Skip to Content

Connecting 2 Networks without sharing internet

my problem

there are 2 networks each one have it's own internet connection .. each one have it's own router and switch .. is it possible to connect these 2 networks so they can share files without sharing the internet connections ? .. and if it possible is there any security can be made to stop anyone trying to use the other network internet connection ?

if that is possible how it can be done .. can i connect both switches with a cable and what configuration will be made to each router and each PC on the networks ..

i have a good background of router configuration i just want to know what can i do and if there a software to be used what is it ? thnx in advance.

Alaa's picture

I'm not network expert. so

I'm not network expert. so please someone review my words

if you connect the two switches they become one network, I'm not aware of anyway to split them when switches are connected.

what you need is a router between your two networks, the easiest way is to fit one pc with two NICs, then setup a routing table to deliver between the two networks.

the two networks should follow the same IP pattern but differ so that when netmask is applied it is obvious which pc belongs to which network

for instance we can do 192.168.1.0-255 for one network, and 192.168.2.0-255 for the other network.

the routing table is set using the route command, and an iptables firewall is enough to restrict what happens between the two networks.

Alaa


"context is over-rated. who are you anyway?"

Conceptor's picture

vlan


Diaa Radwan

Pronco's picture

ANOTHER BRIEF

link up the two networks, have them all be in the same subnet. each internet connection being a different ips. split the networks based on gateway

for security, have each gateway only forward packages for the machines on its 'network'

having proper subnets for the two, and with routing between would be a bit cleaner, but more complicated


- I'm a code junkie security enthusiast

Alaa's picture

no this would not

no this would not work

as I said connecting the two switches will create a single network.

what you need to do is put an extra network card on one of the pcs and use it as a router between the two networks

Alaa


"context is over-rated. who are you anyway?"

Alaa's picture

yes there is a way, get an

yes there is a way, get an extra network card and use a pc with two cards to connect the two networks

Alaa


"context is over-rated. who are you anyway?"

Mohammed Ahmed's picture

Alaa if he connected the

Alaa if he connected the tow networks as you said lets say its 2 networks now

192.168.1.1/24 192.168.2.1/24

the 1st network config is

iprange 192.168.1.2 192.168.1.254

gateway 192.168.1.1

sub 255.255.255.0

2nd network

iprange 192.168.2.2 192.168.2.254

gateway 192.168.2.1

sub 255.255.255.0

now he have 2 routers would you tell me how he will have access to internet and the other network..???

if pc from netwokr one wanna access resource on netwrk 2 how would that pc wll know the IP of the pc with 2 netwokr cards ..???

now you have pronco solution that you but them in same sub net and

chnage the router ip to

192.168.1.1 1st router ip = the gateway of the 1st network

192.168.1.2 2nd router ip = gateway of the second network

pronco he asked how he can pervent the users from network 2 from using router of network 1 even if he made rule to not forward expect frm its network that won`t stop users from chnaging there ip and access the other network

laplac you have pronco solution and it will work for access internet and resource on other network and if you wanna use diffrent ipranges and diffrent subnets you can do the following

you said you can deal well with routers you will use 2 diffreent range

192.168.1.1/24 192.168.2.1/24

and you add static routing on each router that direct the request t the other router

mean when packet ceom from 192.168.1.1/24 wanna reach 192.168.2.1/24 its goes to 192.168.2.1 and vice versa

ps : on all above cases you will connect the 2 switches with cross cable now we have solved a proplem and we have new proplem how we stop users from using the other network.....

if you have enough money you may pay cico router :) or you can do more complicated solution....

you will need software to bind the MAC address to IP and it exist on sourceforge as i remember now lets go to how will you design it

PC with 4 NIC

2 NIC will be connected the 2 routers 2 nic will be connected the 2 switchs

i think its clear now the pc will forard the request from network to other and the software we will use will pervent them from chnaging there IPs

and every network will have its own internet connection based on your roouting configuration

i know its the longest post i ever made , but i am at good mode :)

Best Regards


I Was Known as POSIX

Alaa's picture

you will need a freaking

you will need a freaking pc with two network cards

one card will be connected to the first network with ip address say 192.168.1.64

and the other network card with 192.168.2.64 for instance

that computer will have to access the internet through only one gateway (let's say 192.168.1.1)

now that computer will also be setup to forward packets from one network to the other and vice versa (which is why it is a router). I assume this will involve enabling packet forwarding only, but it might involve more.

the other computers will have to have an extra setting, the gateway is not enough, you will have to set a rule in the routing table that says anything going to 192.168.2.0/32 or whatever goes through 192.168.1.64

so you have two routing rules for each pc, one for the internet gateway and one for the between networks gateway.

it's a very simple and doesn't require all that stuff you wrote. (which I didn't understand to be honest)

Alaa


"context is over-rated. who are you anyway?"

Mohammed Ahmed's picture

i said he may use pc if he

i said he may use pc if he wann assign an ip address to MAC and the user don`t be able to chnage it , or if he chnaged it he won`t get access to internet ,

if he is ready to leave that option then he don`t need pc at all,

he can use diffrent subnets and add route rule at each router to send packets to the other network

he he may do pronco thing and but them in same netwokr with diffrent gateway IPs

the PC that act as router is needed only if he should assign an IP to MAC and don`t tell me he can do it by DHCP he wanna force users not to chnage there ip :)

----------------------------------------------------------------- I Was Known as POSIX

Conceptor's picture

assigning ip to mac is

assigning ip to mac is not easy with dummy switch (only priced switches has this feature cisco maslan).

if your users have no privilege on networking configuration ,the best thing is to have dhcp(you have to read more on dhcpd,dhcp can force ip according to the givin mac).

IMO you will need pc with two network cards one say for network A and one for B,normal ip forwarding will solve the two networks connection issue.

for the Internet if the default gw is the pc with two nics traffic will pass to the other network and you may loss the control over internet traffic.and this is the real problem here. and if you didn't set the default gw the pc with two nics you won't see the other network.

solving this problem could be easily done with heavy configured iptables between the two networks.to check if the dst is the other network or it is an external request (Internet).


Diaa Radwan

Mohammed Ahmed's picture

Diaa i think he can`t mix

Diaa i think he can`t mix up netwokr bandwidth although he would do it long time ago and save the price of the second DSL line.

i think he should do pronco solution that is less complicated and won`t mix the internet lines

or do the complicated one with pc with 4 NIC to assign an IP to mac there is FOSS to do that but i can`t remember its name right now...

or i have another one he won`t need the 4NIC he will only need 2 NICs

there will be PC with 2NIC act as router and the idea is we will add ip route if unknown destination sent to the PC with2NIC it forward it to the network router and the same with the second network

mean

we have 2 networks

192.168.1.1/24 NIC 1 192.168.2.1/24 NIC 2

192.168.1.2 ADSL router of network 1

192.168.2.2 ADSL router of network 2

if pc/router recived packet for other network it forward it to the second NIC if it recived packet to Unknown destination it send it to

the ADSL router of the network ...

what you think guys like that

1- we didnot mix the internet bandwidth

2- both network have there own subnet or even they would be the same subnets

3- he can using FOSS to assign ip to mac

i think that is the best solution that solve all his proplem from making 2 netwokrs communicate to control the ip to MAC assign

Best Regards


I Was Known as POSIX

Mohammed Ahmed's picture

destniation IP : ip of the

destniation IP : ip of the other network router

mask : 255.255.255.0

gateway : eth0 or the interface which the packet will exit from or the ip of the interface

metric : 1

try it and tell me


I Was Known as POSIX

Mohammed Ahmed's picture

We did our job

You said

i have a good background of router configuration i just want to know what can i do

i think we did our job make a little search , belive me you gonna like it


I Was Known as POSIX

this is really late, but i

this is really late, but i am kinda having a similar problem right now..

i guess this could be easily solved using a linux box with two nic's working as a "bridge", not a router. then you can use iptables/ebtables to put access rules between the two network segments

hope this helps any one :P

Yeah... your advice is

Yeah... your advice is reasonable. Firstly my friend tried what you recommend and it works. Great!


Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.


Dr. Radut | forum