Two subnets configuration

Sorry the diagram did not format nicely.
Here is another attempt at describing the network.

WAN -> Modem <--> Switch input port.
Switch Port 1 --> WAN port on router 1.
Switch port 2 --> WAN port router 2

IP address for router 1 is 192.168.1.1
Router 1 will be a DNS serving up an address range for 192.168.1.100 to 192.168.1.105
The net mask for the Router is 255.255.255.0. The netmask for the PC's will be 255.255.255.0

Router2 IP address is 192.168.2.1
Router 2 will be a DNS serving up an address range of 192.168.2.100 to 192.168.2.105
The net mask for the Router is 255.255.255.0. The netmask for the PC's will be 255.255.255.0

sounds like you need a third router, which will be the gateway for the two routers you already have.

No, even though there on two separate subnets, they can still see each other if you have a Routing Protocol. Like RIP, OSPF, and etc. Routing Protocols are protocols used to communicate with other routers. Believe me I took Cisco Computer Networking class, that's my major. Oh, by the way the above person is right, but you need to set up three routers and use the same Routing Protocol on all three routers.

Hello all.
I am wanting to connect two subnets so they can't see each other but each can get out to the web through a common single modem line.
I have two routers but I believe I need another device to support two separate subnets.
I am hoping a knowledgeable somebody will be able to confirm my design.

Modem
WAN <--> Switch ---| WAN port IP address range for ports
|----- Router1 192.168.1.1 ----> 192.168.1.100 to 192.168.1.105
| mask 255.255.255.0
|
| WAN Port
|-----Router2 192.168.2.1 ----> 192.168.2.100 to 192.168.2.105
mask 255.255.255.0

I believe this setup would allow both routers to get the WEB but would it prevent a PC on
router two from seeing a PC on router 1?

Thanks for your help with this.

Tkman.

what will prevent nodes from either network from communicating with nodes from the other is a firewall set up on both internal routers.

Or he can set up all three routers and use the same Routing Protocol. That can also work. Letting PC1 to see PC2. Because the router can create a routing table and it will display the two subnets. Oh, and also he needs to setup the third router as the gateway.

I thought he didn't want the two networks to be able to connect, only share a web gateway

The core requirements are:
1. Both subnets can get to the web.
2. One subnet is totally isolated from the other. There's a catch here. It is OK for subnet1 to see subnet 2 but it is not ok for subnet 2 to see subnet1.

Here's the functional reason.
There is only one WAN connection for both subnets.
One subnet is located in a customer area where anyone may sit down and use the connections.

The other is an employee subnet.

I don't want the customers to be able to access the employees LAN but it's not as critical that the employees are blocked from the customer LAN.

Do I really need 3 devices for this?
Could I not have the routers daisy chained.
Router 1 can be connected to the WAN modem and be given an ip address like 192.168.1.1 and do DNS for 192.168.1.100 to 192.168.1 105. I'll call this subnet1. I want this subnet to be able to allow connections from the full IP range 100 to 115 out to the web.
Router 1 would be a firewall to the outside WAN.

Router 2 could be connect to a line port on router 1 and be given an address like 192.168.1.106 and serve up addresses like 192.168.110 to 115. I'll call this subnet2
Router 2 would be a firewall to subnet2.

With a configuration like this I would think it is easier to have subnet2 the protected one that can not be seen from subnet1.
So how do I keep subnet 1 systems from seeing subnet 2?
Router2 could be configured to allow only IP addresses from 110 to 115. This can be done with forwarding restraints or the use of MAc address filtering.

The other option I would think is to introduce a switch before the two routers (this could be another router but a switch would be sufficient) and then the routers can do their thing with each using a different address space and blocking others.
So in this situation I could have
- router1 with address 192.168.1.1 serving addresses 192.168.1.100 to 192.168.1.105
- router2 with address 192.168.2.1 serving addresses 192.168.2.100 to 192.168.2.105
With each router they would be configured to only accept LAN connections from the accepted range.

These seem to be the two potential solutions.
I am just trying to configure the first option with two routers and am not having success.
I can not get the first router to talk to the second router and thus the systems on the second router can not get out to the web.
For my test setup I have a Linksys wired 4 port router that is router1. It has address 192.168.1.1 and serves addresses in the range of 192.168.1.100 to 192.168.1.105. this model has a DHCP tab where I have enabled DHCP server and specify the starting address of 192.168.1.100 and allow up to 6 connections.

Router2 is Trendnet wireless router with 4 wired ports. I have disabled the wireless router function and am just working with the wired ports. This is where it gets tricky. I have to give it a LAN address and either enable or disable the DHCP function. I have given it an address of 192.168.1.105 and allowed it to serve up 192./168.1.110 to 192.168.1.115.
Under the WAN setting I have selected Obtain an IP address automatically. I have also tried specifying the ip address but neither seem to work.
router 1 does not seem to see router two.

Thus I am beginning to believe the second option may be the easier way.

the daisy chaining seems like a valid option as well
but it is less secure

sounds like you need a third router, which will be the gateway for the two routers you already have.

OK I think you are correct. I would not be able to put a switch in here since either router could try and connect to the WAN and block the other. I think a router would be better than a switch.

Even with that I was thinking two routers should be able to be configured to do what I want.

Thanks for your suggestion.

tkman

Am curious...did you get a solution for this?

Hello defiant42, its not likely you are going to get a response from tkman. His last activity on this site was 4 years ago.