Sharing device on 3 networks

[8666]

There are 3 separate home networks for 3 families in a big house/building. Each with own router and different ISP. Networks can not be joined in one for privacy reasons.

Now there are some IP devices that need to be used by all network users (in future IP cameras too)

The easiest way would be to hook the shared devices in one network and open ports on the router to be available from the other 2 networks. However the speed might be a problem as lot of data needs to be transfered and it makes additional Internet traffic. I want fast 100Mb LAN link or Wireless 54Mb speed.

New wiring is not a problem. I also have a flashed WRT54GL router that opens some options but the other two networks are with "normal" routers. Old Cisco pix vpn router is available to be used.

There is a possibility to config the WRT router to have two wireless networks and form a special separate VLAN with one port of the switch but you will need to connect to that "special" wireless network to access the shared devices (leave you home network). Other ideas? A PC wth 3 net cards?

[cybertimber2008]

  On 24/05/2012 at 13:15, 8666 said:

Each with own router and different ISP. Networks can not be joined in one for privacy reasons.

What are the privacy reasons? Because I think it would be possible to connect the networks, but still let the individual families have their privacy.

[+BudMan MVC]

You can keep their networks separate.. Since you state

"New wiring is not a problem. I also have a flashed WRT54GL"

Now if your other routers have the ability to add routes it will be very simple, if not you would have to create host routing.. But still very easy to do.

So I can draw this up later, but have to run for work in a few minutes.

So your wrt54gl -- dd-wrt on it, put it in ROUTER MODE, not gateway - ROUTER.. Now you can just connect the 3 other routers networks (they have do be different - say 192.168.1.0/24, 192.168.2.0/24 and 192.168.3.0/24) Then on the wrt54gl you will have a 4th network for your common devices say 192.168.4.0/24

Now on each of the 3 other routers create a route to the wrt54gl interface you put in that newtork for the 192.168.4.0/24

As long you don't create routes to the other networks on the different routers they wont be able to know how to get to those networks. And on the wrt54gl you can actually firewall between the different segments. So in the future if you want to allow some traffic that would be possible too, just need to add the routes to those network.

Once I get a few free moments at work today I will draw it up for you.

[+Nik Louch Subscriber²]

^ And that's why he's an MVC!

[8666]

BudMan I really need a drawing. The WRT is with Tomato now and is used as router on one of the networks. It is in gateway mode now. And there are two other networks for the other two families.

[+BudMan MVC]

I have been tied up with real work all day, freaking weird ass issue that can not duplicate. But location is saying they are having.

More than happy to draw this up for you - just have not had a chance yet. There are couple different ways it can be done, depending on the feature set of the routers the 3 networks are using.

Could you send me the make and model numbers of those devices and we can see if they can do routing and vlans, or if they support dd-wrt/tomato.

Btw - tomato might be able to do it as well. Have to take a look.

[8666]

I do not know what they are but they are cheap basic routers so let's forget about using them beside providing Internet. I can just use one port on them to wire them to the shared device somehow.

[+BudMan MVC]

even the cheapest routers allow for routing.. If not you will have to create the routes on each host on each network that wants to access this other network. If the routers support routes -- which come on they have routers in their names ;) They should be able to add a route!

Then any box on that network would be able to get to the new network. If not then you have to create the route on each host, PITA ;)

Drawing it up now -- give me a few minutes.

[+BudMan MVC]

Ok here is quick drawing - I might of left some stuff off, but its a starting point for discussion. And just duplicate the info for the different devices in the different networks.

So This wrt54gl - router 4 in the pic. Create 4 different vlans, assign IPs on each interface in the vlan 192.168.1.2, 192.168.2.2, etc.

Now on each host, since your assuming the routers can not do extra routing that you want to be able to access this common 192.168.4.0/24 network you have to create a route to use the 192.168.1.2 to get to that network.

That pretty much it. On the router 4, you can create whatever firewall rules you want to allow or deny traffic between the segments. But since there wouldn't be any routes to those networks, and hosts would be using their respective internet routers (1,2,3 in the pic) then they would have no way of getting to these other networks anyway.

I will have to look at tomato to see if you can put the different interfaces in different vlans - I believe you can, and it does support just plain jane router mode, etc.

So for example p-3 if you want it to be able to get to the common 192.168.4.0/24 network. Then add a route on it for 192.168.4.0/24 to go to 192.168.3.2

I assume if your going to have multiple devices on the common 192.168.4.0/24 network you will need a switch or 2, since your wrt54GL is going to have only 1 port left after you connect the networks together.

Let me know any questions you have, or if you would like me to draw it up with method 2 if your other routers support vlans. In that case you just create the 192.168.4.0/24 on 1 port of them and connect them all to a switch. Advantage of that way is no extra routes have to be created. Each client would already have its default route to its router, and each of those routes would have an interface in the 192.168.4.0/24 network. So it would no how to get there. So 4th router not needed in that case.

edit: Ok I just took a quick look and from what I can tell with tomato 1.28 I don't see where you can create vlans, you can add routes -- but don't see where you can put different ports into different vlans like you can on dd-wrt.

If your going to want to do this your prob going to have to put either openwrt or dd-wrt on that wrt54gl. Or maybe tomato-usb can do it?

edit2: So here is how you could do it if the other routers supported vlans.

Problem is without that 4th router you would have to create the routes to the other networks on each device in the common 192.168.4.0/24 network -- which on a PC sure, but maybe not able to do that on say a webcam?? Since they are so close in setup, I just created the other drawing so its up there if anyone else might want to do something like this.

[8666]

Thanks. It's more clear now. I will probably go with the first option. The other cheap solution is to use old PC with 3 LAN cards as sheared device :)

The basic Tomato can create VLANs but not with GUI.. however there are few mods that can do it.

[+BudMan MVC]

"The other cheap solution is to use old PC with 3 LAN cards as sheared device"

Exactly that would be the ghetto way of doing it.. Then if you added a 4th nic too it and ran a OS that you could route with you could add then do method1 as drawn, just with a pc as your router.