Advice Needed for Isolating My Network Setup From Landlord's Network

[Master Pain]

Hello everyone,

I'm looking to create a private network setup within my rented space that is separate from my landlord's network, but still uses the same internet connection. I've attached a diagram to illustrate my current setup and would appreciate any guidance on how to achieve my goals.

Current Setup:

• The landlord's setup includes a fiber box connected to an internet router switch, which then provides a Wi-Fi network through the router itself in addition to a Google Wifi mesh system.
• My setup will be wired from the same internet router switch, intending to use my own Wi-Fi.

My Objectives:

• I want to ensure that my network is completely isolated from the landlord's so they cannot access my devices.
• I need to connect my devices to the internet through the wired connection from the router switch.
• My network will have its own Wi-Fi setup using Asus RT-AC86U and RT-AX53U routers.
• The network must support gaming traffic (I guess double NAT could cause problems with that)
• Ideally, I would like to have the capability to do port forwarding and set a custom DNS (not a requirement)

Constraints:

• I do not have access to the landlord's device settings or configurations. (I might get temporary access if I ask nicely, but I'm not sure about this)

Given these conditions, can anyone suggest the best way to set up my network to be private and secure? I've done a few different setups in the past, but this time the landlord also has kids gaming and I'm afraid of causing double nat problems which may result in them not being able to game without interruptions, which would be a bad start for us in our new home.

I look forward to your advice!

 

[ColinTaylor]

By "internet router switch" I assume you mean a regular wireless router.

As you have no control over you landlord's network what you have at the moment is the best you can achieve. I'm assuming your RT-AC86U is in router mode with its firewall still enabled.

You cannot avoid double NAT so you'll have to live with that. Port forwarding will not be possible without control of your landlord's router. Even if you did gain access to his router you could break his children's internet gaming if you start forwarding ports for your personal use.

Your landlord won't have access to your network as he will be blocked by your RT-AC86U's firewall. Ironically you could potentially have access to devices on his network. You won't be fully isolated as your traffic is still traversing his network so he can theoretically do anything he wants with it, like packet shaping, blocking, or even snooping (if he's a l33t h4x0r ).

 

[Master Pain]

By "internet router switch" I assume you mean a regular wireless router.

As you have no control over you landlord's network what you have at the moment is the best you can achieve. I'm assuming your RT-AC86U is in router mode with its firewall still enabled.

You cannot avoid double NAT so you'll have to live with that. Port forwarding will not be possible without control of your landlord's router. Even if you did gain access to his router you could break his children's internet gaming if you start forwarding ports for your personal use.

Your landlord won't have access to your network as he will be blocked by your RT-AC86U's firewall. Ironically you could potentially have access to devices on his network. You won't be fully isolated as your traffic is still traversing his network so he can theoretically do anything he wants with it, like packet shaping, blocking, or even snooping (if he's a l33t h4x0r ).

Thank you for the insightful response!

Indeed, the 'internet router switch' is an ISP-provided router that governs all the network traffic.

I wanted to clarify that my setup is not yet operational—apologies if that wasn't clear earlier. But as you surmised, my plan is to configure the Asus RT-AC86U in router mode and enable its firewall for added security.

Acknowledging that double NAT is inescapable in my scenario, I'm relieved to hear that it's manageable, as I do not rely heavily on port forwarding.

However, I'm concerned about the potential for IP conflicts within my private network. Since I can't coordinate with the main router's IP assignments, is there a way to configure my router to prevent any possible overlap and the issues it might cause? Any specific settings or DHCP range you'd recommend would be greatly appreciated.

And while the landlord may not be a 'l33t h4x0r,' it's a humorous thought that his kids might take an interest in network exploration—hopefully not at my network's expense! In any case, taking precautions seems wise.

Looking forward to any further advice you could share!

 

[Techtype]

However, I'm concerned about the potential for IP conflicts within my private network. Since I can't coordinate with the main router's IP assignments, is there a way to configure my router to prevent any possible overlap and the issues it might cause? Any specific settings or DHCP range you'd recommend would be greatly appreciated.


Your router is smart enough to avoid conflicts. (Double NAT actually takes care of this)

 

[ColinTaylor]

However, I'm concerned about the potential for IP conflicts within my private network. Since I can't coordinate with the main router's IP assignments, is there a way to configure my router to prevent any possible overlap and the issues it might cause? Any specific settings or DHCP range you'd recommend would be greatly appreciated.

Your router will detect a conflict in IP network addressing and change it's LAN to something different. If it doesn't it will be obvious as you won't have a functioning network. You can check what's happening by looking at the "WAN" IP address your router is getting from the landlord's router. It should be a different subnet from your own. If for some reason they're the same you can change your LAN subnet on your router.

 

[CaptainSTX]

When you set up your router just select a DHCP subnet for assigning IPs on ypur lan that is different than your landords. If he is using the the common default of say 192.168.1.0/24 then you could select 192.168.2.0/24.

You will be able to tell what is router is using as a subnet by looking at the WAN IP his router assigns to yours.

 

[Master Pain]

Thank you guys! This has been super helpful. I really appreciate it

 

[GovtCheese]

> My network will have its own Wi-Fi setup using Asus RT-AC68U and RT-AX53U routers.

Were you planning to use AiMesh? Wouldn't the AX router need be the master?

 

[Master Pain]

> My network will have its own Wi-Fi setup using Asus RT-AC68U and RT-AX53U routers.

Were you planning to use AiMesh? Wouldn't the AX router need be the master?

Yes, but why would the AX router need to be the master?

 

[L&LD]

Because you want the most capable router to be the main unit.

 

[Tech9]

Wouldn't the AX router need be the master?

Perhaps @Master Pain wants Asuswrt-Merlin firmware. RT-AX53U is not supported.

 

[Master Pain]

Because you want the most capable router to be the main unit.

It's only more capable in the sense that it has wifi6, other than that AC86U outperforms it in every way.

Perhaps @Master Pain wants Asuswrt-Merlin firmware. RT-AX53U is not supported.

Yes!

 

[Tech9]

Asus RT-AC68U

Asus RT-AC68U

Do you have RT-AC68U or RT-AC86U? Very different routers.

 

[Master Pain]

Do you have RT-AC68U or RT-AC86U? Very different routers.

RT-AC86U. Sorry for the typo/confusion.

 

[L&LD]

Yes, if you have the RT-AC86U (instead of the previously indicated RT-AC68U), I agree the former is likely superior.

 

[Tech9]

Given these conditions, can anyone suggest the best way to set up my network to be private and secure?

Your own ISP line is the best solution. Otherwise you may have to live with limitations.

 

[GovtCheese]

Yes, but why would the AX router need to be the master?

Most powerful should be master. Since a WiFi6 is better than WiFi5, the AX router should be primary (master).

<https://www.snbforums.com/threads/aimesh-observation-on-main-vs-node-ax-vs-ac.82001/#post-804259>
<https://dongknows.com/asus-aimesh-overview/>

 

[Tech9]

Since a WiFi6 is better than WiFi5

RT-AC86U is much better hardware router than RT-AX53U.

 

[GovtCheese]

RT-AC86U is much better hardware router than RT-AX53U.

True, but it lacks WiFi6 features. AiMesh says most powerful -- although the router itself is more powerful, it has less capability since it's older. My understanding was that you are most concerned with the master's capabilities since the slave only provides WiFi pass-thru to it.

Oh, and the AX firmware is 388 while the AC firmware is 386 (and no longer maintained). Always had the impression that routers with different WiFi versions should *not* be mixed anyway; even though it may work, the performance would likely suffer (greatly) when connected to the older standard router. But a performance issue is still better than no signal, eh?

IMO, on all counts. Happy to be wrong.

 

[Master Pain]

Oh, and the AX firmware is 388 while the AC firmware is 386 (and no longer maintained).

Does this mean that RT-AC86U reaching End Of Life?