Connecting 2 LANs w/ Their own ISP, w/o access to each others ISP

[Chalkomilk]

My goal is to have 2 LAN, each with their own internet access. I need to be able to access files on the other LAN, but do not want the LAN to access the other LAN's internet connection.
I think eibgrad solved an issue very similar to mine early on in this thread. This is a picture of what i think the network will look like.

What i need to know is if his solution will allow the networks to access the other one's internet connection.

 

[bill001g]

No simple way to do this really. If you can not trust your users to not change configurations to attempt to access the other connection it becomes even harder.

What you can do is just hook the 2 routers lan together leaving 1 router the pretty much normal settings. On the second router setting the ip to something like 192.168.1.254...assuming the main router is using 192.168.1.1. You would need to disable the dhcp on the second router. The hard part of this is all the devices that you want to use router 2 you would have to manually assign ip addresses and set their gateway to 192.168.1.254. Kinda painful if lots of machines are involved.

Most other solution I would look at a firewall or maybe a dual wan router where you could put in lists of which users use which internet connection.

 

[Mark RM]

I use a pfSense firewall and create specific routes for internal and external connections.

I have a couple similar sites where client traffic uses a separate WAN connection and has it's own LAN and all the teleconference equipment is on on a different internal LAN with it's own separate WAN connectivity, yet there is an internal route that allows both internal LAN's to talk to each other. I just force outbound traffic from the different LAN's out to separate WAN's. It's especially easy because you define the gateways for each LAN and they are of course different.

 

[Chalkomilk]

No simple way to do this really. If you can not trust your users to not change configurations to attempt to access the other connection it becomes even harder.

What you can do is just hook the 2 routers lan together leaving 1 router the pretty much normal settings. On the second router setting the ip to something like 192.168.1.254...assuming the main router is using 192.168.1.1. You would need to disable the dhcp on the second router. The hard part of this is all the devices that you want to use router 2 you would have to manually assign ip addresses and set their gateway to 192.168.1.254. Kinda painful if lots of machines are involved.

Most other solution I would look at a firewall or maybe a dual wan router where you could put in lists of which users use which internet connection.

Don't have to worry about anyone messing with the settings. It's a home network, our rural Internet connection is limited to 1 megabit/s. One network is for my gaming systems, all hardwired and setting static addresses on 3 PC's is no big deal, the other is for the house wireless and Netflix.

With the routers set the way you're suggesting the computers set to static addresses will access Internet through that routers WAN port, and the devices connected to the other router (with DHCP turned on) will access the Internet from that routers WAN port? Am I correct on this?

 

[bill001g]

Yes the routers are stupid. If they get traffic on their lan port they will send it to the internet over the wan.

Now if you really want to be tricky you can actually use both connections on a single machine....not to increase bandwidth though.

You could for example send netflix traffic to 192.168.1.254 and yourtube traffic to 192.168.1.1. Kinda of tedious to setup but the ROUTE command will let you do lots of fancy stuff.

 

[Chalkomilk]

Yes the routers are stupid. If they get traffic on their lan port they will send it to the internet over the wan.

Now if you really want to be tricky you can actually use both connections on a single machine....not to increase bandwidth though.

You could for example send netflix traffic to 192.168.1.254 and yourtube traffic to 192.168.1.1. Kinda of tedious to setup but the ROUTE command will let you do lots of fancy stuff.

Are you saying yes, meaning any traffic that comes in on that router's LAN will go out the same router's WAN?
If so, that sounds like my solution!
If not, I have more questions.

Can access control be used to only allow a specific Mac address Internet access from router 2, and block that mac address on router 1? Will that Mac address still access both LANs? That should make all other traffic default to the ISP on router 1,preventing other devices on either network getting access to router 2's Internet connection.
Or am I just grasping at straws here?

 

[bill001g]

Well more specifically if the traffic goes to the gateway ip it will go out the wan. It could technically go though router 1 lan port into router 2 lan port and out. It is not a physical thing

If the router has the ability to classify and filter traffic by mac address you can do that. It only filters traffic that goes lan-wan it does not filter lan-lan traffic. The lan-lan traffic in most cases never leave the small switch chip so it never even goes to the router processor.