Connecting two subnets with routerCommunicating between 2 different local subnetsconnecting two wireless...

Why doesn't the EU now just force the UK to choose between referendum and no-deal?

Current sense amp + op-amp buffer + ADC: Measuring down to 0 with single supply

How to make healing in an exploration game interesting

Should we release the security issues we found in our product as CVE or we can just update those on weekly release notes?

Informing my boss about remarks from a nasty colleague

How could a female member of a species produce eggs unto death?

Why did it take so long to abandon sail after steamships were demonstrated?

When do we add an hyphen (-) to a complex adjective word?

Sword in the Stone story where the sword was held in place by electromagnets

Running a subshell from the middle of the current command

Who is our nearest planetary neighbor, on average?

An Accountant Seeks the Help of a Mathematician

Does splitting a potentially monolithic application into several smaller ones help prevent bugs?

What has been your most complicated TikZ drawing?

Ban on all campaign finance?

PlotLabels with equations not expressions

Splitting string ID code into various parts

How is the Swiss post e-voting system supposed to work, and how was it wrong?

My adviser wants to be the first author

Have researchers managed to "reverse time"? If so, what does that mean for physics?

How to deal with taxi scam when on vacation?

Brexit - No Deal Rejection

Is having access to past exams cheating and, if yes, could it be proven just by a good grade?

Replacing Windows 7 security updates with anti-virus?



Connecting two subnets with router


Communicating between 2 different local subnetsconnecting two wireless gateways routersHow to setup two-way routing with Tomato Wireless Client mode (different subnets)Split a LAN with a low-end routerRouter behind routerAllow two subnets to talk to each other over a wireless bridgePrimary router routes everything through secondary routerHow to configure a router with integrated switch to connect two different subnets?Connecting two subnetsWhy does this work?













2















I'm trying to share a couple printers on two subnets and I keep running into issues. I'm trying to figure out the best way to achieve this while maintaing a public and private subnet.



Please refer to this diagram.



On the router inbetween LANs I've disabled DHCP and given it a static IP from the Wireless Router. I've been trying to forward ports for the printers through this router but since it is not acting as a DHCP server nothing seems to be going through.



I am able to connect to the remote management port (8080) from the wireless subnet (192.168.1.0/24) but nothing else.



Please advise and let me know if there is more information I can provide.



I want both LANs to have internet access, but I do not want the Public LAN to be able to access anything on the Private LAN except for the printer.



The OpenBSD machine has two interfaces currently which are used, we may have extra hardware kicking around that could be utlized if necessary.



The Wireless Router is a Cisco DPC3825, and I can log into it.



The router I am attempting to use to connect the LANs is an old LinkSys WRT54G.










share|improve this question

























  • It may be useful to provide a diagram and explanation of what you are trying to do. Can you confirm you want to have a LAN with Internet access, in addition to Wireless connection on a network which is publicly accessible but should not be able to access the private subnet? Also - how many interfaces are there on your OpenBSD machine, and what can you tell us about the Wireless router (ie make, model, can you log into it or is it ISP equipment ?) [ There are at least 2 solutions to this problem, assuming I understand it correctly ]

    – davidgo
    Nov 9 '15 at 1:07











  • Thanks for the reply, @davidgo. I've updated my question and added a network diagram.

    – Hyshka
    Nov 9 '15 at 4:05
















2















I'm trying to share a couple printers on two subnets and I keep running into issues. I'm trying to figure out the best way to achieve this while maintaing a public and private subnet.



Please refer to this diagram.



On the router inbetween LANs I've disabled DHCP and given it a static IP from the Wireless Router. I've been trying to forward ports for the printers through this router but since it is not acting as a DHCP server nothing seems to be going through.



I am able to connect to the remote management port (8080) from the wireless subnet (192.168.1.0/24) but nothing else.



Please advise and let me know if there is more information I can provide.



I want both LANs to have internet access, but I do not want the Public LAN to be able to access anything on the Private LAN except for the printer.



The OpenBSD machine has two interfaces currently which are used, we may have extra hardware kicking around that could be utlized if necessary.



The Wireless Router is a Cisco DPC3825, and I can log into it.



The router I am attempting to use to connect the LANs is an old LinkSys WRT54G.










share|improve this question

























  • It may be useful to provide a diagram and explanation of what you are trying to do. Can you confirm you want to have a LAN with Internet access, in addition to Wireless connection on a network which is publicly accessible but should not be able to access the private subnet? Also - how many interfaces are there on your OpenBSD machine, and what can you tell us about the Wireless router (ie make, model, can you log into it or is it ISP equipment ?) [ There are at least 2 solutions to this problem, assuming I understand it correctly ]

    – davidgo
    Nov 9 '15 at 1:07











  • Thanks for the reply, @davidgo. I've updated my question and added a network diagram.

    – Hyshka
    Nov 9 '15 at 4:05














2












2








2








I'm trying to share a couple printers on two subnets and I keep running into issues. I'm trying to figure out the best way to achieve this while maintaing a public and private subnet.



Please refer to this diagram.



On the router inbetween LANs I've disabled DHCP and given it a static IP from the Wireless Router. I've been trying to forward ports for the printers through this router but since it is not acting as a DHCP server nothing seems to be going through.



I am able to connect to the remote management port (8080) from the wireless subnet (192.168.1.0/24) but nothing else.



Please advise and let me know if there is more information I can provide.



I want both LANs to have internet access, but I do not want the Public LAN to be able to access anything on the Private LAN except for the printer.



The OpenBSD machine has two interfaces currently which are used, we may have extra hardware kicking around that could be utlized if necessary.



The Wireless Router is a Cisco DPC3825, and I can log into it.



The router I am attempting to use to connect the LANs is an old LinkSys WRT54G.










share|improve this question
















I'm trying to share a couple printers on two subnets and I keep running into issues. I'm trying to figure out the best way to achieve this while maintaing a public and private subnet.



Please refer to this diagram.



On the router inbetween LANs I've disabled DHCP and given it a static IP from the Wireless Router. I've been trying to forward ports for the printers through this router but since it is not acting as a DHCP server nothing seems to be going through.



I am able to connect to the remote management port (8080) from the wireless subnet (192.168.1.0/24) but nothing else.



Please advise and let me know if there is more information I can provide.



I want both LANs to have internet access, but I do not want the Public LAN to be able to access anything on the Private LAN except for the printer.



The OpenBSD machine has two interfaces currently which are used, we may have extra hardware kicking around that could be utlized if necessary.



The Wireless Router is a Cisco DPC3825, and I can log into it.



The router I am attempting to use to connect the LANs is an old LinkSys WRT54G.







networking router port-forwarding dhcp switch






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 18 '17 at 19:09









Donald Duck

1,47361831




1,47361831










asked Nov 8 '15 at 23:21









HyshkaHyshka

135




135













  • It may be useful to provide a diagram and explanation of what you are trying to do. Can you confirm you want to have a LAN with Internet access, in addition to Wireless connection on a network which is publicly accessible but should not be able to access the private subnet? Also - how many interfaces are there on your OpenBSD machine, and what can you tell us about the Wireless router (ie make, model, can you log into it or is it ISP equipment ?) [ There are at least 2 solutions to this problem, assuming I understand it correctly ]

    – davidgo
    Nov 9 '15 at 1:07











  • Thanks for the reply, @davidgo. I've updated my question and added a network diagram.

    – Hyshka
    Nov 9 '15 at 4:05



















  • It may be useful to provide a diagram and explanation of what you are trying to do. Can you confirm you want to have a LAN with Internet access, in addition to Wireless connection on a network which is publicly accessible but should not be able to access the private subnet? Also - how many interfaces are there on your OpenBSD machine, and what can you tell us about the Wireless router (ie make, model, can you log into it or is it ISP equipment ?) [ There are at least 2 solutions to this problem, assuming I understand it correctly ]

    – davidgo
    Nov 9 '15 at 1:07











  • Thanks for the reply, @davidgo. I've updated my question and added a network diagram.

    – Hyshka
    Nov 9 '15 at 4:05

















It may be useful to provide a diagram and explanation of what you are trying to do. Can you confirm you want to have a LAN with Internet access, in addition to Wireless connection on a network which is publicly accessible but should not be able to access the private subnet? Also - how many interfaces are there on your OpenBSD machine, and what can you tell us about the Wireless router (ie make, model, can you log into it or is it ISP equipment ?) [ There are at least 2 solutions to this problem, assuming I understand it correctly ]

– davidgo
Nov 9 '15 at 1:07





It may be useful to provide a diagram and explanation of what you are trying to do. Can you confirm you want to have a LAN with Internet access, in addition to Wireless connection on a network which is publicly accessible but should not be able to access the private subnet? Also - how many interfaces are there on your OpenBSD machine, and what can you tell us about the Wireless router (ie make, model, can you log into it or is it ISP equipment ?) [ There are at least 2 solutions to this problem, assuming I understand it correctly ]

– davidgo
Nov 9 '15 at 1:07













Thanks for the reply, @davidgo. I've updated my question and added a network diagram.

– Hyshka
Nov 9 '15 at 4:05





Thanks for the reply, @davidgo. I've updated my question and added a network diagram.

– Hyshka
Nov 9 '15 at 4:05










1 Answer
1






active

oldest

votes


















1














The network you have seems to me to be unneccessarily complex and difficult to maintain. For the cost of an extra NIC in the OpenBSD server you can have a system which is much easier to control and maintain - and - I suspect - more secure as there is only 1 possible path onto the Internet for the Wireless router.



What I propose a solution along the following lines: (Excuse the very quick diagram)



enter image description here



The idea here is to have the OpenBSD box handling all the routing for everything.



Disable DHCP on the Wifi router (actually disable everything, turn it into an Access Point), and run DHCP on the OpenBSD server for both the Protected and Guest Interfaces.



Put each Interface on a seperate subnet (for example 192.168.100.0/24 and 192.168.101.0/24), so that in order for the unprotected stuff to communicate with the protected stuff (or the world) it needs to go through the OpenBSD server.



Do firewalling on the OpenBSD router to prevent unwanted communication.



You can do policy routing if, for example, you want the Wifi router to only use one of the 2 modems). Of-course, depending on your Link aggregation router you may have some work to do there - or indeed, you may want to get rid of it altogether and set your OpenBSD box to do the aggregation routing.



I note that I put the printer behind the Wifi Router = unprotected network. This makes the protected network more secure as it means that you don't need to allow connections from the unprotected network into the protected network. The flip side is it makes setting up printers on the protected network a bit harder as they won't be able to scan the subnet. The alternative would be to put the printers in the protected network and allow the unprotected network to access the printer through the firewall.



I note that I've done this using an additional Network card in the OpenBSD server. An alternative solution if your printer is VLAN cpabale would be to keep with 2 nic, and then use VLANS on the switch to designate each network. This makes management easier and requires less hardware - but does make the assumption that VLANS are secure - an assumption which is open to question. If you go this route, and have a fancy printer, you may be able to make the printer accessible through both VLANS so it is easy to install - but this will depend on the printer and may not be practical.



(I greatly prefer the VLAN solution, BTW - Also, while I have done pretty much all of this, I've never used OpenBSD seriously - my solutions are all Linux based)






share|improve this answer


























  • Thanks for your answer, @davidgo. Very thorough and I think it's a good solution. I was hesitant to modify the network topology but since I think it's the best way to do this now, I will consult with my client.

    – Hyshka
    Nov 9 '15 at 15:26











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f997898%2fconnecting-two-subnets-with-router%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









1














The network you have seems to me to be unneccessarily complex and difficult to maintain. For the cost of an extra NIC in the OpenBSD server you can have a system which is much easier to control and maintain - and - I suspect - more secure as there is only 1 possible path onto the Internet for the Wireless router.



What I propose a solution along the following lines: (Excuse the very quick diagram)



enter image description here



The idea here is to have the OpenBSD box handling all the routing for everything.



Disable DHCP on the Wifi router (actually disable everything, turn it into an Access Point), and run DHCP on the OpenBSD server for both the Protected and Guest Interfaces.



Put each Interface on a seperate subnet (for example 192.168.100.0/24 and 192.168.101.0/24), so that in order for the unprotected stuff to communicate with the protected stuff (or the world) it needs to go through the OpenBSD server.



Do firewalling on the OpenBSD router to prevent unwanted communication.



You can do policy routing if, for example, you want the Wifi router to only use one of the 2 modems). Of-course, depending on your Link aggregation router you may have some work to do there - or indeed, you may want to get rid of it altogether and set your OpenBSD box to do the aggregation routing.



I note that I put the printer behind the Wifi Router = unprotected network. This makes the protected network more secure as it means that you don't need to allow connections from the unprotected network into the protected network. The flip side is it makes setting up printers on the protected network a bit harder as they won't be able to scan the subnet. The alternative would be to put the printers in the protected network and allow the unprotected network to access the printer through the firewall.



I note that I've done this using an additional Network card in the OpenBSD server. An alternative solution if your printer is VLAN cpabale would be to keep with 2 nic, and then use VLANS on the switch to designate each network. This makes management easier and requires less hardware - but does make the assumption that VLANS are secure - an assumption which is open to question. If you go this route, and have a fancy printer, you may be able to make the printer accessible through both VLANS so it is easy to install - but this will depend on the printer and may not be practical.



(I greatly prefer the VLAN solution, BTW - Also, while I have done pretty much all of this, I've never used OpenBSD seriously - my solutions are all Linux based)






share|improve this answer


























  • Thanks for your answer, @davidgo. Very thorough and I think it's a good solution. I was hesitant to modify the network topology but since I think it's the best way to do this now, I will consult with my client.

    – Hyshka
    Nov 9 '15 at 15:26
















1














The network you have seems to me to be unneccessarily complex and difficult to maintain. For the cost of an extra NIC in the OpenBSD server you can have a system which is much easier to control and maintain - and - I suspect - more secure as there is only 1 possible path onto the Internet for the Wireless router.



What I propose a solution along the following lines: (Excuse the very quick diagram)



enter image description here



The idea here is to have the OpenBSD box handling all the routing for everything.



Disable DHCP on the Wifi router (actually disable everything, turn it into an Access Point), and run DHCP on the OpenBSD server for both the Protected and Guest Interfaces.



Put each Interface on a seperate subnet (for example 192.168.100.0/24 and 192.168.101.0/24), so that in order for the unprotected stuff to communicate with the protected stuff (or the world) it needs to go through the OpenBSD server.



Do firewalling on the OpenBSD router to prevent unwanted communication.



You can do policy routing if, for example, you want the Wifi router to only use one of the 2 modems). Of-course, depending on your Link aggregation router you may have some work to do there - or indeed, you may want to get rid of it altogether and set your OpenBSD box to do the aggregation routing.



I note that I put the printer behind the Wifi Router = unprotected network. This makes the protected network more secure as it means that you don't need to allow connections from the unprotected network into the protected network. The flip side is it makes setting up printers on the protected network a bit harder as they won't be able to scan the subnet. The alternative would be to put the printers in the protected network and allow the unprotected network to access the printer through the firewall.



I note that I've done this using an additional Network card in the OpenBSD server. An alternative solution if your printer is VLAN cpabale would be to keep with 2 nic, and then use VLANS on the switch to designate each network. This makes management easier and requires less hardware - but does make the assumption that VLANS are secure - an assumption which is open to question. If you go this route, and have a fancy printer, you may be able to make the printer accessible through both VLANS so it is easy to install - but this will depend on the printer and may not be practical.



(I greatly prefer the VLAN solution, BTW - Also, while I have done pretty much all of this, I've never used OpenBSD seriously - my solutions are all Linux based)






share|improve this answer


























  • Thanks for your answer, @davidgo. Very thorough and I think it's a good solution. I was hesitant to modify the network topology but since I think it's the best way to do this now, I will consult with my client.

    – Hyshka
    Nov 9 '15 at 15:26














1












1








1







The network you have seems to me to be unneccessarily complex and difficult to maintain. For the cost of an extra NIC in the OpenBSD server you can have a system which is much easier to control and maintain - and - I suspect - more secure as there is only 1 possible path onto the Internet for the Wireless router.



What I propose a solution along the following lines: (Excuse the very quick diagram)



enter image description here



The idea here is to have the OpenBSD box handling all the routing for everything.



Disable DHCP on the Wifi router (actually disable everything, turn it into an Access Point), and run DHCP on the OpenBSD server for both the Protected and Guest Interfaces.



Put each Interface on a seperate subnet (for example 192.168.100.0/24 and 192.168.101.0/24), so that in order for the unprotected stuff to communicate with the protected stuff (or the world) it needs to go through the OpenBSD server.



Do firewalling on the OpenBSD router to prevent unwanted communication.



You can do policy routing if, for example, you want the Wifi router to only use one of the 2 modems). Of-course, depending on your Link aggregation router you may have some work to do there - or indeed, you may want to get rid of it altogether and set your OpenBSD box to do the aggregation routing.



I note that I put the printer behind the Wifi Router = unprotected network. This makes the protected network more secure as it means that you don't need to allow connections from the unprotected network into the protected network. The flip side is it makes setting up printers on the protected network a bit harder as they won't be able to scan the subnet. The alternative would be to put the printers in the protected network and allow the unprotected network to access the printer through the firewall.



I note that I've done this using an additional Network card in the OpenBSD server. An alternative solution if your printer is VLAN cpabale would be to keep with 2 nic, and then use VLANS on the switch to designate each network. This makes management easier and requires less hardware - but does make the assumption that VLANS are secure - an assumption which is open to question. If you go this route, and have a fancy printer, you may be able to make the printer accessible through both VLANS so it is easy to install - but this will depend on the printer and may not be practical.



(I greatly prefer the VLAN solution, BTW - Also, while I have done pretty much all of this, I've never used OpenBSD seriously - my solutions are all Linux based)






share|improve this answer















The network you have seems to me to be unneccessarily complex and difficult to maintain. For the cost of an extra NIC in the OpenBSD server you can have a system which is much easier to control and maintain - and - I suspect - more secure as there is only 1 possible path onto the Internet for the Wireless router.



What I propose a solution along the following lines: (Excuse the very quick diagram)



enter image description here



The idea here is to have the OpenBSD box handling all the routing for everything.



Disable DHCP on the Wifi router (actually disable everything, turn it into an Access Point), and run DHCP on the OpenBSD server for both the Protected and Guest Interfaces.



Put each Interface on a seperate subnet (for example 192.168.100.0/24 and 192.168.101.0/24), so that in order for the unprotected stuff to communicate with the protected stuff (or the world) it needs to go through the OpenBSD server.



Do firewalling on the OpenBSD router to prevent unwanted communication.



You can do policy routing if, for example, you want the Wifi router to only use one of the 2 modems). Of-course, depending on your Link aggregation router you may have some work to do there - or indeed, you may want to get rid of it altogether and set your OpenBSD box to do the aggregation routing.



I note that I put the printer behind the Wifi Router = unprotected network. This makes the protected network more secure as it means that you don't need to allow connections from the unprotected network into the protected network. The flip side is it makes setting up printers on the protected network a bit harder as they won't be able to scan the subnet. The alternative would be to put the printers in the protected network and allow the unprotected network to access the printer through the firewall.



I note that I've done this using an additional Network card in the OpenBSD server. An alternative solution if your printer is VLAN cpabale would be to keep with 2 nic, and then use VLANS on the switch to designate each network. This makes management easier and requires less hardware - but does make the assumption that VLANS are secure - an assumption which is open to question. If you go this route, and have a fancy printer, you may be able to make the printer accessible through both VLANS so it is easy to install - but this will depend on the printer and may not be practical.



(I greatly prefer the VLAN solution, BTW - Also, while I have done pretty much all of this, I've never used OpenBSD seriously - my solutions are all Linux based)







share|improve this answer














share|improve this answer



share|improve this answer








edited 5 mins ago









karel

9,27293139




9,27293139










answered Nov 9 '15 at 4:58









davidgodavidgo

44.3k75292




44.3k75292













  • Thanks for your answer, @davidgo. Very thorough and I think it's a good solution. I was hesitant to modify the network topology but since I think it's the best way to do this now, I will consult with my client.

    – Hyshka
    Nov 9 '15 at 15:26



















  • Thanks for your answer, @davidgo. Very thorough and I think it's a good solution. I was hesitant to modify the network topology but since I think it's the best way to do this now, I will consult with my client.

    – Hyshka
    Nov 9 '15 at 15:26

















Thanks for your answer, @davidgo. Very thorough and I think it's a good solution. I was hesitant to modify the network topology but since I think it's the best way to do this now, I will consult with my client.

– Hyshka
Nov 9 '15 at 15:26





Thanks for your answer, @davidgo. Very thorough and I think it's a good solution. I was hesitant to modify the network topology but since I think it's the best way to do this now, I will consult with my client.

– Hyshka
Nov 9 '15 at 15:26


















draft saved

draft discarded




















































Thanks for contributing an answer to Super User!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f997898%2fconnecting-two-subnets-with-router%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Why not use the yoke to control yaw, as well as pitch and roll? Announcing the arrival of...

Couldn't open a raw socket. Error: Permission denied (13) (nmap)Is it possible to run networking commands...

VNC viewer RFB protocol error: bad desktop size 0x0I Cannot Type the Key 'd' (lowercase) in VNC Viewer...