Forums
New posts
Articles
Product Reviews
Policies
FAQ
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Menu
Log in
Register
Install the app
Install
Forums
Digital Lifestyle
Internet, Networking, and Wireless
Curiosity About 2 Routers In IP Scanner Results
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="michelangelo" data-source="post: 1780211" data-attributes="member: 54225"><p>To add one option to the ones you already have sitting in front of you, I will dig a part of your post #10 (nearly a century ago)</p><p></p><p>Let us presume the following:</p><p>1 - That you want to carry on with the voice over IP provided by your current ISP;</p><p>2 - No presumption for TV since you only carry one vote;</p><p>3 - You accept to believe that the Alien (a thing protected by secrecy) is there for your good, but do not want to be harmed in the event the Alien would become corrupt, hostile;</p><p>THEN, you may want to explore, as an alternative to your other options, the one outlined above. </p><p>Your current ISP's router has a LAN IP address of 192.168.0.1, it creates a LAN containing a block of 256 IP Addresses, in the range [192.168.0.1 ; 192.168.0.256]</p><p>Your VoIP telephone is a client in this LAN, your TV too, so are all your other devices (printer, macs, iPhones, treadmill, what else)</p><p>You could grab a dumb (or no so dumb if you prefer) router, attach its WAN side to the above network (its WAN Address would be 192.168.0.xxx, attributed by your ISP's router) and ask this dumb router to distribute IP addresses in a second LAN (call it LAN2) in a separate range of addresses. I would choose, for laziness, the range 192.168.1. 1 to 256, 192.168.1.1 being the LAN2 address of dumb router. </p><p>Then you are done. You would ensure that wifi is off on your ISP's router, to prevent involuntary connection to an IP address in the range 192.168.0.xxx and configure a wifi access point behind your dumb router. What you have achieved there is a double NAT whereby you have a router after your ISP-supplied router. </p><p>With the possible exception of TV (depends on the votes), your telephone is the sole client of your ISP's router. All other clients you have in your home, whether wired or wireless are now attached to the dumb router and are therefore in a separate network. </p><p></p><p>Alien is alone with your telephone in the first LAN, all your personal stuff is well protected in LAN2. </p><p></p><p>In the event Alien becomes corrupt, hostile, crazy, whatever, your LAN2 is protected because there is no way Alien can access any of its clients, because there is no way Alien can go across dumb router. </p><p></p><p>What is the takeaway ?</p><p>Airport utilities will complain. Airport Utilities don't like double NATting. Ask it to shut up;</p><p>If you ever need holes in your firewall (which, as you mentioned after a Shields Up test, is pristine: no holes, all ports are closed -no entry- and stealth -no reply to ping- so far) in order to permit: access to your mac, gamers to receive chat from other online gamers, a ring on your Skype... there you would also need holes in two firewalls, which is way more complex;</p><p>The cables to your VoIP phone would connect your ISP's modem router to your phone, same for TV. BUT cables to all other clients would come from your dumb router. This can make laying of cables fare more complex. People have invented virtual LANs to make good with that difficulty. </p><p></p><p>My home is setup this way, except that the dumb router is replaced, for me, by a pfSense router acting the way an Airport Extreme would: setting up a LAN for family and LAN2 for guests and IoT things. </p><p></p><p>Now, unless somebody already suggested it, you have one more option in your bag. Cheers.</p></blockquote><p></p>
[QUOTE="michelangelo, post: 1780211, member: 54225"] To add one option to the ones you already have sitting in front of you, I will dig a part of your post #10 (nearly a century ago) Let us presume the following: 1 - That you want to carry on with the voice over IP provided by your current ISP; 2 - No presumption for TV since you only carry one vote; 3 - You accept to believe that the Alien (a thing protected by secrecy) is there for your good, but do not want to be harmed in the event the Alien would become corrupt, hostile; THEN, you may want to explore, as an alternative to your other options, the one outlined above. Your current ISP's router has a LAN IP address of 192.168.0.1, it creates a LAN containing a block of 256 IP Addresses, in the range [192.168.0.1 ; 192.168.0.256] Your VoIP telephone is a client in this LAN, your TV too, so are all your other devices (printer, macs, iPhones, treadmill, what else) You could grab a dumb (or no so dumb if you prefer) router, attach its WAN side to the above network (its WAN Address would be 192.168.0.xxx, attributed by your ISP's router) and ask this dumb router to distribute IP addresses in a second LAN (call it LAN2) in a separate range of addresses. I would choose, for laziness, the range 192.168.1. 1 to 256, 192.168.1.1 being the LAN2 address of dumb router. Then you are done. You would ensure that wifi is off on your ISP's router, to prevent involuntary connection to an IP address in the range 192.168.0.xxx and configure a wifi access point behind your dumb router. What you have achieved there is a double NAT whereby you have a router after your ISP-supplied router. With the possible exception of TV (depends on the votes), your telephone is the sole client of your ISP's router. All other clients you have in your home, whether wired or wireless are now attached to the dumb router and are therefore in a separate network. Alien is alone with your telephone in the first LAN, all your personal stuff is well protected in LAN2. In the event Alien becomes corrupt, hostile, crazy, whatever, your LAN2 is protected because there is no way Alien can access any of its clients, because there is no way Alien can go across dumb router. What is the takeaway ? Airport utilities will complain. Airport Utilities don't like double NATting. Ask it to shut up; If you ever need holes in your firewall (which, as you mentioned after a Shields Up test, is pristine: no holes, all ports are closed -no entry- and stealth -no reply to ping- so far) in order to permit: access to your mac, gamers to receive chat from other online gamers, a ring on your Skype... there you would also need holes in two firewalls, which is way more complex; The cables to your VoIP phone would connect your ISP's modem router to your phone, same for TV. BUT cables to all other clients would come from your dumb router. This can make laying of cables fare more complex. People have invented virtual LANs to make good with that difficulty. My home is setup this way, except that the dumb router is replaced, for me, by a pfSense router acting the way an Airport Extreme would: setting up a LAN for family and LAN2 for guests and IoT things. Now, unless somebody already suggested it, you have one more option in your bag. Cheers. [/QUOTE]
Verification
Post reply
Forums
Digital Lifestyle
Internet, Networking, and Wireless
Curiosity About 2 Routers In IP Scanner Results
Top