Home Network Guy Forum

Home Networking => Troubleshooting => Topic started by: tudo on January 26, 2023, 08:59:45 PM

Title: Network novice - 2 private networks question
Post by: tudo on January 26, 2023, 08:59:45 PM
I moved into a new location that has a service provider that only allows their infrastructure, and users are on a common ssid for wireless.  When I plug into the wired ports, I am given a private ip address but have no idea if I'm sharing the same subnet as others on my floor.

My problem is I want to use my NAS (it's wired only) and ensure only my wired and wireless devices can see it.  I have an unused wireless router that I can reuse, but can I insert the router after  the building Ethernet to create my private network before it goes to the building's private network?  Wouldn't that be double NATing?  Do home routers even allow this?

Any help on building my network is appreciated.
Title: Re: Network novice - 2 private networks question
Post by: Home Network Guy on January 26, 2023, 10:36:36 PM
Yes, if you use your own consumer grade router, you will have an isolated network.

You will also be double NATed. Double NAT is not a feature that has to be supported by the router. Instead it simply means that router 1 has NAT enabled and router 2 which is plugged into router 1 also has NAT enabled. Any devices plugged into router 2 will be behind 2 NAT firewalls.

For the most part, double NAT will work just fine especially for browsing the Internet or using cloud based services (since they are often designed to allow internal/external access to private networks behind NAT firewalls).

The big problem people always talk about with double NAT is it makes it harder for others to access your devices. That may not sound bad but it can cause issues with gaming or other services where users are trying to connect directly to your system/device. Some users use encrypted tunnels using Cloudflare or other providers in order to access their internal network remotely and securely.
Title: Re: Network novice - 2 private networks question
Post by: tudo on January 28, 2023, 12:22:20 AM
I have inserted my personal router after the building's network.  I now need some advice how to access the Internet from the LAN clients on my personal router.  The WAN port of my personal router has an IP of 10.31.1.166 and i have set the DHCP server on the LAN side to allocate clients from 172.16.0.1 range.  I did this to ensure my private network to have isolation from the building's private network.

How do i configure the router so the 172.16 clients use the 10.31.1.166 address to access the Internet or is this even possible?  I have tested the building's Internet access by plugging the cable from their wall socket into a PC and could browse the Internet successfully.  Thanks.
Title: Re: Network novice - 2 private networks question
Post by: Home Network Guy on January 28, 2023, 08:38:15 AM
If you have the WAN interface set up to use DHCP, clients on your LAN should be able to access the internet since it should use the DNS server of the WAN address and use the WAN interface to get out to the Internet.

One thing you may have to check is to make sure the WAN interface blocks private network addresses since that may block your LAN from accessing the Internet. I don't think consumer routers do that but maybe newer more feature rich consumer routers may do that to potentially improve network security (since if the router is directly connected to the Internet, it should not have any private IP addresses coming from the public Internet).

In OPNsense for example, you have to allow private IP addresses on the WAN interface if you are running behind another router.