Three routers connected to a single internet link yet struggle to keep each network isolated?
Three routers connected to a single internet link yet struggle to keep each network isolated?
Hi there everyone. I have two rentals close to my house. I connected Ethernet cables from my main router at home to each location, using the WAN ports. Each rental has an Archer A7. I assumed that since my home router connects to the other two routers’ WAN ports, each network would be private and only the internet shared. I might have set it up wrong. My main router IP is 192.168.0.1, which gives me the internet for Rental 1 (IP 192.168.1.1) and Rental 2 (IP 192.168.2.1). The problem is that both rentals can ping all devices on my home network. My computer on the home network has an IP of 192.168.0.212. When I plug my laptop into a rental, its IP is 192.168.1.144, but it still can ping my home PC at 192.168.0.212. I remember setting Netgear routers this way before and each network was private. Any advice would be really helpful. Thanks!
The rental router belongs to both networks because it gets an IP address from your router (like 192.168.0.x). It can forward data between 192.168.1.x and 192.168.0.x. You’ll have to configure firewall settings on the router to block unwanted traffic that isn’t meant for the internet when coming from the second router’s port. This is usually not possible with a basic model. It seems your configuration matches what you described. When Rental PC1 tries to reach Home PC, it sends the request through Rental 1 since it can’t connect directly to the IP and that’s its default gateway. Because the router shares the same network as the Home PC, it can still access the device. You’ll need to adjust the setup so Rental 1 isn’t on the same network and stop the ISP router from bridging the two networks. This would demand a more advanced router than your standard ISP model.
modem -> 'shared net' shared net -> router's WAN shared net -> rental 1 WAN shared net -> rental 2 WAN everything on 'shared net' essentially refers to public internet access. With this setup, it’s important to note that depending on your location, this arrangement may impose certain obligations regarding how your rentals use their connection. It might be more practical to request the ISP to include additional modems at their own expense.
The optimal approach is to purchase or construct a PFSense or OPNsense router equipped with four ports—one for WAN and three for LAN. Configure firewall rules to maintain distinct separation between the three networks. Utilize switches, access points, or routers operating in access point mode to spread each device across the network. Technically, VLANs could also be implemented if your hardware supports it.
Consider purchasing an affordable Ubiquiti Edge Router and divide the connections, permitting only the desired traffic.
Renters should be responsible for their own internet service, though sharing your connection is possible. Using a specialized router such as a pfSense device or an edge router provides better management, allowing you to set up separate networks with dedicated VLANs.
This matches the exact configuration you described. Switching to five static IP addresses on the WAN side should resolve the problem, though spectrum’s pricing is quite high. I’m considering a managed VLAN switch as my next step. Thanks for the helpful flow diagram—where did you get this?
I opted for draw.io for that task (links to https://app.diagrams.net/). Certainly, the manual switch should handle it.