Did anyone else see the last episode of SecurityNow with Steve Gibson and goold old Uncle Leo?

[G+_Rud Dog]

Did anyone else see the last episode of SecurityNow with Steve Gibson and goold old Uncle Leo? If you did and have either setup this "3 dumb routers" please shoot me a copy of the "how to". 

[G+_Travis Hershberger]

I made a quick-n-dirty diagram for you.  The idea is really quite simple.  Use one router connected to the internet connection, and the other two routers wan port get plugged into the lan ports on the first router.

 

https://docs.google.com/drawings/d/1p6hWqB81ckdNx5crAquF0yuzbnneqRSoizCB8OmTU-0/edit?usp=sharing

[G+_Rud Dog]

Thanks Travis. I was a bit slow on getting my diagram online but it is very similar to yours what the need is: the settings for the routers IP addresses etc.

[G+_Travis Hershberger]

Rudy Trujillo Ok, WAN ports first.  Router1 - whatever the isp says it should be.  Router2+3 dhcp.  For LAN settings, I'd use different subnets (you can choose from any of the private subnets available, see https://en.wikipedia.org/wiki/Private_network).  Assign x.x.x.1 as the LAN ip address for each of the subnets you choose.  IE Router1 192.168.10.1/16, Router2 192.168.20.1/16, Router3 192.168.30.1/16

 

Also note that I got the network masks wrong in my first reply!

[G+_Rud Dog]

Wayne Hobbins I my case the modem and the router are discrete.

[G+_Rud Dog]

Thanks Travis

[G+_Travis Hershberger]

Wayne Hobbins I'm sure you ISP would love for you to use whatever cheap box they throw at you as a router.  I don't trust them, myself, tho.  So I personally wouldn't.

[G+_Rud Dog]

Wayne, we agree, running the RT-AC87u for my router and so far love it.

[G+_Travis Hershberger]

Wayne Hobbins No.  They do different things.  One is not inherently more complex than the other.

 

I'd argue that routers are the more complex piece of equipment, but I'm used to the enterprise space.

 

A modem (either DSL or cable) is just taking the signal coming into the house and turning it into ethernet.  Think of them as an ethernet to fiber converter box.

 

They've been rolling the functions of both into a single box a lot of times now.  That's how the DSL modem from your ISP offers wireless and multiple network ports.

[G+_Jeff Brand]

https://www.grc.com/nat/nat.htm

https://www.grc.com/nat/nats.htm

[G+_Jeff Brand]

It's probably been discussed, but a smarter router with vlan by ethernet port could work with 2 routers. The 3 dumb router solution works out of the box with all consumer router hardware, without the need to install/configure pfSense, dd-wrt, etc.

 

Fundamentally, it's about isolating traffic originating from all untrusted devices and keeping it away from your own.

[G+_Rud Dog]

Jeff, was not aware routers came with VLAN capability it is also why I like asking questions in the community.

[G+_Jeff Brand]

The VLAN capabilities are chipset specific. I used DD-WRT with supported devices at clients' cafes to allow customer wifi traffic to share internet access without access to the intermediate "business-only" network.

 

In a separate instance, (when I discovered that the VLAN support was chipset-dependent,) I used DD-WRT to create 2 subnets and some iptables rules to isolate traffic between them.

 

In either scenario, the setup was sensitive to a factory reset or even a miss-plugged ethernet cord, which makes it relatively brittle.

[G+_Jason Perry]

I think I am going to go back and watch this episode to see what Steve has to say. I have my entire network set up on a number of VLANs (more out of paranoia than anything), my WAPs are on one, wired devices on another, and "IoT" devices on another.

[G+_Rud Dog]

Jason, if memory serves Steve was advocating VLANs if you had em other wise 3 dumb routers. Gonna watch it again tonight cause wanna set this up for my IOT's

[G+_Jason howe]

Bad idea using routers with xdsl chipsets in them..

main reason I never suggest using these variations of wifi router in this content because often the option very seldom works in the intended way..

especially if you intend to use multiple units..

unless the router in question has a physical support for upto 10gb  you waste your time in deploying it for the cheapness of 1gb hardware these days deployment of 16-24 port switches is a viable deployment solution because saturation of wifi may cause issues of each devices staying connected..

I come from this point of having over 90% of my home network having wireless capacity with the fact of the matter of each user having atleast 10-15 devices requiring some form of  wired or wireless network connection