Dual WAN Advice Please
- Thread starter Chunky
- Start date
L&LD
Part of the Furniture
Reading this threads posts, especially the first, makes me cringe at any solution short of involving the ISP's and a 'pro' or two (ideally, one for each business. To ensure that each business stays private and protected against the other).
This is a bad idea and does not bode well no matter what hardware and associated rules setup is used.
The second ISP for each business is expensive over time, but if that is truly what is needed, then the cost is just part of doing that business.
Sharing the WAN connections when both require remote access to each business' isn't something I would do with a close relative, let alone a neighbor with access provided to additional strangers too.
If you need internet connectivity and a secure network 100%, then this is a bad idea from step one.
This is a bad idea and does not bode well no matter what hardware and associated rules setup is used.
The second ISP for each business is expensive over time, but if that is truly what is needed, then the cost is just part of doing that business.
Sharing the WAN connections when both require remote access to each business' isn't something I would do with a close relative, let alone a neighbor with access provided to additional strangers too.
If you need internet connectivity and a secure network 100%, then this is a bad idea from step one.
I think this is an exercise in networking knowledge. They are only backing up each other and not sharing LAN networks. There is exposure when running through the other persons router in that the local router owner can log or modify all internet traffic.
PS
Long ago when we were using modems for dial up and I got my first broadband connection I had a CAT5 cable running to my neighbors house so we could play games. Our teenage girls were always on the phone. I allowed my neighbor to download large files across my internet connection. I never used his. We played games mostly across the connection.
PS
Long ago when we were using modems for dial up and I got my first broadband connection I had a CAT5 cable running to my neighbors house so we could play games. Our teenage girls were always on the phone. I allowed my neighbor to download large files across my internet connection. I never used his. We played games mostly across the connection.
Last edited:
L&LD, I appreciate your comment. As coxhaus says, we do not intend to share each other's LAN. Indeed data security is an important concern. If this cannot be reached, maybe the whole idea is not doable. I admit that my networking knowledge is very basic and the more I learn about it, also through this thread and my research that is stimulated by the comments here, the more questions arise especially about this aspect.
I started with seeing the necessity to have a backup ISP and the theoretical possibility to do this with my neighbor in an economical way, maybe by just allowing to connect to the other's WLAN. As you said very well, the second ISP would be quite expensive on the long run.
Then I found out about dual WAN routers.
Then tried to resolve the question how an interconnection could be built physically.
And now I am at the point that I realize that the physical interconnection is by far not all and that there are serious security questions.
I am on a budget, and having some basic knowledge and not being afraid to study, I am still hoping to learn enough to resolve these questions without a paid pro. At least I need to know sufficiently to be able to understand if a well working solution can be done which on the long run is more economical than simply contracting a 2nd ISP myself. Then maybe I could pay someone who helps me set it up.
Thus I really appreciate each and every comment that is bringing me a step forward
L&LD
Part of the Furniture
When each needs to get access to their networked equipment through their respective ISP's, they are sharing WAN's which means they will get access to the LAN too (or at least to specific devices).
If this is simply an exercise, call up your ISP and ask for a second WAN address (for a month, or until the knowledge is secured).
I understand the concern of being able to interfere with the other's LAN when sharing a WAN (which would happen only in case of failure of my own ISP).
The idea to ask my ISP for a second WAN address for a month may work where you live, but not in Panama.
Contracts have to be made for at least a year, no exceptions. The ISPs (in my area there are only two available) are not responsive to special requests and the only time I have been able to talk to one of their technicians (it was about port forwarding), I found out that I knew more than him and he gave me wrong and useless answers.
On the long run a second WAN address from the same ISP would of course be useless because when WAN1 fails, also WAN2 would fail.
I am trying to resolve as many questions on paper as possible before buying costly equipment or making new contracts with ISPs. I think this is how it should be done, not experimenting without sufficient previous knowledge. As I said, I am willing to study, but of course I cannot pass my next 3 years studying networking, just to resolve this single problem. So friendly voluntary help is appreciated.
L&LD
Part of the Furniture
There is no need for failure of the ISP for either party to interfere and compromise the other's LAN. The 'failure' is just something that can be invoked as needed. And with no control of who can be limited in accessing the neighbors WAN connection, the risk is very, very high in my view.
While I appreciate that a second IP address from a single ISP is useless for 'backup' purposes, that is an additional requirement to the learning aspect. Also, did I not understand properly that the neighbor has an identical ISP setup?
If backup ISP reliability is important, I still suggest making a 1, 2 or 3 year contract as needed with another ISP as you see fit to ensure connectivity to the world. Your course studies over the next three years depend on you having complete control of all aspects of the networks you are configuring or controlling. Sharing an ISP with your current neighbor and your requirements still sounds like a nightmare waiting to happen (for him or you).
To physically do what you have asked for is not a problem as many have already suggested possible solutions.
My contribution is to open your eyes that this plan is not without some potential serious downfalls.
Serious enough that I would not even attempt it as a test for even a week or yes, a day.
If they use separate networks for their LANs there will not be any sharing of the LAN unless you create static routes and create routing between LANs whether real networks or VLANs. The only thing they are sharing is the default gateway or default route. You need a default route which fails over to a second default route in case of failure. I guess a kind of default gateway of last resort.
L&LD
Part of the Furniture
That is not what is suggested or required. If my neighbor shares their WAN with me which I could enable and disable at will, I could conceivably connect to their LAN at my leisure. And they to mine.
This is past the default gateway mode. It is a physical connection to their network (through their WAN / router).
It is true once you have access to the internet on the other router there is nothing to stop you from using it by changing your default gateway at anytime.
The routers setup for admin access from the LAN DHCP network defined on the router. No other network will have access unless you allow it. This will be true for both routers. Your local LAN network would be protected. No user will be able to make changes to the router except the local network. There is also ACLs access control lists which will lock any holes that develop. You may need to create a network or VLAN to share from router to router to allow the flow of the default gateway that is not used for clients. It all depends on how you build it and the equipment capability. There is a lot of consumer gear which can't do this. But I think some of it can or maybe small business gear.
Maybe you want the fail over to be a manual process to where you need to call your friend to allow the back up service to work. This would stop any time access.
Similar threads
Similar threads
| Thread starter | Title | Forum | Replies | Date |
|---|---|---|---|---|
| D | Random WAN Link Drops RT-AX88U Pro w/ CM3000 | Routers | 0 | |
| O | Router that can handle 1000Mbit Full duplex WAN-LAN | Routers | 36 | |
| B | advice needed regarding a new wired router | Routers | 10 |