Solved

2 Networks on differnet subnet masks sharing internet connection

Posted on 2006-07-18
8
320 Views
Last Modified: 2010-03-19
At my job, we have our main network which consists of around 50 pcs & devices connected through switches to our dns server at 10.0.0.1/255.0.0.0 which connects to our router/gateway 10.0.0.60/255.0.0.0  & lets everyout out to the internet. The router is a Linksys BEFSX41.

Recently some people came & installed 3 pcs for truck tracking & set them up on their own mini network & gave those pcs the ips of 10.0.0.2/255.255.255.0 - 10.0.0.4/255.255.255.0 I was not a part of the process of setting their stuff up & then yesterday those people came to me & said they need to be able to remote into those pcs from our internet. Their pcs are all statically signed ip addresses & not behind another router, just a small switch, but they left me a router I can use if necessary. Their router is also the same.

The problem I'm having, is I'm not sure what needs to be changed in order to keep their mini network separate from our regular network, but also allow them to connect to the internet. I realize I could register them to our DNS & put them on the network, but the people using those tracking pcs are not people I can trust & the likely-hood of them snooping is high risk. Can the 2 routers have a vpn maybe & just bypass our regular network maybe?

I have tried running a cable from our network switch to theirs & changing their gateway to 10.0.0.60, but this didn't work & I figured it wouldn't with different subnet masks. I tried changing their ips to 10.0.1.2/255.0.0.0 - 10.0.1.4/255.0.0.0 & setting the gateway to 10.0.0.60, but this also did not work, I could not access the internet. At that point though I could ping pcs on the main network.
0
Comment
Question by:kfelon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 3

Expert Comment

by:omrisiri
ID: 17133298
If you have two routers i would guess their router is not configured to route all traffic through 10.0.0.60 if you are able to ping pc's from thier network to your network it's basically setting a gateway through the router. i am not that familiar with the linksys routers.

I would check the following:
ping 10.0.0.60 from the 10.0.1.X network
If it pings set the gateway to 10.0.0.60
Try pinging something outside the network
If that works it's only a DNS issue.

Regarding the seperation you will need to elaborate a little more.
What kind of separation would you like?


0
 

Author Comment

by:kfelon
ID: 17133434
I just don't want their pcs being able to get to any shared files on our domain.
0
 

Author Comment

by:kfelon
ID: 17133476
I will try to do what you mentioned this evening to at least get them going temporarily. It sounds like what I already tried though.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Accepted Solution

by:
omrisiri earned 250 total points
ID: 17133563
Well they shouldn't have access to the domain files if they are not set up to connect to the domain controller and that none of the computers share files without authentication.
Access to files should be controlled by the domain authentication which should grant access based on permissions on the domain
That is if you have a domain set up and not a workgroup, in that case the permissions would be set on per PC level.

All this of course if the Guest network has the ability to connect to the Host network.
The other option  would be to create a firewall between the networks which will allow access only to the gateway from what i know the linksys should some firewall capabilities
0
 

Author Comment

by:kfelon
ID: 17133707
Our main network has a domain controller, but I was just double checking.

As for remoting in via Windows RDP, I plan to change the RDP port on the 3 separate pcs. Would it be possible to forward the port from the main router to the second router & then to each pc if their port #'s are different? I know how to do it from 1 router to the proper pc, but I want to be sure to can forward the port through another router.

say we use port 6009 for one of the pc's rdp
router directly behind the wan would forward 6009 to 2nd router @ 10.0.1.1
router 2 would forward port 6009 to the client 10.0.1.*
0
 
LVL 3

Expert Comment

by:omrisiri
ID: 17133849
I think you answered your own question :)
Just configure portforwarding  on the router to the following router and to the PC
that way anyone trying to access the WAN IP on port 6009 will be forwarded to the PC you configured.
0
 

Author Comment

by:kfelon
ID: 17140552
I never got it working properly, so I ended up making the 3 machines just join one of our domains. Since the users login locally they can't access shares on the domain, just internet. This works, I had originally wanted to avoid this router but ohh well time has run out & this was needed to get done immediately.
0
 

Author Comment

by:kfelon
ID: 17140568
I meant wanted to avoid this route
0

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question