Firewall To Split A Subnet
We've found a cheap little NetGear router that can roughly load balance and fail-over between our two internet connections to hopefully get a little bit more speed. Of course, the simplest thing to do is to set it up so that from the inside it looks just like the old modem and then on the WAN side set it up to look like a client using that old modem as it's router. Of course, that means that the inside and outside of the router are in the same subnet (192.168.0.0) in this case and the new router's internal IP is also the IP of the WAN router it forwards on to.
If your mind can't handle that, don't worry - neither could the NetGear router's. Shame though, it was such a simple way to configure things. Now I either have to change all the internal IPs and find anywhere they happen to have been hard coded and update them, or get the ISP that manages the modem to change it's internal IP. We've sent the word to the ISP but it's filtering its way up the chain of suppliers to the real ISP that actually runs things. Oh and of course since last time we called our ISPs been bought out by someone else again.
If only we were big enough that the top level provider considered us worth dealing with…. Sigh.
March 18th, 2008 at 12:10 am
Adrian,
I’m surprised that your previous configuration had the same subnet on each side. In that case I’d guess the “old modem” was more of a bridge then a real router.
If you have a small internal network then you could try further constraining your subnet to 192.168.x. i.e. lying to the internal systems.
Or, depending on your service (and the netgear) you might be able to tell it not to do DHCP & in (w/ maybe a few more tweaks) it’ll bridge b/t the Networks.
*shrug* not sure I really understand the predicament or can help but sounds like standard network “fun” :)
March 18th, 2008 at 8:31 am
If you’re trying to set the internal and external IPs of the new router to the same subnet, then you’re basically trying to use it as a bridge, not a router. It doesn’t make sense to have the same subnet on both sides of the router - if it gets a packet for that subnet, which port does it send it to?
And, you can’t have the external router’s LAN IP the same as the internal router’s LAN IP - if the router receives a packet for that IP, does it deliver locally or forward? If those two physical networks are routed or bridged together, you can’t have the same IP twice on that combined network.
So, yeah, we’ll need to change the internal IPs, or change the router LAN IP.
Personally, I would set both of the old routers to bridge, and do both PPP dials with the new one.
Regardless of whether the external->internal routers are bridged or routed, AFAIK you will need a different subnet for each physical network: External1_LAN NewRouter_wan1, External2_LAN NewRouter_wan2, NewRouter_lan internal
March 18th, 2008 at 11:36 am
I think you’re both misunderstanding the situation (probably because it’s both confusing and very briefly described above). We had a standard situation, with a modem/router and an internal 192.168.0.x network. We then bought a router with a load balancing function that can share two internet connections and do fail over. It needs to replace the modem/router in the internal network and then pass off requests to one of the two modem/routers for the internet connections. Thus the simplest possible situation is to drop it exactly in place of the old modem/router at 192.168.0.253 and set one of it’s WAN ports to use the original modem/router (still at 192.168.0.253) hence the weird network connection. It is complete nonsense but awfully convenient.
The right answer of course is to change the original modem/router’s IP to a different subnet which is what we wound up doing but since it wasn’t in our control that took 24 hours and is generally a painful experience. It would also be good to not go through two separate NAT routers to get out but for various reasons, primarily not changing too much at once I’m happy to stick with that for now.