Linux partition access to the Windows partition (to prevent a rare Linux virus getting from my Windows-Linux, for paranoia reasons). I also don't want any other device that gets connected to this router to have access to these partitions.

If this is not possible, I'd probably resort to a RAID 1 config just backing up my Linux machine via USB and a separate cheap Desktop Hard Drive (non-RAID) backing up my Desktop files. My desktop will only really be used for gaming anyways.

 

Q4bi) Alternatively, I could connect the hard drive to two computers at the same time with a USB cable, eliminating the whole networking mess, but from my understanding, this is impossible? I imagine it could cause conflicts as well.

 

Q5) If the RAID 1 config has 2 HDDs of different brands, would there be some sort of way for some kind of malware or worm to infect the other partition, maybe through the firmware? I mentioned two different brands because it would surely complicate matters or make it impossible for the firmware of one to be infected, without also infecting the other, right? And thus it would be impossible since the 2 HDDs would only be seen as 1? I understand firmware-infections are less than rare, but I like to be extra careful. This isn't really even necessary when I could just buy another dedicated desktop hard drive just for backing up my games. But that would cost me another £70 or so.

 

 

try and keep the answers short, if possible. Wouldn't want to waste too much of your times.

 

http://www.cnet.com/news/nsa-planted-surveillance-software-on-hard-drives-report/

1. Adding another router in place does not need to be a separate network by any means, in fact you will probably find it harder to create another network that all your devices can talk on. All you need to do is connect to the router directly with a single machine, configure the IP address for a free IP on your existing network, then plug the router into the network and all will be well.

 

2. Not sure based on the information provided, more information needed.

 

3. Yes, you will need to allow it to pass through at the ingress point, as well as any other "security" devices you have in place.

 

4a. NAS is certainly the easy way. To avoid having to port forward to allow access from outside the network, why not create a VPN server? Then you may simply VPN into your own network, as if you were physically there. Much more secure then risking opening that kind of data to the internet. You've probably already got the hardware somewhere to run a VPN Virtual Machine, or if you choose your NAS correctly, it's possible it could run a VM for you with the VPN VM on it.

 

4b. If you are talking about getting a NAS or some form of storage device, then you need to just create different "storage areas" (all vendors have different names for this) to store the data on. Then just create the relevant type of share for the OS you are using (CIFS for Windows, NFS for Linux) and mount these to the OS. As for the access control, any good NAS OS will be able to set different permissions for different shares or storage areas. Some you can whitelist single IP address to use them, whilst blacklisting any others (I.E even if you know the account you need to login with, if you aren't on the correct IP you will not be permitted.)

 

4bi. Don't do this.

 

5. No. Viruses and the like don't infect drives at the firmware level. There is simply no need when the filesystem is so much easier to access and do damage to. 

 

Seriously though, just pick a smart NAS. It will last you a long time (if chosen correctly) and is so much more functional. The situation you are describing is a pretty common use case for them and you can achieve everything you want to and much more.