cancel
Showing results for 
Search instead for 
Did you mean: 

two routers DMZ and private networks help

LFNfan
Dabbler
Posts: 15
Registered: ‎08-08-2013

two routers DMZ and private networks help

Hi
I have two Thomson TG585v8s, set up per the attached pic (phone to router 1, cat5 from router 1 to router 2, router 2 to switch).  Goal is to have guests use the wireless from router 1, and have my private wired network securely behind router 2.  Problem is, I can't get internet to the network served by router 2.  Router config screen shots attached.
Any ideas how to get this setup working  very much appreciated.
16 REPLIES 16
paulmh5
Plusnet Alumni (retired)
Plusnet Alumni (retired)
Posts: 170
Registered: ‎11-04-2011

Re: two routers DMZ and private networks help

Chances are you will need to add some static routing to the boxes as the second one will expect its default GW to be via its DSL port and the first one won't know there is a network behind the second one.
ip rtadd dst x.x.x.x dstmsk x.x.x.x gateway x.x.x.x metric 0
Plusnet Staff - Lead Network Design/Delivery Engineer
pwatson
Rising Star
Posts: 2,470
Thanks: 8
Fixes: 1
Registered: ‎26-11-2012

Re: two routers DMZ and private networks help

You've got router 2 set for a PPPoA connection via its DSL port - That won't work.  You need a cable router (as opposed to an ADSL router) as router 2 and then connect one of the LAN ports on router 1 to the WAN port on router 2.
The routing advice above is only relevant if you want to access resources on the 'public' LAN from your 'private' one.
MisterW
Superuser
Superuser
Posts: 14,575
Thanks: 5,411
Fixes: 385
Registered: ‎30-07-2007

Re: two routers DMZ and private networks help

You could flash the 2nd router with the FTTC firmware, that will turn Lane port 4 into a Wan port. You will need to set it's Wan connection to DHCP so that it gets an IP from the primary router. Finally you will need to change the Lan subnet of the 2nd router from the default 192.168.1.x otherwise it will have the same subnet on both Wan & Lan.

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

LFNfan
Dabbler
Posts: 15
Registered: ‎08-08-2013

Re: two routers DMZ and private networks help

Thanks all.
I am unsure of my options!
Can I just add routing instructions?
Do I need a different or flashed router than the Thomson tg585 v8 ?
To clarify my aims, I would like a DMZ for guests to easily connect to wifi, and possibly also my music player, and for me to RDP to some files. I would like my private network to reside behind the second router's firewall and be invisible from the DMZ. At the same time, I would like to be able to reach out from the private lan in to the DMZ, and of course access the Internet.
Many thanks again.  Smiley
MisterW
Superuser
Superuser
Posts: 14,575
Thanks: 5,411
Fixes: 385
Registered: ‎30-07-2007

Re: two routers DMZ and private networks help

Aah' just noticed you have Tg585's , ignore my comment about flashing with fttc f/w that only applies to the Tg582n.

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

pwatson
Rising Star
Posts: 2,470
Thanks: 8
Fixes: 1
Registered: ‎26-11-2012

Re: two routers DMZ and private networks help

I was going to point you to another thread that discusses an option for this but then I noticed it was a previous thread from you Smiley
http://community.plus.net/forum/?topic=117397.msg1016124
Not entirely sure what you mean by 'RDP to some files' but you would be best served by a router with a Guest SSID.  As I said earlier, the second router you have is not suitable for this application and needs to be replaced with a 'cable router' rather than an 'ADSL router'.
LFNfan
Dabbler
Posts: 15
Registered: ‎08-08-2013

Re: two routers DMZ and private networks help

something like this?http://www.dabs.com/products/tp-link-300mbps-wireless-n-cable-router-4-port-switch-77RJ.html?q=cable...
It seems that an ADSL router is not the same thing as a cable router, and rarely shall the twain meet.  Although Paulmh5's initial suggestion is still interesting to me...
Many thanks
paulmh5
Plusnet Alumni (retired)
Plusnet Alumni (retired)
Posts: 170
Registered: ‎11-04-2011

Re: two routers DMZ and private networks help

Quote from: LFNfan
Although Paulmh5's initial suggestion is still interesting to me...

Feel free to try it, it wont cost you anything  Grin
Plusnet Staff - Lead Network Design/Delivery Engineer
LFNfan
Dabbler
Posts: 15
Registered: ‎08-08-2013

Re: two routers DMZ and private networks help

only my time...  Wink
should I add static routing to both boxes or only the 'private' one?  could you give me a bit more detail on the 'x.x.x.x's in telnet commands.
will the static routing bypass the firewall in the 'private' box?  In which case I will loose the benefit I'm looking for.
cheers
paulmh5
Plusnet Alumni (retired)
Plusnet Alumni (retired)
Posts: 170
Registered: ‎11-04-2011

Re: two routers DMZ and private networks help

Quote from: LFNfan
should I add static routing to both boxes or only the 'private' one?  could you give me a bit more detail on the 'x.x.x.x's in telnet commands.
will the static routing bypass the firewall in the 'private' box?  In which case I will loose the benefit I'm looking for.

I can't promise this will work but I am doing something loosely similar with a Thompson at home.
Yes you will need static routes on both boxes I suspect.
Its difficult for me to give you exact IPs without knowing the ones you have picked for your routers and LAN subnets.
No, static routes don't bypass firewalls it just helps the box move traffic in the right direction
On your internet facing router you will need something like this:
ip rtadd dst 192.168.1.0 dstmsk 255.255.255.0 gateway 172.16.0.254 metric 0

On your 'private' router you will need something like:
ip rtadd dst 0.0.0.0 dstmsk 0.0.0.0 gateway 172.16.0.1 metric 0


I suspect the problem you will have is that the second box (192) wont be able to route between two different networks on its 4 switch ports (as its a switch not a router across those 4).  You may be able to do something with the wireless and different DHCP pools but I've not really explored the CLI that deeply on them.  There are a lot of CLI help guides out there for Thompsons which may assist.
Plusnet Staff - Lead Network Design/Delivery Engineer
PeeGee
Pro
Posts: 1,217
Thanks: 84
Fixes: 3
Registered: ‎05-04-2009

Re: two routers DMZ and private networks help

I've not tried this, but it could work as you want Roll_eyes
Set up router 1:
- with (gateway/interface) address 192.168.x.y and netmask 255.255.255.0 *
- with (gateway/interface) address 10.a.b.c and netmask 255.255.255.0 *
- dhcp pool 1 with a range in subnet 192.168.x.0 , netmask 255.255.255.0 and gateway 192.168.x.y
- dhcp pool 2 with a range in subnet 10.a.b..0 , netmask 255.255.255.0 and gateway 10.a.b.c; with static addresses for the complete pool (use dummy MAC addresses for "spare" entries)
- wireless MAC filtering denying pool 2 wireless device MAC addresses **
Set up router 2:
- with an address 192.168.z.y and netmask 255.255.255.0 ***
- with an address 10.a.b.d and netmask 255.255.255.0 ****
- disable dhcp
- wireless MAC filtering allowing pool 2 wireless device MAC addresses
This effectively turns router 2 into a 4 port wireless access point
* the 585 has 192.168.1.254 and 10.0.0.138 as defaults - most (semi-knowledgeable users) would expect 192.168 series addresses to be issued
** you can turn off filtering for test/setup purposes
*** this prevents access from pool 1 devices
**** use this address for router 2 configuration
Plusnet FTTC (Sep 2014), Essentials (Feb 2013); ADSL (Apr 2009); Customer since Jan 2004 (on 28kb dial-up)
Using a TP-Link Archer VR600 modem-router.
LFNfan
Dabbler
Posts: 15
Registered: ‎08-08-2013

Re: two routers DMZ and private networks help

Thanks all.
Given my limited technical abilities, I think I will abandon the adsl and adsl setup, and go for an adsl and cable router solution. If anyone is able to confirm I am on the right track with the cable router I linked to in post 7 above, that'd be great.
PeeGee
Pro
Posts: 1,217
Thanks: 84
Fixes: 3
Registered: ‎05-04-2009

Re: two routers DMZ and private networks help

The TL-WR841N will do the job for you, just plug it in and it should configure for you (just ask if you need additional help Wink ). If you need/want a gigabit LAN, the TL-WR1043ND (which I use) is an option, but about twice the price. Others recommend the ASUS models, but are more expensive again Shocked
Plusnet FTTC (Sep 2014), Essentials (Feb 2013); ADSL (Apr 2009); Customer since Jan 2004 (on 28kb dial-up)
Using a TP-Link Archer VR600 modem-router.
adagio
Grafter
Posts: 196
Registered: ‎03-04-2008

Re: two routers DMZ and private networks help

Quote from: LFNfan

Given my limited technical abilities, I think I will abandon the adsl and adsl setup, and go for an adsl and cable router solution.

If you are going to buy a new router you could get a modem/router with "Guest Access" e.g. Netgear DGN1000.