Help setting up a home network that accesses internet though a wireless bridge

[James266]

I am fairly new to setting up networks and have managed to coble something together that works but now want make it a bit better.

I share my internet connection with my neighbours due to the location we live in we can only get 1 connection.

I have setup a wireless bridge from my neighbours connection (A) to my network using a pair of D'link DWL2100AP, that I will call (B) and (C).

That is then connected to (D) a Netgear DG934G acting as a wireless access point and a wired switch that I use to connect all my home devices to.

The question that I need help with is that whilst I have all the PC's on my network able to connect to the internet it is open to anyone on the main network to be able to connect to it, I think this is the case as the DHCP is done by switch (A) . As I have a NAS drive on this network I dont want it visible to anyone. Is there any way I can make a private network and then just show my switch (D) on the main network?

I have essentially just extended network (A) but what I want to do is build a separate network and then just connect them through some kind of gateway that acts like a firewall/access control.

I dont know if this can be done with the hardware that I have but if not then what do I need?

 

[thiggins]

If I understand your setup correctly, the easiest thing to do is cake the output from your end of the bridge (C) and connect it to the WAN port of a wireless router. Then all of your wireless and wired clients will not be accessible from the upstream network.

 

[James266]

What does cake the output mean?

The (C) bridge is wired to the router (D) already. I've drawn a rough network diagram and attached it.

 

[thiggins]

Sorry. That's "take".

The router is already connected properly. The NETGEAR router will be serving DHCP and preventing anyone upstream from accessing your local network.

Just make sure that the DG934G is set to a different IP range than the main network. Example, if the main network is 192.168.A.x, then set yours to 192.168.B.x where B is between 1 and 254

 

[James266]

The Netgear router is not doing DHCP at the moment though. The main router (A) is.

I thought that to be able to get internet access from the PC connected to the netgear router you had to allow the main router (A) to serve DHCP?

Ill try it when I get home and see what happens.

 

[thiggins]

The Netgear router is not doing DHCP at the moment though. The main router (A) is.

I don't see how that would happen if the second router really is functioning as a router.

I thought that to be able to get internet access from the PC connected to the netgear router you had to allow the main router (A) to serve DHCP?

No. As long as the second router gets the proper Gateway and DNS server info from the Internet-connected router, the clients behind the second router will be able to find their way to the Internet.

 

[James266]

The Netgear router is definately not serving DHCP (as I disabled it) so might not actually be acting as a router then. That was my concern that it is only a pass through and hence not providing any kind of security.

What info do I need I need to configure the netgear as a proper router then and does it require me to link the 2 routers together in any way like when I made the wireless bridge?

Sorry for all the questions but this is the first time that I have done anything like this so Im still learning

 

[thiggins]

You may need to replace the DG934G. From what I can tell it doesn't have an Ethernet WAN port.

- Replace the DG934G with a wireless router with an Ethernet WAN port

- Make sure it uses a different IP address range from the upstream LAN as I described before

- Set the new router WAN port method to DHCP (it probably defaults to this)
and connect the router WAN port to the DWL2100AP

- Associate your wireless clients with the new AP and do a connection repair/Diagnose on your wired clients.

 

[James266]

Thanks. I have now tried what you suggested and it doesn't seam to work.

After a bit of research I have concluded that the Netgear doesnt have a WAN port, even though when you log onto it it has the option for "WAN setup" but its just a tick box with no options and when I click it it warns me that "in my current setup activating this will have no effect"

Can you advise on any old routers that would work and I could pick up from ebay cheaply?

I do have another router a BT Home Hub 2.0A but its not just a repackaged product from a larger manufacturer and Im not sure how much use it will be yet.

 

[sfx2000]

I am fairly new to setting up networks and have managed to coble something together that works but now want make it a bit better.

I share my internet connection with my neighbours due to the location we live in we can only get 1 connection.

I have setup a wireless bridge from my neighbours connection (A) to my network using a pair of D'link DWL2100AP, that I will call (B) and (C).

from the diagram and the discussion above, we assume that the link to your lan is behind a router...

That is then connected to (D) a Netgear DG934G acting as a wireless access point and a wired switch that I use to connect all my home devices to.

ok, the DG934G is a DSL gateway/router - likely the WAN port is a telecom and not ethernet - not the right device for your needs...

The question that I need help with is that whilst I have all the PC's on my network able to connect to the internet it is open to anyone on the main network to be able to connect to it, I think this is the case as the DHCP is done by switch (A) . As I have a NAS drive on this network I dont want it visible to anyone. Is there any way I can make a private network and then just show my switch (D) on the main network?

This is due to

1) the bridged link is a layer 2 connection, and your DG934G is acting as a switch, so
2) your network is part of your neighbour's local area network...

I have essentially just extended network (A) but what I want to do is build a separate network and then just connect them through some kind of gateway that acts like a firewall/access control.

I dont know if this can be done with the hardware that I have but if not then what do I need?

ok... easy solution - find another router... one that supports an Ethernet WAN port that one would connect to a DSL/Cable modem...

Connect your new router the bridge, let it get a DHCP address - make a note of that address - likely, with most home network gear, it will be 192.168.1.xxx or 192.168.0.xxx - in any event, you should base your network on a different pool of addresses...

Let's say for discussion, the WAN port is assigned 192.168.1.106 from the upstream router - what you want to do then, is use 192.168.2.xxx for your addressing inside your LAN/WLAN - easiest way to do this is to let your new router be a DHCP host - set it to start assigning addresses (again just as an example) 192.168.2.5 and above, check the instructions... then set your LAN clients to get addresses using DHCP.

For your NAS, once you've set a DHCP range in the new router, set the NAS as a static IP address, again using the example above, to 192.168.2.2, subnet mask of 255.255.255.0, and a gateway of 192.168.2.1...

DNS - you can either let the upstream router supply these, or you can try google's public DNS (8.8.8.8/8.8.4.4) or OpenDNS (208.67.222.222/208.67.220.220) - there are others, but these are fairly common...

best of luck - again, swap out the DG934G for a different router and you should be good to go.

 

[James266]

Thanks for you help and the clarification. I didn't realise that a router could sit behind another router and assign DHCP. I thought that the main router had to assign all DHCP IPs.

I will try and buy a router that has a WAN port and then try and set it up again.

 

[stevech]

Thanks for you help and the clarification. I didn't realise that a router could sit behind another router and assign DHCP. I thought that the main router had to assign all DHCP IPs.

I will try and buy a router that has a WAN port and then try and set it up again.

that's called double-NATing and is not recommended. If you're trying to improve coverage, use an access point (AP) which can be purchased, or any router can be re-purposed as an AP (the WAN port goes unused, and DHCP is disabled).

 

[James266]

Why is double-NATing not recommended?

Im not trying to just extend a network Im trying to build a sub-network that cant be accessed upstream.

 

[thiggins]

Double NATing works just fine. It's how I run my network. The main disadvantage comes if you want to make services on your LAN available from the Internet. Then you need to configure two firewalls.

 

[stevech]

and double-NATing is complicated to troubleshoot and maintain if you are not highly tech-savvy.

There's also small added delay in packets, especially important for streaming video, because the 2nd level NAT has to flow packets through the router for the WAN port, whereas without single level NAT, intra-PC packets flow only through the switch portion of the common wifi router.

 

[thiggins]

and double-NATing is complicated to troubleshoot and maintain if you are not highly tech-savvy.

That's not my experience, but yours may vary. I run triple NAT during testing with no problems.

There's also small added delay in packets, especially important for streaming video, because the 2nd level NAT has to flow packets through the router for the WAN port, whereas without single level NAT, intra-PC packets flow only through the switch portion of the common wifi router.

I don't follow your logic here. Why would packets need to touch the WAN port for LAN-based streaming?

For streaming from the Internet, yes, packets must go through two routers. But delays are negligible. Even if there were a big delay, as long as it was constant, there would be no problem streaming video. VoIP yes. Streaming video, no.

 

[stevech]

the delay for double-NATing, I think, can be significant because the router's CPU must manage the packet queue list for WAN port traffic. It's not done in hardware as it is for the LAN switch ports' traffic (intra-LAN).

The packets per second forwarding rate for the CPU-driven WAN port is on the order of 1/10th or 1/100th that of the switch for the LAN ports.

But yes, for Netflix from the Internet, at it's low bit rate (like 1-3Mbps), the double-NAT is likely fine. However, streaming HD1080 from a home media server through a second router is not something I'd recommend.

 

[keenanj]

The easiest way to do it is set to NAT mode and plug lan port from 1st router into wan port on second. make sure they are both on different networks. you will have double NAT but most everything should work.

if you use router mode on the second you need to have static routes set on the first router to get it working.