Sharing internet between networks

I have two completely separate networks, each running Windows 2000 server with XP workstations.  Each has a router connecting to cable modems for internet connection.  They are two separate businesses and would like drop the 2 cable connections for internet and split a T1 connection, for various reasons.  I would like to know how to handle the sharing of the internet.  I am not real familiar with working with subnets and such.  I want to keep the networks as they are as far as domain names and IP ranges and all that.  Assume one network has an IP range of 192.168.5.x and the other had 100.100.10.x could the servers for each domain point the workstations to a single router or what?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

OK, just pointing out the disparity :) within the comment

To further clarify how the netwmask allows you to break down a subnet. The netmas is always all binary 1's on the left, and binary 0's on thr right.  You never have a zero to the left of a one.  When a device wishes to send a packet to a destination, it uses the mask to see if the address is "local."

It takes its own interface address (basically, its own IP address), and filters it through the mask.
It takes teh destination and filters it through the mask.
If the output of the two operatsions are the same, then it is a local address.  Otherwise, it needs to be forwarded trhough a gateway (which itself has to be a local address).

With a netmask of, everything in the first byte must match; the other three don't have to.  That's because a.b.c.d when masked through, or 11111111.00000000.00000000.00000000, will keep the first byte (a), but always drop the otehr three, yielding a.0.0.0.

Similarly, with a mask of, it will always give a.b.0.0.

It gets trickier (for a human being) to keep track of when you have non-255 masks. means "keep the first byte, and keep the first four bits of the second byte, but drop the other four bits."

Now look at 224 binary and 31 binary.  224 dec = E0 hex = 1110 0000 bin.  31 dec = 0F hex = 0001 1111 bin.  See the pattern? Everything from 0-31 will mask the same through 240, beacuse the first three bits will always be zero.  Similarly, 32-64, which is 0010 0000 through 0011 1111.  the first three bits are always 001, and th other five don't matter when masked.

Routers do the same thing, but a little more complicated.  (It actually isn't really more complicated, it just seems that way.  All TCP/IP stack act as routers internal to the machine, but the simplified eview I gave above suffices to explain it.)

The router has connections to many other routers.  Each router it has a connection to must be a "local" device to it.  So, typically, a router must have at least two addresses -- one for "inbound" and one for "outbound" (inbound and outbound are really relative, of course -- my corporate outbound packet is the backbone's inbound packet).  Typically, except for a workgroup router, it wll have many more addresses than that.  Most often, the "backbone" connection has one address in one range, and the "LAN" connection has many addresses, one for each router "further in" that it can connect to.  Often, those multiple addresses will be in a single subnet.  Sometimes they are not.

The router maintains a list of subnets/masks, and the destination address (gateway) it should use to reach each of them.  So it also takes a similar calculation as the worksataion -- mask "my address" and mask the destination address, and see if they are the same.  But in this case, there is a long list of "my address" possibilities, and a mask to go with each one.  For each interface ("my address") and mask pair, the mask is used against both the interface address and teh destinatino address, until a masked output match is found.  At that opint, the packet is forwarded to the gateway address listed for the subnet; if the gateway is one of the router's own addresses, it sends it out as a local packet.

Does that mean that all the routers on teh internet backbone have a list of all subsets in teh world?  No!  That's the basic reason why masks are always all ones followed by all zeroes.  When you broke your subnet into eight subnets, you probably added seven or eight routers.  Each of the new routers owns a single "broken up" subnet.  But the next router up the line still thinks you have a subnet, al going to a single router.  That single router doesn't know that the previous calculation invlved a 255.0 mask; it just knows that it has eight 255.224 entries in the routing table.  It is a very nice hierarchical relationship, where "centralized" routers see the world as A-class nets, and the routers "beneath" them see "B-class" nets and so on.  In practice it is messier, as even backbone routers have "shortcuts" to reach nearby routers with other ranges, and as even A and B class nets are broken into parts.  Similarly, in your example, you might only need seven new routers, not eight, because the original router can serve one of the local eight subnets, as well as servicing seven other routers each with one subnet.  Or, with multiple ports installed on a single router, one router can handle, two, three, or mre subnets.  (technically, you don't need multiple ports forthis, you could have "neighbor" subnets all on a single wire segment, but that would be rather pointless, as all devices on subnet A would have subnet B's traffic flowing right past them, and vice versa).
I apologize, that was meant for another question.
If each company had a firewall, you could simply uplink the two firewalls to the same broadband connection, and the only thing that would change is that the external address of one or both firewalls would have to be in the same subnet as the broadband device, and use the broadband gateway address.

What if you did not have any firewalls?

If there is no "data security" issue, or overlap in workstation host names, WINS names (Windows host name), or IP address, then you can just plug everything into a single switch, or uplink the two switches to each other.  Problem is that in such a setup, the PCs used to use the broadband device directly for primary gateway.  With incompatible address ranges, you have a small problem.  The simplest solution would be to have the broadband device support two internal addresses, one for company A, one for B, and nothing changes.  Otherwise, get a router for the company that is "dropping" its old service, and have the router take care of translating traffic.

SolarWinds® Network Configuration Manager (NCM)

SolarWinds® Network Configuration Manager brings structure and peace of mind to configuration management. Bulk config deployment, automatic backups, change detection, vulnerability assessments, and config change templates reduce the time needed for repetitive tasks.

Shouldn't be a problem.  You have two options.

Option 1.  - Two logical networks, one physical.

In this case, your user workstations and server from both companies will plug into the same physical switches and hubs.  Your router then plugs into the same physical device as everyone else.  That connection is the "inside" interface.  The other connection on the router plugs into your T1.  That is the "outside" interface.  You set up two IP addresses on the inside interface ( and for example).  Workstations and servers that use the 192's will have as their default gateway, workstations and servers that use the 100's will have as their default gateway.  Connect your T1 connection to the Internet as normal.

Option 2 - Two logical networks, two physical.

Separate the two networks physically.  That is to say, the people who work in office 1 plug into switch 1, the people who work in office 2 plug into switch 2.  

Your router must have two "inside" interfaces and one "outside".  In your case, that will mean one T1 connection and probably two Ethernet.  Program each inside interface on the router with the appropriate address ( or for example) and plug them into the appropriate switch.  Connect your T1 connection to the Internet as normal.

Your best option here is Option 2.  Option 1 gets very messy, especially if you are running DHCP.  It's worth noting that you don't have to have two physical switches, you can separate them using VLAN's if you are comfortable with that.

In both cases you will have to decide if you want to route traffic between the two networks.  In all liklihood, you probably don't want to.  (Unless you want one company able to see what the other one is doing.)  So, make sure your router is set up to either allow or block traffic between the two.

Either way you only need one router, you just may need two "inside" ports on it!

Good luck!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jtwestmoAuthor Commented:
So Robing66066 I would need to do away or not use the two routers I have now and get a new one that allows two "inside" interfaces and one "outside"?  

One question could I buy another router like the two I have now and and us that on to connect to the internet and have the other two connect to that router or is that getting two complicated?
That depends on what type of ports and capabilities the routers you have now possess.  If both the routers have two ethernet interfaces on them, you could arrange it like this:

Internet <-->Router1<-->Switch1<-->Router2<-->Switch 2

Your addresses would work as such:

Router 1:

Outside: ISP Provided IP Address
Default Gateway:

Router 2:

Default Gateway:

Now, that would mean that all your Internet traffic from the 100.100.10.x network would have to go through switch 1, but it would work.  Also, if you have any services (web server, email server, etc...) that you would like to make accessable to Internet users on the 100.100.10.x network, it would be a major pain.  Setting up NAT would on Router 1 (if you are using it) might require some extra work too.

The *easiest* solution is to simply buy a router with two inside ethernet ports and one outside port, but it isn't required, your config just gets more complex if you don't.  

What kind of ports do you have on the two existing routers?
Whoops.  Sorry.  

Router 1 should read:

Outside: ISP Provided IP Address
Default Gateway: ISP Provided gateway

jtwestmoAuthor Commented:
I have to netgear 311 routers
but you have answered my question just fine.  I see what I need to do to get it working.  Thank you very much for your help.  I think I am just going to get a router with 2 internal interfaces, that would be easy to do and set up.

Glad to hear it!  Good luck!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.