2 ISP's, 2 Networks Setup Help

[djboy6480]

Hello Networking Specialists,
I am a bit stuck here, I want to connect 2 Networks 192.168.178.0/24 and 192.168.188.0/24 separated by a router (cheap one). I need the to use .188.1 from everywhere but only for configured devices.

 

 

 

 

 

My guess is Static Routing? 

 

 

Thanks for you Help in advance : )

[Lurick]

Hmmm, that's going to be tricky.

If I'm reading it correctly you want any client with a statically configured gateway on ISP #1 side to go through the middle router and out ISP #2 but also have those clients on the left side be able to go out ISP #1 as well?

Or do you just want to have those on the right side go through ISP #2 and any clients on the ISP #1 side who have a static gateway to go out ISP #2?

[djboy6480]

The right side should be able to accsess IPS #1 and #2, the left side only IPS #1 if not configured to go trough the middle router to isp #2

[Guest]

Why complicate things? Why not get a single router, setup DNAT/SNAT and go from there?

[Lurick]

35 minutes ago, djboy6480 said:

The right side should be able to accsess IPS #1 and #2, the left side only IPS #1 if not configured to go trough the middle router to isp #2

It's possible to do this, but not with only static routes, and probably not with the current layout.

 

Some possible solutions and issues:

The biggest issue is that you can't really have two default routes pointing in different directions on the router at the same time without causing either a loop or it to just send it back to the ISP router on that side without other mechanisms in place to stop it depending on specific conditions. The router just won't know what to do, he'll get traffic from an allowed host on ISP #1 and see that he has a default route out ISP #1 and #2 so it will just send the traffic back and it will just go out ISP #1 most likely. If you wanted allowed hosts on the left side and all those on the right side to use ISP #2 unless it failed and then install a backup route to send all traffic to ISP #1 then you would need some form of SLA probe and a router that allowed a weight to be placed on the routes so that one had a higher weight and when the probe failed then you would remove that route and install the other.

 

It could also be done with ACLs and some manipulation on ISP Router #1 and the Middle Router where you tell it to send traffic to the middle router and then have just a single default route on the middle router that goes out ISP #2 but then you run into the issue of "what happens if ISP #2 goes down" and having to change things all around to allow traffic to reroute and go out ISP #1 and ignore the ACL that's telling it to send certain traffic the other way.

 

Another way would be to take the middle router out, put one with more advanced features with a connection directly to ISP router #1 and #2 and do some ACLs to prevent specific hosts from going out the link to ISP #1, permit those same hosts out ISP #2, and then deny all the rest of the 192.168.178.0/24 subnet from going out ISP #2. Some script could run to check if ISP #2 is up and adjust things accordingly if it goes down so all traffic then goes out ISP #1 and if ISP #1 fails then the non-permitted hosts just lose internet access.

 

There are probably other ways I'm not thinking about right now but having the right side access both ISPs at any given time is the tricky part with such a limited device. If we remove that requirement that the right side be able to access both at the same time then you could just set a static gateway to point to the IP of the middle router on "allowed" devices, have a default route pointing to ISP router #2, and be done with it.

[Levisallanon]

@Lurick should it really be that difficult?

@djboy6480 I would suggest doing the following:

on the .1 Routers setup a default router to the internet (would probably be set already) and make a router for the other subnet to go to the .2 router

so on 178.1 you have:
network---------------subnet-----------gateway
192.168.188.1   255.255.255.0    192.168.178.2

on 188.1 you have:
network---------------subnet-----------gateway
192.168.178.1   255.255.255.0    192.168.188.2

The center router should already have the required routes in it's table because they are directly connected.
This should make sure devices go to the internet trough their own router (in their administrative domain) but when they want to go to the other domain they use the router in between.

[keskparane]

Can't you just hook the whole lot up with a switch (or possibly just 1 cable between lan ports in the routers will cover it) and assign static secondary 178 addresses to the 188 machines?

 

edit: ah just realized that won't isolate the 188 machines.

[LAwLz]

This makes no sense to me. It feels like information is missing.

What exactly are you trying to accomplish with this setup?

 

You have one ISP for each network, plus an additional router between the two networks. You want computers on network 1 to be able to use ISP 2 but only if you manually set it to? Is that correct?

Why?

[djboy6480]

@LAwLz
Because I own to ISP 2 Connection but want to use it every were (wifi). ISP 1 is very slow. Also I don't want any other traffic like smart tv streaming option to show up on youtube because someone turns on a TV. 

IPS1 ~180 kbyte/s

ISP2 ~12.5 Mbyte/s

PS: ISP1 is just a back up ISP for me (manuell switching)

PPS: I also want to be able to use the printer (.178.0/24) but its then just a matter of opening a couple of ports  : )

[Lurick]

3 hours ago, Levisallanon said:

@Lurick should it really be that difficult?

@djboy6480 I would suggest doing the following:

on the .1 Routers setup a default router to the internet (would probably be set already) and make a router for the other subnet to go to the .2 router

so on 178.1 you have:
network---------------subnet-----------gateway
192.168.188.1   255.255.255.0    192.168.178.2

on 188.1 you have:
network---------------subnet-----------gateway
192.168.178.1   255.255.255.0    192.168.188.2

The center router should already have the required routes in it's table because they are directly connected.
This should make sure devices go to the internet trough their own router (in their administrative domain) but when they want to go to the other domain they use the router in between.

But the issue comes, at least in my mind, in if you want clients on the right side to go to the left side as well and having them come to the router and bounce back the other way but I was probably over thinking things. I just saw the OP's post above and it looks like it's mostly just devices going out ISP#2 and there isn't much need/desire to go out ISP#1

 

2 hours ago, djboy6480 said:

@LAwLz
Because I own to ISP 2 Connection but want to use it every were (wifi). ISP 1 is very slow. Also I don't want any other traffic like smart tv streaming option to show up on youtube because someone turns on a TV. 

IPS1 ~180 kbyte/s

ISP2 ~12.5 Mbyte/s

PS: ISP1 is just a back up ISP for me (manuell switching)

PPS: I also want to be able to use the printer (.178.0/24) but its then just a matter of opening a couple of ports  : )

Since you probably wouldn't have ISP#2 side going out ISP#1 then just a static route of 0.0.0.0 0.0.0.0 pointing to 192.168.182.1 would be fine on the middle router. He would still have local subnet knowledge so you could easily do the printer stuff as well.

 

Edit-2:

I did forget but to expand on the above. You'll set the default route pointing to 192.168.182.1 but the clients on both sides will have their default gateway set to the .2 address on the respective side of the middle router.

 

Edit:

Looking at the diagram again I think I see where I over-interpreted things