News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Fiber Modem/Router to Old Modem/Router

    Home Forums Networking – routers, firewalls, network configuration Fiber Modem/Router to Old Modem/Router

    Topic Resolution: Not a Question
    • This topic has 15 replies, 3 voices, and was last updated 5 days ago.
    Viewing 8 reply threads
    • Author
      Posts
      • #2301064 Reply
        KP
        AskWoody Plus

        Switching to Fiber I wanted to get my old router networking working, connecting an Ethernet line from the old router’s Internet port into the Fiber Router’s Ethernet port, eg LAN2.

        In doing searches, most suggestions say putting in the old router in Bridge mode so I did. It did not keep all the old network information. What is working better is, have the old router in DHCP mode.

        Some background, the old router did the logging into the Internet Service Provider, which is no longer necessary. The old router put the network under the IPv4 address 192.168.1.1.

        The new Fiber Modem/Router creates a network under 192.168.2.1 so the old router network (192.168.1.1) will not conflict with the Fiber network (192.168.2.1).

        I skipped some explanations but the jist of the information is there.

      • #2301116 Reply
        Paul T
        AskWoody MVP

        Why do you want your old router connected? Do you need 2 networks?

        If you connect your old router in non-bridge mode you will double NAT your devices. This is generally frowned upon because it adds nothing and can cause issues.

        If you want a separate network, create a DMZ on your fibre router and set your old router’s WAN port to the same address. Connect the old router to a port on the fibre router, connect your devices to the old router and they will be on a completely isolated network from the fibre router.

        cheers, Paul

        • #2302393 Reply
          KP
          AskWoody Plus

          Right now, the old router network is inside the fiber network as 192.168.2.x. All the devices that connect to the old router are 192.168.1.y.

          I am doing it this way for a few reasons.

          The Fiber modem/router is the “free” telco one (and not a brand I have heard of before) so I am not sure how much to trust it. I should probably treat it like a open free guest network.

          I cannot find a firewall on it whereas the old modem/router has it.

          My branded modem/router has the manufacturer’s firmware with periodic updates. I specifically bought it because it also has open-source firmware available.

          My previous modem/router also has the choice of open-source firmware, which I have since applied and will probably add as another private network under the address 10.168.1.1.

          I did not want to re-do the settings on my network such as MAC-filtering. I use MAC-filtering to white-list devices that are known to me and hence allowed on my network. If I flash the open-source firmware on the old modem/router, I will have to re-setup everything to get it the way I have it now.

          I am thinking thorough the DMZ configuration and trying to understand. Do I set a DHCP Reservation address for the old router, then point the DMZ at the reserved address 192.168.2.z ?

          • #2303150 Reply
            KP
            AskWoody Plus

            I thought of one more advantage of putting 192.168.1.1 inside the 192.168.2.1 network, rather than in the DMZ. It is easier to do because you do not have to configure a DMZ, telling it which devices goes in the DMZ.

            For anyone considering this, weight the advantages and disadvantages and choose what fits best for your circumstance.

      • #2302476 Reply
        Paul T
        AskWoody MVP

        Setting the DMZ high in the list (192.168.2.250ish) will allow you to use lower addresses for devices if required and the DHCP server will automatically exclude that address (unless it’s a really bad implementation).

        cheers, Paul

        1 user thanked author for this post.
        KP
        • #2302656 Reply
          KP
          AskWoody Plus

          I was poking around in the fiber router and understand.

          So as you said 192.168.2.z, and better to reserve an address (static address) so it does not change on any re-boot. I can look to see the range where the DHCP is allocating addresses, and choose an 192.168.2 address outside the DHCP range, so as to not cause a network address conflict.

          On more exploring, the fiber router does have a firewall, you just can’t turn it off.

          Once I understood a DMZ sits outside of the firewall, you knew it had a firewall.

          So an advantage of the DMZ is slightly faster traffic flow to the 192.168.1.1 network, configuring the 192.168.1.1 network  in the DMZ, because it will bypass the fiber router firewall.

          I like the 192.168.1.1 network inside the 192.168.2.1 network because traffic will have to pass through two firewalls; more security offset by slower traffic speed.

      • #2302718 Reply
        Paul T
        AskWoody MVP

        You don’t need to reserve a DMZ address in DHCP.

        cheers, Paul

        • #2303149 Reply
          KP
          AskWoody Plus

          So I thought I would try it out the DMZ.

          The way the ‘free” Fiber router (192.168.2.1) works is you select the old router (192.168.1.1) in the DMZ administration area (point and click). The old router (192.168.1.1) will have a 192.168.2.z address given out by the Fiber router’s DHCP. By selecting it, it goes into the DMZ.

          The Fiber router seems to have no address reservation capability.

          I set the DMZ, and re-boot the fiber router and old router, and ran a tracert command. With the DMZ on, the trace route’s first few hops are:
          192.168.1.1
          192.168.2.1
          Internet

          It was the same with and without the DMZ. With the DMZ on, I expected
          192.168.1.1
          Internet

          I thought it would skip over the 192.168.2.1 router and go straight out to the Internet. I am sure if the DMZ was working or not. I turned the DMZ back off.

      • #2303152 Reply
        KP
        AskWoody Plus

        correction: For this Fiber router, I cannot put the 192.168.1.1 network outside of the 192.168.2.1’s DHCP range of addresses.

      • #2303210 Reply
        Paul T
        AskWoody MVP

        A tracert will always return both router addresses because that is the path followed.

        You do not configure the 192.168.1.x network on the fibre router.
        Set a DMZ address of 192.168.1.250.
        Set the “old” router’s WAN port to 192.168.1.250.
        Connect the “old” router’s WAN port to any LAN port on the fibre router.

        If you don’t change the “old” router’s WAN port you will still be using double NAT, so testing is just a matter of changing the WAN port to auto configure or fixed.

        cheers, Paul

        • #2304991 Reply
          KP
          AskWoody Plus

          The fibre router’s DMZ only allows for addresses beginning with 192.168.2. This must be different from what you have, after all this is a supplied “free” modem/router hence you sort of expected this, not to be full featured hardware/software. Probably better that I am behind a branded router.

          Thanks for your efforts.

          I am not concern about the double NAT. Because of the double NAT, I get to run through two firewalls and I am OK with it.

      • #2305094 Reply
        Paul T
        AskWoody MVP

        The fibre router’s DMZ only allows for addresses beginning with 192.168.2

        My bad, the WAN address on the your old router should be 192.168.2.250.

        cheers, Paul

      • #2305469 Reply
        Michael432
        AskWoody_MVP

        Neither router needs to be in bridge mode. Double NAT has a bad reputation, its fine. Heck, having two networks increases your security. See this for more
        https://www.michaelhorowitz.com/second.router.for.wfh.php

        To test the firewall on the new router see this page. A firewall is just a bunch of rules, saying that its on, tells you nothing of any use. Testing it does.
        https://routersecurity.org/testrouter.php

        I disagree with the suggestion to use a DMZ. The firewall in a router is your best friend.

        Get up to speed on router security at RouterSecurity.org

        2 users thanked author for this post.
        • #2306294 Reply
          KP
          AskWoody Plus

          Here is an improvement on the idea; knowing the two firewalls are using different technologies so if one type of firewall does not stop bad packets, the other firewall may work.

          The tough part is finding out what firewall each router is using, to ensure they are both using different firewalls otherwise it is a wasted effort to run the same traffic packets through the same type of firewall, except twice.

          • #2306400 Reply
            Paul T
            AskWoody MVP

            Router OS is inevitably Linux based and the firewall is probably the same, but that doesn’t mean the firewall is badly built or doesn’t work. Router security issues are poor security around admin access and unpatched bugs. Given the relatively short model life of routers, manufacturers don’t patch beyond a year or two.

            cheers, Paul

      • #2305628 Reply
        Paul T
        AskWoody MVP

        The DMZ provides complete isolation between the two networks. It’s down to whether you want 2 separate networks or just one on top of the other and whether double NAT is an issue for you – it is of you want to run a game server.

        cheers, Paul

    Viewing 8 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Fiber Modem/Router to Old Modem/Router

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.