What's new

setting up subnet for neighbor

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

lighting

Regular Contributor
I'm sharing an Internet connection over a wireless link between two houses on the same property. I've set up a secondary router (Edge) as a local client, plugged into my local (ASUS) wifi router, then the Edge router uses DHCP to provide IP addresses to their clients. This does seem to work fine (it's been operating for years), but I'm aware it could be more elegant, in particular that they've got a double NAT configuration and are working through multiple firewalls at the remote house. What's the right way to do this? They don't need access to my local network, just to the Internet. They're neither very demanding nor very network-savvy, but if I could improve their service with some tweaking I'd like to (and might learn something).

I know I could remove the second router and let my router assign their IPs, but I'd like not to have them on my LAN, which is why I bought the second router.

I've never figured out setting up my own routing rules, but willing to if that's the right direction.

I'm also pretty lost trying to configure the EdgeRouter, which is way less layman-friendly than the ASUS.

Setup:
My router is an RT-AC86U running latest Merlin. On a Netgear cable modem, service is approx. 150/12 Mbps. All LAN clients are currently treated the same whether they're routers or anything else. LAN side of router is 192.168.42.1.
Remote house: I have a local EdgeRouter X and a 2.4 Ghz Engenius directional access point feeding the other house. (I installed a dual-band repeater over there to get signal to the far side of the house on 5 gHz.) Router WAN connection is 192.168.42.8 on my LAN. LAN side of the Edge is 192.168.1.1.

Any advice welcome. Thanks!
 
Conceptually I guess that's what I'm after, except the guest network is a wired connection from the viewpoint of my Asus router, because it goes through a directional wifi access point pointed at the other house. (The 2.4 gHz from my router isn't very strong at the other house.) I wouldn't know how to set up a wired version of a guest network, but maybe that's what I need to figure out.
 
Conceptually I guess that's what I'm after, except the guest network is a wired connection from the viewpoint of my Asus router, because it goes through a directional wifi access point pointed at the other house. (The 2.4 gHz from my router isn't very strong at the other house.) I wouldn't know how to set up a wired version of a guest network, but maybe that's what I need to figure out.
Okay, I didn't see this part of it. Back to the drawing board.
 
What is the specific model of EnGenius directional access point?
 
Last edited:
The Engenius model number is ENS202. It’s inside, at the gable end of my house, pointing toward the other house.
 
Thank you for the information. I would speculate that you are using the ENS202 in bridge mode.

In my opinion, there may be a more elegant solution to accommodate your requirement that the remote house network be isolated from your home's network. However, it would require additional, more sophisticated equipment. Since you state:
This does seem to work fine (it's been operating for years)...
, I see no reason to change.
 
Actually, the ENS202 is in Access Point mode. There’s no mate to it at the other house. Just a Netgear dual-band repeater sometimes used to get a stronger signal to the far side of the house.

Thanks for the advice!
 
I would buy an Edgerouter X (ER-X) and run the wizard for 1 WAN and 2 LAN. Then setup firewall rules to block traffic from LAN1 and LAN2.

Repurpose your Asus as an AP.

I have done that with my Netgear r7000 that now only acts as AP

eth0 - WAN
Eth1- Your network
Eth2 - Neighbour
 
@diesel2k probably has a good solution. I was considering suggesting a router that would isolate the two LAN but for me it would have been by allowing unique IP addresses per LAN. Since you already have an Edgerouter X, you could switch routers and try @diesel2k solution.
 
I'm much happier dealing with the ASUS as my primary router, also not sure the low-end EdgeRouter X has the poop to handle my download speeds (I typically see 250-300 Mbps even though I'm only paying for 150). Could I play tricks on the ASUS that would give the remote house its own subnet separate from my local LAN? Static routing? Basically do what a guest network does on WiFi or what the Edge does with a wizard... I wouldn't need the EDGE router at all, would treat the Engenius AP as the reference IP to get the special treatment. I just don't understand what that special treatment is. Thanks.
 
Could I play tricks on the ASUS that would give the remote house its own subnet separate from my local LAN? Static routing?
ASUS routers don't support multiple DHCP servers. Additionally the ASUS WiFi and LAN are just one LAN from an IP perspective.

Here is an idea, though I don't know the cost with your ISP much less if they can do it. See if your ISP can support a second IP address (DHCP and/or static). If that is doable then all you have to do is unplug the cable to your remote from the ASUS and plug it into the ISP device.
 
I think I know how to do it. If the other house has its own DHCP server, use a distinct range but still within the LAN subnet. Connect the secondary router/access point's cable to a LAN port on the asus router. This way no double NAT.

Then on the asus router, use ebtables rules to drop packets coming from that IP range into your local network. Or you can set up the ebtables rules based on the eth port rather than source IP, then you would not need a separate IP range and could get by with one DHCP server on the network.

I have done something similar for my ac86u guest wlan because I want my guests to have access to certain IP ranges so they can print and access chromecast devices but not the rest of my local network.

Alternative to this: VLAN on the LAN port going to the other house, there are some threads about ac86u vlan. I have not personally done this but this is a perfect use case for a vlan.
 
Last edited:
If the other house has its own DHCP server, use a distinct range but still within the LAN subnet. Connect the secondary router's cable to a LAN port on the asus router. This way no double NAT.
I don't think that will work because of the flow of DHCP packets across the connection between routers in both directions. Additionally, it doesn't isolate the LAN between locations.
 
I don't think that will work because of the flow of DHCP packets across the connection between routers in both directions. Additionally, it doesn't isolate the LAN between locations.
Ebtables rules to filter all packets from / to remote house and lan can certainly be made to work if remote house has own dhcp server.

If only one dhcp: filtering for a lan port but allowing dhcp packets to pass freely.

I suggested vlan as well but have not personally set those up.

Sent from my SM-G965U1 using Tapatalk
 
Last edited:
I'm much happier dealing with the ASUS as my primary router, also not sure the low-end EdgeRouter X has the poop to handle my download speeds (I typically see 250-300 Mbps even though I'm only paying for 150).

I have the ER-X running on a 500/500 line. The ER-X may be cheap, but it is a very powerful system with great stability and feature set. The ER-X will have no problem with your bandwidth and it will easily do exactly what you want. If you don't feel confident implementing it, then I respect that.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top