Before i get started i want to state that i have a decent amount of collegiate training in networking and i fully understand the dynamics of the different layers of devices, the ins and outs of basic routing and network infastructure. The reason that i say basic is that i understand all of this stuff however i know that im definatly not a prof consultant or of the equivilent level but i do atleast know enuf to hold a conversation with one :)

So here is the low down.... I need to link these two networks that i have that are in my neighbors and my town house... The houses are in a duplex configuration so we tossed a cat 5 line out one window and in the other. Each house has its own internet cxn and its own internal network. I want the nets to be connected however i do not want them to share an internet connection. In terms of available hardware i have and can have whatever it takes to complete this task including: waps, linux/win xp bridges, linux dhcp servers etc... I made a net diagram so that it would be easy to understand... look below

http://burrowww.cs.indiana.edu:11410/netd.jpg

Now i do understand that I will most likley have to define two different subnets (Lan 1 = 192.168.1.x, and Lan 2 = 192.168.0.x). In addition i would assume that i need to hardcode the default gateway and dhcp server for all machines on the respective network.

If you look at my net diagram you will see that i have outlined two options. I will discuss these now:

Possibility 1:
The first possibility for me is to toss a line from router to router. now i can filter on both these routers. I beleive that hard coding of all the gateway and dhcp server will be a must for the nodes on the networks for this option. Now i could also put a linux/win xp bridge (machine with 2 nics) inbetween the two routers to handle filtering as well.

Possibility 2:
This option would basically entail the same thing just from different layer devices then my routers. Im not sure if this would be any different then doing it from router to router however i was thinking that maybe using a "stupid device" that only uses ip tables instead of routing tables might solve the problem. As a side note a machine could also be used as a bridge here.

Possibiliy 3:
The third possibility isn't marked on the diagram because i would like to avoid it if possible. I figure that i could use a wap to connect the Lans. But the idea of limiting my badwidth from one lan to the other to 10mbs really makes me cringe.

I tried connecting the two networks already using a winxp box with two nic and then using the bridge function, however when i do it then one of the routers will smack the other one down and take over the dhcp and default gateway requests.

Any help on this situation would be greatly greatly appreciated.
For direct contact you can aim me at name: fulloferik
or email me at: ebruner@indiana.edu

Thanks for the help.... Prime

um, to help the "dhcp smackdown" if you make sure both routers are configured with Static address there shouldnt be a conflict between the two networks. And for thr routers I think you'll need to have a static route entry in each forwarding requests to the proper network. There would be an easier way to do this with a switch (I think) Ill have tog et back to you though.

and btw, the pic is a red X :)

If you give two different subnets to the networks, then you set up a router between them. This is pretty simple to do with the lowliest Linux box.

If you don't feel like setting up a router or having different subnets, you could have the same subnet and have another box (Linux, even) sit between them and be a bridge. Or you could use a plain old switch for that.

If you actually want to STOP people in one house from using the other house's net connection, it'd be easier to accomplish that with separate subnets. Then you tell the nat boxes at both houses not to nat traffic from ips in the other subnet.

tried repairing the image link (dont think the first file was chmoded correctly on my apache server) let me know if it still comes up with an error tnks

Prime

BUMP, BUMP, BUMP!

Is there supposed to be more than one pic? I've always seen the one pic just fine.

One idea (pic's too big to host on theforumisdown).

3 network segments:
one main one which is all the computers with consecutive IP's, those connecting to Segment 2 have 192.168.1.201-228, those connecting to Segment 3 have 192.168.1.229-260.
second segment is one computer connected (DMZ) to the modem/internet.
third segment is one computer connected (DMZ) to the modem/internet.

Between Segment 1 and 3 is a Linux box (we will call Netbox 3) acting as a router/firewall/net server, Between Segment 1 and 2 is a Linux box (We will call Netbox 2) acting as a router/firewall/net server, Segments 3 and 2 can't "see" each other. Netbox 2 has a firewall banning Netbox 3 and all IP's 192.168.1.229-260, vice-versa for Netbox 3. Essentially all the "normal" computers can see each other, but each one can only see one Netbox, and the Netboxes can't see each other.

the computers using Segment 2 for the 'net use the Netbox 2's Segment 1 IP as their Gateway, and vice-versa.

It made sense in my head... Optimus has my diagram.

I'd say have two subnets, a router (Linux/BSD) in between, and a smart machine like a Linux or BSD box at both internet connections instead of a goofy nat appliance.

The go-between router routes between both subnets, the gatekeepers of the two Internet connections drop any internet traffic from the other subnet, so there is no way for someone to force their way out through your connection.

To be safe, the static routes on the go-between box shouldn't let someone on one lan use the subnet of the other lan so they can go out through the other lan's net connection -- just don't configure a static route that'd know how to do this.