cmdown
asked on
How do I share 1 ADSL connection between 3 seperate charities ?
Hi
I need to share one ADSL connection between 3 seperate charities, A, B & C. Each charity has its own network of 2 or 3 computers and MUST be isolated from the other two charities except for a shared ADSL connection for internet and email access.
Would the following 4 router solution work ?
ADSL connection feeds into a Primary router with IP address 192.168.0.1
Charity A:
Charity A's router has IP address of 192.168.100.1 and all pcs are on the 192.168.100.x IP range. Router takes internet feed from Primary router
Charity B:
Charity B's router has IP address of 192.168.200.1 and all pcs are on the 192.168.200.x IP range. Router takes internet feed from Primary router
Charity C:
Charity C's router has IP address of 192.168.300.1 and all pcs are on the 192.168.300.x IP range. Router takes internet feed from Primary router
So..
All 3 charities pick up internet connetion from Primary Router and can share files and printers internally but can NOT sahre files etc with other charities. Better still if Charity A couldn't even see Charity B or C on the network and so on.
ANy comments very much appreciated.
PS Can't use wireless due to high signal attenuation.
Thanks
I need to share one ADSL connection between 3 seperate charities, A, B & C. Each charity has its own network of 2 or 3 computers and MUST be isolated from the other two charities except for a shared ADSL connection for internet and email access.
Would the following 4 router solution work ?
ADSL connection feeds into a Primary router with IP address 192.168.0.1
Charity A:
Charity A's router has IP address of 192.168.100.1 and all pcs are on the 192.168.100.x IP range. Router takes internet feed from Primary router
Charity B:
Charity B's router has IP address of 192.168.200.1 and all pcs are on the 192.168.200.x IP range. Router takes internet feed from Primary router
Charity C:
Charity C's router has IP address of 192.168.300.1 and all pcs are on the 192.168.300.x IP range. Router takes internet feed from Primary router
So..
All 3 charities pick up internet connetion from Primary Router and can share files and printers internally but can NOT sahre files etc with other charities. Better still if Charity A couldn't even see Charity B or C on the network and so on.
ANy comments very much appreciated.
PS Can't use wireless due to high signal attenuation.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Oops - forget to ask..
What would need to be done assuming each router supports NAT etc. Can it just be turned off on all routers EXCEPT the primary router ?
What would need to be done assuming each router supports NAT etc. Can it just be turned off on all routers EXCEPT the primary router ?
you need nat for the internet to work on all the routers but the individual groups would have no knowledge of the others because their router's nat only goes to the gateway 192.168.0.1 and to the 192.168.0.* network not back into the 192.168.100.*, the 192.168.200.*, or 192.168.300.* networks because the traffic reqested in Network address translation is only to the correct network and not a different one. So any traffic in the 192.168.0.* network is solely bound for the internet through the gateway or is returning from the internet and the nat on the primary router only directs it the the WAN port on the correct secondary router and not to either of the others.
ASKER
ok thanks mtpcbypc.
Would you be able to recommend any particualar router for this job?
Criteria would be - cheapish - as it is for charities but would need the facility to preferably block all ports except specefic named ports eg 3389, 80, 25, 110, 9001-9009
I used to use Solwise which had very comprehensive firewall configuration- but I have one or two issues recently and would like to try a different brand (By cheap I mean around the £50GBP / £$90US price area)
I have used some LinkSys recently but there seems to be almost no configuration possible except for 5 ports to open or block
Would you be able to recommend any particualar router for this job?
Criteria would be - cheapish - as it is for charities but would need the facility to preferably block all ports except specefic named ports eg 3389, 80, 25, 110, 9001-9009
I used to use Solwise which had very comprehensive firewall configuration- but I have one or two issues recently and would like to try a different brand (By cheap I mean around the £50GBP / £$90US price area)
I have used some LinkSys recently but there seems to be almost no configuration possible except for 5 ports to open or block
Dlink DI-604. Cheap, easy to configure, and I have them fail less often that their more expensive linksys counterparts.
you can block port ranges easily in 604 just block 1-24 26-79 81-109 111-3388 3390-9000 and 9010-65536. Thats easy to do in the port filter section of the setup. Remember to block both udp and tcp.
they should cost you less than $50 US.
ASKER
Hi mtpcbypc
Thanks for your reply on the 16th. Unfortunately these aren't available in the UK. :o(
Do you by any chance know of a router that will support dual static IP address (wan side) as one of the charity I am doing this for now says they would like to have remote access to one client machine.
I have thought about using 2 static ip addresses and then routing 1 static IP address to charity A's router and the other static IP address to charity 2's router - they could then use VNC or remote desktop as normal. Trouble is I can't find a router that supports more than one static IP address.
Are there any other options to acheive this ?
Thanks for your reply on the 16th. Unfortunately these aren't available in the UK. :o(
Do you by any chance know of a router that will support dual static IP address (wan side) as one of the charity I am doing this for now says they would like to have remote access to one client machine.
I have thought about using 2 static ip addresses and then routing 1 static IP address to charity A's router and the other static IP address to charity 2's router - they could then use VNC or remote desktop as normal. Trouble is I can't find a router that supports more than one static IP address.
Are there any other options to acheive this ?
To properly isolate you have to move Charity A off of the primary router and onto a router of its own like the other 2 and have only the routers from a, b and c connecting to the primary router