+ Post New Thread
Results 1 to 9 of 9
Wireless Networks Thread, Multiple networks, one internet connection in Technical; This might sound a stupid question but im looking for a solution to this problem and im hoping you guys ...
  1. #1

    Join Date
    Jan 2009
    Location
    Kent
    Posts
    18
    Thank Post
    5
    Thanked 3 Times in 3 Posts
    Rep Power
    20

    Multiple networks, one internet connection

    This might sound a stupid question but im looking for a solution to this problem and im hoping you guys will be able to give me an insight into possible options.

    I need to run several seperate networks (to protect data from being accessed), these networks are all in the same building and so they need to have the same internet connection (currently being provided by a wireless router)

    Ive thought of a few workarounds but im sure there are better ways of achieving a proper solution.

    Thanks in advance

  2. #2

    Join Date
    Mar 2008
    Location
    Bromley
    Posts
    283
    Thank Post
    15
    Thanked 21 Times in 21 Posts
    Rep Power
    16
    Could probably use smooth wall and 3 orange interfaces?

  3. Thanks to jedmondson from:

    AD2K3 (3rd January 2010)

  4. #3

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    It should be simple enough to run two domains on the same subnet, so both networks look at the same place to access the internet, but unless you create a trust workstations from network A won't be accessible on network B and visa versa.

  5. Thanks to Michael from:

    AD2K3 (3rd January 2010)

  6. #4

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,621
    Thank Post
    49
    Thanked 451 Times in 334 Posts
    Rep Power
    137
    Sharing a single internet connection between seperate disparate networks initially seems like an easy task but unless you have some experience in subnetting, Vlans and routers you can quickly find this quite a challenge.

    There are a few low cost devices such as the Draytek Routers that have VLAN capabilities on the LAN interfaces which can make this an easy enough task for the smaller networks.

    Whilst VLANs are ok for this job up to a point, even these now fail to meet the requirements of some PCI compliancy experts, so if you anticipate sending credit card transactions over these networks forget the vlan options.

    Ideally each network would be connected to a DMZ via a dedicated interface.
    This soon becomes cumbersome and the benefits of a dedicated firewall appliance such as Sonicwall, Smoothwall, Juniper, Cisco etc etc etc soon becomes a much more sensible solution.
    Or alternatively via L3 routing in a high performance switch (the LgFL uses Extreme switches as the managed edge devices)

    Here's a DMZ Example to get you started, change IP's to suit,

    Internet Gateway LAN IP = 192.168.0.1
    Assign WAN addresses to LAN segments,
    Network 1 = 192.168.0.10
    Network 2 = 192.168.0.20
    Network 3 = 192.168.0.30
    Network 4 = 192.168.0.40
    Etc Etc...

    Now add a simple ethernet cable router to each of your seperate network segments,
    Network 1 Lan if = 10.0.10.254 WAN Port 192.168.0.10
    Network 2 Lan if = 10.0.20.254 WAN Port 192.168.0.20
    Network 3 Lan if = 10.0.30.254 WAN Port 192.168.0.30
    Network 4 Lan if = 10.0.40.254 WAN Port 192.168.0.40
    Etc Etc

    As you can see, your comms cabinet will soon fill up with an unmanagable mess of wires, routers and power adapters so even more reason to look at implementing a proper solution.

    With the provision of independent broadband circuits being so cheap nowadays you need to ask why do these "companies" need to be sharing a broadband connection anyway?

    On one site alone I have a 10mb T1, 3 x SDSL, 4 x ADSL, 2x ISDN and a dial up modem taking care of data and another bucket load of ISDN for the phone system!
    150 users internet access, 2 remote sites, Exchange Servers, BES, a retail shop with EPOS, CCTV, Voip, Public/Private WiFi, IPTv, Access Control, Video Streaming, SIP trunks and RDP to a server farm in the Netherlands with a backup in Docklands.

    Sorry, a single internet connection just doesn't do it for me anymore...
    We use an array of Sonicwall NSA Appliances to join them all together and provide failover and an SSL-VPN appliance for remote access.

  7. Thanks to m25man from:

    AD2K3 (3rd January 2010)

  8. #5

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,767
    Thank Post
    1,623
    Thanked 1,877 Times in 1,395 Posts
    Blog Entries
    2
    Rep Power
    422
    all networks on the same subnet, but running different ip ranges works well, it's what I run here and it works fine.

  9. Thanks to nephilim from:

    AD2K3 (3rd January 2010)

  10. #6
    mjs_mjs's Avatar
    Join Date
    Jan 2009
    Location
    bexleyheath, london
    Posts
    1,018
    Thank Post
    37
    Thanked 111 Times in 95 Posts
    Rep Power
    37
    You could always have an extra router for each network. You'ld end up with n+1 routers if n is the number of networks.
    Have your internet go to one network (10.1.2.3), then have a router between that and the internal networks, one router for each, the WAN port on each connected to 10.1.2.3 network. Each network will be able to access up the tree (so the internet) but not the other netwroks behind their individule routers without some exceptions being manually added. If it's only light internet traffic going accross the networks then some basic netgear 'cable' routers would do the trick. NETGEAR|WGR614 UK|54MBPS WIRELESS BROADBAND ROUTER | CPC.

  11. Thanks to mjs_mjs from:

    AD2K3 (3rd January 2010)

  12. #7

    Join Date
    Jan 2009
    Location
    Kent
    Posts
    18
    Thank Post
    5
    Thanked 3 Times in 3 Posts
    Rep Power
    20
    Thanks guys for your replies! Really useful,

    Ive been looking at the draytek range and i think i might have found a solution thats suitable

  13. #8


    Join Date
    Sep 2007
    Location
    UK
    Posts
    5,372
    Thank Post
    1,417
    Thanked 865 Times in 556 Posts
    Rep Power
    642
    We have a Draytek router that is surplus. I can't remember the model but if you are interested, I can take a look tomorrow.

  14. #9
    gshaw's Avatar
    Join Date
    Sep 2007
    Location
    Essex
    Posts
    2,650
    Thank Post
    164
    Thanked 217 Times in 200 Posts
    Rep Power
    66
    The way ours was set up before I started (and still is) goes something like this...

    • Janet connection incoming with their usual Cisco router
    • Output Ethernet from the router goes to a switch
    • Switch has 2 connections coming off it
    • Each connection goes to the RED interface of an IPCop firewall box (similar to Smoothwall)
    • One IPCop per network (admin and teaching)


    On another install I'm doing soon at an outcentre there's only 1 PC on the admin so probably trying IPCop with RED + BLUE + GREEN interfaces. Admin PC on the Green won't be accessible from teaching PCs on the blue... should do the trick

SHARE:
+ Post New Thread

Similar Threads

  1. My LGFL internet connection is down
    By BarriedaleNick in forum London Grid for Learning (LGfL)
    Replies: 0
    Last Post: 7th November 2009, 09:02 PM
  2. VPN connection with internet connection option
    By FN-GM in forum Wireless Networks
    Replies: 6
    Last Post: 29th December 2007, 07:19 PM
  3. Anyone in York looking for an Internet connection?
    By wrights in forum Wireless Networks
    Replies: 11
    Last Post: 10th September 2007, 10:02 AM
  4. Laptop, 2 nics, 2 networks - internet connection problem
    By WithoutMotive in forum Wireless Networks
    Replies: 3
    Last Post: 27th July 2006, 12:14 PM
  5. Unfiltered Internet Connection
    By richard in forum How do you do....it?
    Replies: 16
    Last Post: 22nd April 2006, 08:23 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •