Solved

2 Networks on differnet subnet masks sharing internet connection

Posted on 2006-07-18
8
314 Views
Last Modified: 2010-03-19
At my job, we have our main network which consists of around 50 pcs & devices connected through switches to our dns server at 10.0.0.1/255.0.0.0 which connects to our router/gateway 10.0.0.60/255.0.0.0  & lets everyout out to the internet. The router is a Linksys BEFSX41.

Recently some people came & installed 3 pcs for truck tracking & set them up on their own mini network & gave those pcs the ips of 10.0.0.2/255.255.255.0 - 10.0.0.4/255.255.255.0 I was not a part of the process of setting their stuff up & then yesterday those people came to me & said they need to be able to remote into those pcs from our internet. Their pcs are all statically signed ip addresses & not behind another router, just a small switch, but they left me a router I can use if necessary. Their router is also the same.

The problem I'm having, is I'm not sure what needs to be changed in order to keep their mini network separate from our regular network, but also allow them to connect to the internet. I realize I could register them to our DNS & put them on the network, but the people using those tracking pcs are not people I can trust & the likely-hood of them snooping is high risk. Can the 2 routers have a vpn maybe & just bypass our regular network maybe?

I have tried running a cable from our network switch to theirs & changing their gateway to 10.0.0.60, but this didn't work & I figured it wouldn't with different subnet masks. I tried changing their ips to 10.0.1.2/255.0.0.0 - 10.0.1.4/255.0.0.0 & setting the gateway to 10.0.0.60, but this also did not work, I could not access the internet. At that point though I could ping pcs on the main network.
0
Comment
Question by:kfelon
  • 5
  • 3
8 Comments
 
LVL 3

Expert Comment

by:omrisiri
ID: 17133298
If you have two routers i would guess their router is not configured to route all traffic through 10.0.0.60 if you are able to ping pc's from thier network to your network it's basically setting a gateway through the router. i am not that familiar with the linksys routers.

I would check the following:
ping 10.0.0.60 from the 10.0.1.X network
If it pings set the gateway to 10.0.0.60
Try pinging something outside the network
If that works it's only a DNS issue.

Regarding the seperation you will need to elaborate a little more.
What kind of separation would you like?


0
 

Author Comment

by:kfelon
ID: 17133434
I just don't want their pcs being able to get to any shared files on our domain.
0
 

Author Comment

by:kfelon
ID: 17133476
I will try to do what you mentioned this evening to at least get them going temporarily. It sounds like what I already tried though.
0
 
LVL 3

Accepted Solution

by:
omrisiri earned 250 total points
ID: 17133563
Well they shouldn't have access to the domain files if they are not set up to connect to the domain controller and that none of the computers share files without authentication.
Access to files should be controlled by the domain authentication which should grant access based on permissions on the domain
That is if you have a domain set up and not a workgroup, in that case the permissions would be set on per PC level.

All this of course if the Guest network has the ability to connect to the Host network.
The other option  would be to create a firewall between the networks which will allow access only to the gateway from what i know the linksys should some firewall capabilities
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:kfelon
ID: 17133707
Our main network has a domain controller, but I was just double checking.

As for remoting in via Windows RDP, I plan to change the RDP port on the 3 separate pcs. Would it be possible to forward the port from the main router to the second router & then to each pc if their port #'s are different? I know how to do it from 1 router to the proper pc, but I want to be sure to can forward the port through another router.

say we use port 6009 for one of the pc's rdp
router directly behind the wan would forward 6009 to 2nd router @ 10.0.1.1
router 2 would forward port 6009 to the client 10.0.1.*
0
 
LVL 3

Expert Comment

by:omrisiri
ID: 17133849
I think you answered your own question :)
Just configure portforwarding  on the router to the following router and to the PC
that way anyone trying to access the WAN IP on port 6009 will be forwarded to the PC you configured.
0
 

Author Comment

by:kfelon
ID: 17140552
I never got it working properly, so I ended up making the 3 machines just join one of our domains. Since the users login locally they can't access shares on the domain, just internet. This works, I had originally wanted to avoid this router but ohh well time has run out & this was needed to get done immediately.
0
 

Author Comment

by:kfelon
ID: 17140568
I meant wanted to avoid this route
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Hi there, This article summarizes what you need if you are going to set up your home or small business Network Attached Storage (NAS) to be accessible from the internet. Of course there are configuration differences based on your NAS or router ma…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now