Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Networking Networking
Search Search
Search for:
Tech Support Guy > > >

Solved: Hotspot and Private Network with 2 Routers


(!)

edmacke's Avatar
edmacke edmacke is offline
Member with 24 posts.
THREAD STARTER
 
Join Date: Jan 2009
Location: Chicago 'Burbs
Experience: Enough To Be Dangerous
10-Jan-2011, 10:52 AM #1
Solved: Hotspot and Private Network with 2 Routers
I have 2 wireless Linksys E1000 routers. My goal is to create an unrestricted public hotspot and a normal secure network, all using a single DSL connection.

I realize the E1000 has this capability built in, but I ran into several problems:
  • Its public hotspot requires a password - which is entered by the client on a browser page it serves up. That doesn't work if your client doesn't use a browser (e.g. Nintendo DS).
  • I want to use DHCP for my hotspot and static IPs for my home network, but if that's even possible - and I have my doubts - it would require the use of the E1000's control panel. But once you use the control panel, you permanently lock out your ability to control the hotspot (via the Linksys software) - this is completely stupid design on Linksys' part, but it is what it is.

I've also seen articles that say you accomplish what I'm trying to do with a single router by using DD-WRT, but the E1000 isn't supported by DD-WRT (plus I'm a little nervous about turning my router into a brick).

So my plan was to do something like this:
  • Connect an E1000 to my DSL modem. This will be my "public" router. Make it a DHCP server with no wireless security whatsoever.
  • Connect the second E1000 to the first. This will the router for my private network. Turn off DHCP.
  • The private router would be locked down: static IP, WPA/WPA2, etc.
  • My thinking is that the "public" router will basically allow anything with a WiFi antenna to connect to the internet, handing out IP addresses as necessary. The second router will get its WAN IP from the first router.

Questions
  • Will this even work?
  • Are there any security problems?
  • Would router2 get its IP dynamically from router1, or do I assign it a static IP? If so, how do I do that (i.e. what settings do I use on both router1 and router2?)
  • What IP would my (private network) laptop, desktop, etc. use as the gateway?
  • Would I just use a straight-through cable from a public router LAN port to the WAN port on the private router?
  • If I decide to add some basic security (e.g. WEP) on the hotspot router if I have problems with, say, neighbors sucking up my bandwidth, how would my guests connect? Do they have to set up a new network? Or what?
  • I've seen references on the interwebs that a setup using 2 routers might cause problems due to "Double NAT". What problems?!?!
  • A similar thread on this subject mentioned connecting router2 to router1's DMZ, but this is over my head. How would you do that?
  • Anything else???

THANKS!!
TerryNet's Avatar
Computer Specs
Moderator with 67,271 posts.
 
Join Date: Mar 2005
Location: Ottawa, IL
10-Jan-2011, 01:02 PM #2
The only definite issue that you will have cascading the routers is that they can't both use the same LAN IP address range. So, for example, if they both default to using 192.168.1.x, change one of them to use 192.168.3.x.

"Double NAT" is a problem if and only if you want to forward ports (game playing, viewing a web cam from the internet, etc.). The easy way to accomplish that is to put the 2nd router in the 1st router's DMZ (which means you needn't port forward on the 1st router). If you use the DMZ feature then the second router needs to be assigned a static IP address--in the 1st router's IP address range but outside its Dhcp server's range.

If you add encryption (security) to the first router then your guests will need to type the correct encryption key to connect.

Your computers and other devices will be connected to the second router; thus the Default Gateway (and optionally the DNS server) will be the LAN address of the second router.
__________________
Microsoft MVP - Windows Expert - Consumer (since July 2010)
edmacke's Avatar
edmacke edmacke is offline
Member with 24 posts.
THREAD STARTER
 
Join Date: Jan 2009
Location: Chicago 'Burbs
Experience: Enough To Be Dangerous
10-Jan-2011, 02:28 PM #3
So..... something like this (not sure about subnet masks and DNS)?

Router 1 (Hotspot)
IP: 192.168.1.1
Subnet: 255.255.255.0
Connection Type: PPPoE (I have DSL)
DHCP: Enabled
DHCP Start: 192.168.1.100
DHCP Users: 10 (or whatever)
DMZ: Enabled
DMZ Destination: 192.168.2.1 (Router 2)
Wireless Network Mode: Mixed
Wireless Security Mode: Disabled

Router 2 (Network)
Network cable goes from WAN port to Router 1 LAN port
IP: 192.168.2.1
Subnet: 255.255.255.0
Connection Type: Static IP
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1 (Router 1)
DNS: ISP DNS or OpenDNS???
DHCP: Disabled
Wireless Network Mode: Mixed
Wireless Security Mode: WPA/WPA2 Mixed Mode

Guest Client Settings (to get to Router 1)
Nothing really - if it can get a signal it can get to the internet (assuming they are set up for dynamic config)

Network Client Settings (to get to Router 2)
Fixed IP Address
IP: Anything in the range 192.168.2.2 through 192.168.2.255
Subnet: 255.255.255.0
Default Gateway: 192.168.2.1 (Router 2)
DNS Servers: ISP DNS or OpenDNS???
WPA Passkey
TerryNet's Avatar
Computer Specs
Moderator with 67,271 posts.
 
Join Date: Mar 2005
Location: Ottawa, IL
10-Jan-2011, 03:23 PM #4
For Router 1 (Hotspot) the DMZ destination has to be in its LAN IP address range; e.g., 192.168.1.10.

For Router 2 (Network) its WAN IP has to be in Router 1's LAN; e.g., 192.168.1.10. It's WAN DNS server can be either that you specified or 192.168.1.1. Its LAN address can be 192.168.2.1.

For the Network Client Settings the DNS Server(s) can be either that you specified or 192.168.2.1 (Router 2's LAN address).

Otherwise your chart looks correct.
edmacke's Avatar
edmacke edmacke is offline
Member with 24 posts.
THREAD STARTER
 
Join Date: Jan 2009
Location: Chicago 'Burbs
Experience: Enough To Be Dangerous
10-Jan-2011, 04:02 PM #5
So the updated, correct chart would be

Router 1 (Hotspot)
Router (LAN) IP: 192.168.1.1
Subnet: 255.255.255.0
Connection Type: PPPoE (I have DSL)
DHCP: Enabled
DHCP Start: 192.168.1.100
DHCP Users: 10 (or whatever)
DMZ: Enabled
DMZ Destination: 192.168.1.10
Wireless Network Mode: Mixed
Wireless Security Mode: Disabled

Router 2 (Network)
Network cable goes from WAN port to Router 1 LAN port
Router (LAN) IP: 192.168.2.1
Subnet: 255.255.255.0
Connection Type: Static IP
Internet (WAN) Static IP: 192.168.1.10
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1 (Router 1)
DNS: ISP DNS, OpenDNS, or 192.168.1.1
DHCP: Disabled
Wireless Network Mode: Mixed
Wireless Security Mode: WPA/WPA2 Mixed Mode

Guest Client Settings (to get to Router 1)
Nothing really - if it can get a signal it can get to the internet (assuming they are set up for dynamic config)

Network Client Settings (to get to Router 2)
Fixed IP Address
IP: Anything in the range 192.168.2.2 through 192.168.2.255
Subnet: 255.255.255.0
Default Gateway: 192.168.2.1 (Router 2)
DNS Servers: ISP DNS, OpenDNS, or 192.168.2.1
WPA Passkey
edmacke's Avatar
edmacke edmacke is offline
Member with 24 posts.
THREAD STARTER
 
Join Date: Jan 2009
Location: Chicago 'Burbs
Experience: Enough To Be Dangerous
10-Jan-2011, 05:00 PM #6
Also, I currently have my XBox and Wii connected to the "network" router (since it's the only network I currently have).

Is there any advantage/disadvantage to putting them on the "hotspot" router instead of the "network" router?
TerryNet's Avatar
Computer Specs
Moderator with 67,271 posts.
 
Join Date: Mar 2005
Location: Ottawa, IL
10-Jan-2011, 05:39 PM #7
Chart looks correct to me.

Quote:
Is there any advantage/disadvantage to putting them on the "hotspot" router instead of the "network" router?
You already know the answer. On the "hotspot" they can play games with your guests, but they are vulnerable to your guests and neighbors.

I would advise keeping at least WEP encryption on your "hotspot." It will keep most neighbors out of your network.
edmacke's Avatar
edmacke edmacke is offline
Member with 24 posts.
THREAD STARTER
 
Join Date: Jan 2009
Location: Chicago 'Burbs
Experience: Enough To Be Dangerous
12-Jan-2011, 11:47 AM #8
OK, this worked! I now have exactly what I want. Thanks so much.

Some issues I did run into:
1) I assigned the Xbox to Router 2. I did the port forwarding that you're supposed to, but I was still getting the infamous "Moderate NAT" warning. When I disabled UPnP, the warning went away and the Xbox is now happy as a clam. Just FYI...

2) Just for S&G, I completely disabled Wireless Security on Router 1 - basically creating a public hotspot. But even though I was connecting to an unsecured network, my Vista laptop was still making me press the "WiFi Protected Setup" button on the front of my router. This seemed really odd, especially give that AFAIK, WiFi Protected Setup was turned *off* in the router control panel (it has a radio button for "Manual" or "Wi-Fi Protected Setup"... I chose "Manual"). It worked, but it seems like an unwanted, unnecessary extra step for my guests to go through. If my friend brings over a laptop and wants to connect, who wants to have to run to the router and push a button to make that happen??? I don't have to do that at Starbucks.

3) Then, I turned on WEP security for Router 1. I've always used WPA/WPA2 so this is new.

On the router, there's a Passphrase field, a Key field, and a "Generate" button next to the Passphrase. I'm assuming the passphrase is a seed to generate a Key?

I entered a Passphrase, hit "Generate", and got a 26-character key (I had the 104/128 bit encryption level chosen). OK, so far so good.

Now, when my son's Nintendo DS asked for the "key", I put in the passphrase but it didn't connect.

I wondered if it wanted the hex key, but there's no way I'm going to type in a 26-character hex key, so I went back to the router and changed the WEP encryption to 40/64 bits, and regenerated a 10-character key.

When I entered the 10-character key, it worked!

But... is that normal to have to enter the key instead of the passphrase, or is that just a Nintendo thing? It would be really lame if I have to give my guests a 10-character hex key that they have to type in to connect!

Me: "Oh, sure you can use my hotspot Bob - when it asks for the key just type in F9D3CA05BA"
Bob: "You're kidding, right?"
TerryNet's Avatar
Computer Specs
Moderator with 67,271 posts.
 
Join Date: Mar 2005
Location: Ottawa, IL
12-Jan-2011, 12:43 PM #9
Some devices translate a WEP ascii passcode differently, so it is always preferable to use the actual HEX key. You can always use a little imagination and create a "fun" HEX key. Lame examples: 1fade2dead, fadbad4dad
edmacke's Avatar
edmacke edmacke is offline
Member with 24 posts.
THREAD STARTER
 
Join Date: Jan 2009
Location: Chicago 'Burbs
Experience: Enough To Be Dangerous
12-Jan-2011, 04:09 PM #10
Quote:
This seemed really odd, especially give that AFAIK, WiFi Protected Setup was turned *off* in the router control panel (it has a radio button for "Manual" or "Wi-Fi Protected Setup"... I chose "Manual").
Turns out that the "Manual Setup" and "Wi-Fi Protected Setup" radio buttons are a little misleading. They are not, as you'd expect, two mutually exclusive ways of doing setup.

The "Manual Setup" tab does NOT specify that you want to do Manual instead of WPS, it is just a spot to "manually" change some router settings like SSID and Channel.

The "Wi-Fi Protected Setup" allows you to configure a client. There are no settings that pertain to the router itself; the term "Setup" in "Wi-Fi Protected Setup" refers to client setup, not router setup.

It doesn't appear you can turn off WPS in the Linksys E1000.

I don't know if you can turn off WPS in Vista (or in the NIC drivers), or if you can manually add a connection that bypasses WPS. I'm not a fan of things happening behind my back, especially where Windows is involved.
edmacke's Avatar
edmacke edmacke is offline
Member with 24 posts.
THREAD STARTER
 
Join Date: Jan 2009
Location: Chicago 'Burbs
Experience: Enough To Be Dangerous
12-Jan-2011, 04:54 PM #11
Also, one more question: Is there any easy way with static IP to effectively limit the number of IP address, like you can with DHCP?

For example, I have 6 devices connected to Router 2 (192.168.2.1), with static IPs of 192.168.2.100 through 192.168.2.105.

I know for a fact that 192.168.2.106 through 192.168.2.255 will never be used (unless I get a new laptop or something). Seems like it would be a Good Thing to mark those IPs as invalid/unused.
TerryNet's Avatar
Computer Specs
Moderator with 67,271 posts.
 
Join Date: Mar 2005
Location: Ottawa, IL
12-Jan-2011, 05:34 PM #12
The only wireless security is WPA(2) encryption.

The only ethernet security is examining to where all the cables go from the router.

Restricting the Dhcp server's address range or using only static IP addresses can effectively make your network more difficult to use, but it does nothing for security. You may enjoy reading The ABCs of securing your wireless network.
edmacke's Avatar
edmacke edmacke is offline
Member with 24 posts.
THREAD STARTER
 
Join Date: Jan 2009
Location: Chicago 'Burbs
Experience: Enough To Be Dangerous
12-Jan-2011, 09:38 PM #13
Ah, OK. Good to know.

Thanks so much for your time. I was able to get everything up and running perfectly - I wouldn't have been able to without your help!

I will read that Ars Technica article...looks good.
TerryNet's Avatar
Computer Specs
Moderator with 67,271 posts.
 
Join Date: Mar 2005
Location: Ottawa, IL
12-Jan-2011, 10:04 PM #14
You're welcome.

You can mark this solved using the button at the upper left of the page.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
2 router on 1 network PatelShiv Networking 7 03-Jan-2011 06:26 PM
Home Network Using 2 Routers from different connections Hotcrossbun Networking 2 25-Aug-2010 06:27 AM
Can connect to private network but cannot connect to servers on it MarTech55 Networking 1 19-Feb-2009 09:42 AM
Communication between 2 private networks greeniegb Networking 0 14-Feb-2009 10:58 AM
Solved: Sharing WEP and WPA2 network with 2 routers? ehymel Networking 11 13-Aug-2007 09:39 PM

WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2