A single fiber connection linking two networks, explained simply.
A single fiber connection linking two networks, explained simply.
Hello everyone, I shared this on Reddit but found it a bit technical. I’m new to networking and don’t want to get lost in all the details. If you can clarify things or suggest some options, that would be great. Here’s what I’m dealing with: I rent an extra room on my property and can’t set up my own internet connection for personal use. The ISP says it’s too costly to install their own network there, so they’re refusing. I want a private connection separate from theirs—so no one can see what I’m doing or what devices are connected. This is important because I plan to add smart home gadgets and a NAS, and I’d prefer they shouldn’t have access. My landlord is okay with me handling this myself, so I need a solution and some recommendations.
My first thought was to get several static IP addresses for the building, but the ISP doesn’t offer that, which complicates things. Ideally, I’d connect two routers in a line—main router on one side, another on the other—and set them up as separate networks. I think a firewall on each network would help keep them isolated. I’ve heard about VLANs and Ubiquiti gear, but their options aren’t very clear for someone new.
If the connection is gigabit speed and split among five people—me in the annexe and four in the main house—I’d need at least 300 Mbps or more. If that’s possible, I’m fine with splitting bandwidth between networks. In short, how should I spend my landlord’s money to get reliable internet?
The easiest approach is to purchase three routers: one for connecting to the ISP, and two additional ones for each household. This setup creates a private network with internet access while keeping other networks invisible. You only need minimal configuration and simply plug the devices in. This method also works with advanced routers such as UniFi, PF-Sense, OpenNMS, Untangle, and similar devices. However, it may require more effort to configure compared to simpler setups.
You’d need two separate networks instead of relying on VLANs between them. Avoiding double NAT is better, as it simplifies management and reduces potential issues. Setting up a system like Unifi with firewall rules for each VLAN would be the best approach.
I've encountered some challenges with double nat configurations. Many setups have worked fine, and ISPs typically handle this without problems. You might also be mixing up VLANs and subnets. It's straightforward to configure separate subnets here without using VLANs. VLANs are only necessary when you need to share an Ethernet cable or combine multiple networks on one cable.
You're suggesting a setup where a router is connected to your existing network, and a separate router is installed at your location. This would allow you to maintain your current connection while having a distinct network for your own devices.
I only worry about preventing access to my network. That means no TV casting, music playback on speakers, or file access from NAS. I don’t need streaming or browsing online unless I want it. For splitting inbound connections, what routers would work? Also, is there a way to establish wireless links between the main building and annexe without digging up cables? There’s power conduit available, but I’m considering fiber might raise costs too much. Copper near mains isn’t an option.
Focusing on LAN communication—like trying to link to a networked printer. I’ve had my head bumped against walls more than once because people forgot about double NAT. It’s easy enough, but it’s risky. I use these terms loosely, so if there’s a difference, it’s your call. Networking isn’t my specialty, yet I’m aware of the risks involved.
Absolutely, I recall that video well! It might be better for my landlord to install a dish on the side of the building instead of digging trenches. It's quite convenient, only about 3 meters away. This has proven to be more helpful than what I found on Reddit, where it mostly turned into a bunch of acronyms.
I'm curious about these issues? Having double nat should affect lan communications at all. You can run into issues if some devices are on the other side of the router, but for OPs use case this should work well. If all you care about is them not seeing your devices, just plug your router into your network and your good. You can see their devices though. Basically any home router would work here. If the ISP has one included I'd use that. I'd run cable if you can, its gonna be more reliable. But there should be a good amount of point to point options. Make sure you have line of sight between the buildings. Fiber between buildings is really cheap and I'd pull it next to power(IDK about your code and if it allows this, but the fiber won't care being next to power.