1 network - 2 hardware firewalls??

Discussion in 'Networking Issues' started by Miles101, Oct 21, 2008.

  1. Miles101

    Miles101 Addicted to LI Member

    I use 2 computers that are set side by side. I do most of my web activity with all Thibor RC3 firewall options enabled and it's great. The other computer has my TV tuner. Once in a while there is something like shopping for something that makes me have to clear the java, activex and cookies check boxes. I have GL routers that I use for setting cameras out of range of my one base router. Once in a while I use these routers in WDS mode for the cameras but most of the time I have a router sitting in the closet. I am hoping to learn how to use a second router connected to the internet using its WAN port so that I can disable firewall functions in the base router and plug my everyday computer into the second router with a firewall options enabled. Goal being that if I need to have Java or Active X I just switch to the other computer. Any hope for that idea??
  2. wthess

    wthess Addicted to LI Member

    I don't know that I entirely understand what you are trying to do based on the information. Maybe you can confirm for me...

    Here's what I'm thinking you are wanting to do...

    Modem-----> Primary Router WAN port ------> Secondary Router WAN port ----->PC's, printers, etc.

    Am I right?
  3. wthess

    wthess Addicted to LI Member

    Which firewall options are you talking about? I mean, the most secure way to do it is daisy chain those routers. However, the easiest way to do it is use software firewalls on the workstations. Depends on how much security you want or need.

    If you do daisy chain them WAN port to WAN port, you are introducing a lot of "ifs". If you need traffic to come in from the outside to a PC behind both routers, you will have to pass that traffic somehow. Easiest way is DMZ or IPPassthrough. The problem here lies with the fact that you will be configuring both routers on different subnets. While it is very possible, it can be a pain in the rear and very unreliable if you use Linksys to do it. I've configured several this way myself for customers, but they always wound up purchasing higher end routers due to the instability inherent in Linksys routers. Linksys routers are made for basic internet access and aren't meant for more complicated connections you usually see in business environments.
  4. wthess

    wthess Addicted to LI Member

    I still highly recommend you control this with a software firewall if it is a concern to you. You will save yourself a lot of frustration and time, and you'll have a more reliable connection.

    With that being said, here are the very basics of what you need to do to be successful.

    I will call the router connected to the modem router A. The secondary router will be router B.

    -Don't connect router B to router A yet.

    -On router A, make sure you can get to the internet with a wired PC.

    -Login to router and configure the WAN for "always on". Don't use "on demand"

    -Jot down the local IP address and subnet (ex. with subnet of

    -Connect a PC to router B and login

    -In the "internet settings" or "WAN settings" (whatever your router calls it), set it up for "static" IP.

    -For the IP address (WAN or Internet), key a unique IP address in the same subnet of router A. Don't use the same one you jotted down. (ex. I also recommend you choose one not in the range of the DHCP addresses that router A is issuing.

    -For the subnet, use the subnet you jotted down earlier (ex.

    -For the default gateway, use the local IP address of Router A. It's the one you jotted down earlier (ex

    -For the DNS, use the same as the local IP of Router A. It's the same one as the last step (

    Now, for the local IP addresses on router B....

    -Router B must be on a different subnet than router A. On router A my example was 192.168.1.X. For router B, let's use 192.168.5.X. You can choose what you want but keep in mind that devices connected to this router will have an ip address in this subnet (ex and devices on router A will have an ip address in that subnet ( For this example, let's set the IP for Router B to

    -Use a subnet of

    -You can enable DHCP, but I would set it to a range that doesn't include the local IP (ex make sure it doesn't inclue

    Now, you should be able to save your settings. Connect a cable from a LAN port on router A to the WAN port on router B. You should get internet access from devices connected to router B. If you do not, go back and check your settings. If you still cannot get access, there is something else that probably needs to be done with one router or the other. I would need screenshots of those router pages to see what other config options are available.

    Here are some issues you can possibly expect to deal with in the future.

    -If you are using a DSL connection, the connection may drop from time to time. This may require you to power cycle the devices in this order...Modem...wait....router A.....wait....router B.

    -If you need to open up ports to a PC behind both routers, you will have to configure both to pass the traffic

    -UPNP becomes a moot issue unless you enable DMS on router A

    I hope this helps...Once again, I highly recommend you use a software firewall since the functions you are wanting to control are so simple.
  5. wthess

    wthess Addicted to LI Member

    Another loaded question :smile:

    Depends on how large the organization is and what you need it to do. On the low end, Cisco SOHO routers or Adtran NetVanta series. On the high end, look for anything Cisco or Adtran costing more than a couple of thousand dollars. When it comes to routers, you get what you pay for. On the low end - Cisco and Adtran - expect to spend around $500. You can find some cheaper, but they will have fewer features than the higher priced ones.

    The lure of Linksys, Netgear, D-Link, etc. routers is they are cheap and most suited for home use. Personally, I consider them low end of the low end of routers. Don't get me wrong...I have several of them and don't use them for critical business concerns. I just don't feel it necessary to spend $500 for a router to put in my home so I can access it via VPN 2 times a week for 10 minutes, which is why I subsequently suggested you use a software firewall for what you are trying to do.
  6. wthess

    wthess Addicted to LI Member

    You could also disable cookies, java, and active X from the browsers. The performance hit comes from the running of active-x and java rather than the router passing it.

    In actuality, with hardware firewalling, your internet throughput will slow down some since the router has to block that traffic. The more firewall options you have enabled at the firewall level, the slower your throughput will be. However, the throughput will not suffer too terribly much.

    If you don't like your hard drives clicking and clacking then don't get Vista. You can also disable system restore. Disable the system cache - this will cause most computers to take a performance hit, but you won't see your hard drive light blinking. Disable the swap file...make sure you have plenty of memory before you do this.
  7. wthess

    wthess Addicted to LI Member

    I'm glad it's working out for you.

    As far as the flashing light goes, there are several processes even a Windows install right out of the box that communicate with the internet. An example is automatic updates. Another example is the Windows Time service.

    Many processes run in the background including anti-virus and anti-spyware programs that communicate with servers on the net. As they send out requests, those servers send back replies down various ports. They are harmless. In your new configuration, your PC may still be sending requests down the line, but the secondary router is most likely blocking the return requests, which prevents the requests from getting back to your PC.

    Also, keep in mind that if you are using cable rather than DSL, that internet light will flash frequently. It does not mean that traffic is meant for your network. It could be your neighbors or anyone else, but due to the way cable works, it is unavoidable.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice