• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 691
  • Last Modified:

Multiple LANs with one router

Hello experts.

SITUATION
I have internet connection and I'd like to share it with my neighbours. Each of them have LANs with different subnets (192.168.xxx.yyy/255.255.255.0). Now I have set up a router (assembled from old PC and two ethernet cards) for each LAN.

PROBLEM
As time goes by more and more neighbours want me to share my internet connection with them. But I can't afford myself to set up a new router for each of their LANs. A year ago a had 3 routers, that was OK, but today I'd assemble 8th one to share my internet connection. To look from a point of statistics I'd have half of my room filled with routers after 3 years :)

QUESTION
Is there any solution to have one router for all of LANs I'm sharing my internet connection with? (Of course security matters - LANs should not "see" each other)
Is it possible to assign some sort of IP address/Subnet mask combination to LANs and router to solve this problem?

Thanks for your time.
Ramuncikas
0
Ramuncikas
Asked:
Ramuncikas
  • 13
  • 7
  • 4
  • +2
2 Solutions
 
nexissteveCommented:
Answer = YES.

Simply have the one machine with mutiple nics. You can also obtain mutiple port network cards so you can have all eight on the same box.

You could achieve a level of security by simply using static routes. This of course is not ideal as there are ways of getting around routing.

If you are looking for a free solution that will handle the job nicely try monowall. http://m0n0.ch/wall/

This way you will be able to define a ruleset for the box which will keep all the Lans secure. It also will allow you to carry out traffic shaping so one neighbour doesnt hog all the bandwidth.

Hope you find this usefull. If you need a hand with config just yell.

Cheers

Steve
0
 
RamuncikasAuthor Commented:
>>> mutiple port network cards <<<

I've seen them here in Lithuania on the market some 4 years ago. Today I don't remember any store suggesting to by one.  Could you please name some vendors and prices in US dollars or eros?

Monowall is very beatifull thing. The 8th box on my desk is already set up with monowall. I just wonder if monowall will recognise one multiport NIC as 2 or 4 different NICs?

Thanks
0
 
nexissteveCommented:
One card option is the DFE-580TX (109USD), a quick look at the card suggests you wont have a problem installing into a monowall box. Linux native drivers will pick up the card so I would imagine you wont have a problem with BSD (Monowall).

The DFE-580TX uses the Alta Sundance driver.

CNET also make a 4 port.

CNET SW 1000/100/10 TX 4PORT(150 USD)

You are better of googling a vendor from your area.

Those are rough prices.

Hope that helps, cheers S
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
RamuncikasAuthor Commented:
And what about playing with IP adress/subnet mask?
0
 
nexissteveCommented:
What are you trying to achieve with ipaddress and mask?

I would just use the ruleset on monawall to secure the different LANS.

A class C would be fine unless you are wanting to limit the amount of hosts on a network for a particular reason.

Monowall will be capable of routing between any of the lans regardless of mask.


0
 
RamuncikasAuthor Commented:
Well, seems like I can not find any multiport PCI cards. Only server ones whitch I think are not suitable for desktop motherborads. So I guess i need another solution.

Could it be possible to connet all LANs into a hub/switch, route them with a single router and have all LANs separate from each other?

Thanks again
0
 
nexissteveCommented:
NO not really. The other lans will be able to see the broadcast traffic and performance will suck.

Check the server cards again. A server card will run fine in a PC.

:o) I run a server SCSI and server network card in mine albeit a single port one.

Cheers

Steve
0
 
RamuncikasAuthor Commented:
Clear my doubts:
1. Server multiport network cards work fine with desktop motherbords?
2. 4 port NIC will be treated as 4 sepatare NICs by OS?

Thanks
0
 
arthurjbCommented:
Sorry to throw in a sour note, but two things to think about.

#1, I hope you trust your neighbors very well, since if they so spamming or other violations, it will be your responsibiliy and your connection that will be cut off

#2, most terms of service prohibit sharing of internet connections.  In many countries high fines and possible jail time could result.


But as far as your problem goes, I assume that each neighbor has their own router providing dhcp and such to their subnets, so your solutions may be as simple as providing a sub-wan, where each of their routers connect to a single network on your end which provides the dhcp to the public side of their networks.  

With this solution you have a single router with as many switches as you need, to provide the connections. You will have to daisy chain the switches, but you won't need to have a seperate router until you get more than 254 neighbors.  (Since you only have have a single internet connection on the input, any slowness or inefficency will make no noticable difference...)
0
 
m1crochipCommented:
If each neighbor has their own router, just daisy chain them putting each link in a DMZ.  If they don't have routers, the best and most secure and performance oriented would to buy an new router with configurable interfaces and run a cable to the neighbors computer (or switch if they have more than one).
0
 
RamuncikasAuthor Commented:
Thanks Arthur for your note. Very helpfull. Well... if not for me, then for others who will read this quostion will be.

#1, I did. Until I had problems with my mail. My ISP was hosting my mail and one day all of a sudden I was banned form SMTP service. I was informed that my netword was spredding spam. Suspect were found and problem was solved, but I had no chance  to send mail for 24 hours. From that day on my Freesco routers were changed to monowall routers

#2, I know that. That is why I changed ISP and insested to let me share my internet connection. This permition is written in contract so the only thing I care about that all LANs (including my one) are under my responsibility. Here I came to the point of whitching from freesco to monowall.

About the infrastructure. Sandly, but no - all of the routers are in my server room. Actually the whole action takes place in my workplace, not home. At the very beginning there was only one neighbor wishing to connecto to the internet through our internet connection. With my boss' permition and new contract with our ISP I've set up a freesco router. Old PC, three NICs - simple and attractive. Then some tim later other neighbor asked for same service. OK,  I have freesco! Then the other neighbor... one more PC, other...one more...and so on and so forth. And all of these PCs are in my server room. Today one more "custommer" asked me for "favour". So I think it's time to get rid of bad habbit putting one PC for two neighbors and solve this problem.
All of neighbors are in one or other degree computer-illiterated. None of them know what IP address is nor how to set up printer sharing in their LAN. I could connet all of them into one hub/switch and say that they are secured from hackers/other LANs in our building and thei would believe me. But I'd like to arrage this whole infrastructure right way and solve a problem of a growing hipe of old PCs.

Thanks

0
 
RamuncikasAuthor Commented:
m1crochip,

>>> new router with configurable interfaces <<<

right now I'm sirfing internet looking for a cheep one, but I guess that they cost alot and I'm looking for a cheep solution too. Well who doesn't... :)

Thanks
0
 
RamuncikasAuthor Commented:
Seems like I was wrong about managed switches - there are cheep ones.

@m1crochip,
Are there any special requirements for a managed switch to suite my needs? I saw many features (like Layer 2, IGMP Snooping, Port Mirroring, VLAN, Port Trunking [or somethig like that]) and I don't know whitch of them are necessery and whitch of them are optional to implement your solution?

http://www.dlink.com/products/?pid=424
Would this device be suitable?
Could you suggest alternative products with the same price level?

Thanks
0
 
m1crochipCommented:
Yes, that switch will work - however, you'll need a VLAN capable router in order for it to work.  A VLAN will separate your network on the switch (hence making the switch more like a router).  There is a bit of a learning curve to it, though.
0
 
m1crochipCommented:
You could get a managed 10/100 24 port dell with 2 gigabit ports for cheaper than that.
0
 
RamuncikasAuthor Commented:
Yes, I've read about VLANs. As I understand VLAN is a logical unit consisting of one or more phisical switch ports  and acting like a separate switch. But how do I make may monowall router accessible from all vlans? Or am I missing here something?

Thanks for your time and patience
0
 
m1crochipCommented:
I don't have any experience with monowall, but apparently VLANs are supported. (you may have to download more current firmware - I'm not sure)  You'll have to read the monowall and switch documentation to see how to do it with your particular hardware.
0
 
nexissteveCommented:
I disagree. VLAN is not needed in this situation.

Also having a managed switch just adds another hop. If you already have this set up, just use a multi port ethernet card and rulesets. The firewall rulesets will stop broadcast and secure the different networks.

The PCI card will work in pretty much anything. Just because the vendor has labelled it "server" doesnt mean much unless its 64 bit. I will bet you that it isnt though.

cheers

S
0
 
RamuncikasAuthor Commented:
nexissteve,

the reason why I'm interested in managed switch is that I cannot find multiport NIC for good price. To say the truth the only store suggesting me something similar said that it is 64bit intel board for ~180 euro while the DLink device (http://www.dlink.com/products/?pid=424) is ~200 euro. Accordeing to m1crochip I could find better for cheeper.

So the following thing remain unclear for me:
1. Was features have to implement managed switch to make him suitable for my infrastructure?
2. No matter what OS is router, will/should it be possible to set up managed switch so all VLANS can communicate with router? Are there any special features required that should make managed switch capable fo doing so?

Thanks
0
 
scrathcyboyCommented:
Keep sharing your interent connection with neighbors, and one day the police will haul you away.  Some legislations just got passed to make this illegal, a jailable felony.  And when you go to prison, guess which one of your neighbors will come to bail you out???  None, thats what.  Sharing net BW is technically illegal.
0
 
RamuncikasAuthor Commented:
scrathcyboy,

If you'd carefuly read all of my posts you'd defenetly notice me saying that I have permition from my ISP to share my internet connection and the only thing I care about is setting up one commen router/filrewall/content filter for all lans to do whatever possible to protect myself from things you're talking about. You'd also notice me saying that neighbors are computer-illiterated, so the chanse they'd do something faulty on purpose is very very tiny. The only chance is to get some trojan/backdor exploit into their computer, but I guess this threat is commen to all of us and does not depend on whether I'm sharing my resources or not.

Thanks anyway
0
 
nexissteveCommented:
If sharing net BW was technically illegal all the ISP's would be in jail.

You have no idea what so ever what situation Ramuncikas is in. He may have a commercial connection that allows on-selling bandwidth. So please keep your posting to a positive nature.

Back to the question: Any managed switch that supports vlans will do the trick  Ramuncikas . Just set up all the static routes on your monowall box.

Have the monwall interface as a member of all vlans and voila. You should be able to set this up on a test connection and get them all over onto the switch in one hit.

BSD has the fastest IP stack in the business and will perform the best.

Cheers

Steve


0
 
RamuncikasAuthor Commented:
OK, after spending significant amount of time reading different docimentation I think that managed switch will solve my problem. The only thing left that bothers me is IP adressing. I suppose that all LANs should be in the same subnet to make monowall router with two NICs (WAN & LAN) function correctly. Is that right?

Thanks
0
 
nexissteveCommented:
You should be able to use the existing address ranges and just add the routes for the specific vlans

 
0
 
RamuncikasAuthor Commented:
I've just ordered the device, so when after I make tests I'll drop a line and assing points.
0
 
RamuncikasAuthor Commented:
Works like a charm.
Thanks guys
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 13
  • 7
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now