Networking help please.

[JuJuJurassic 49]

yes, but you'll lose the traffic segmentation. Each network does "Housekeeping". Having smaller networks reduced the amount of "Housekeeping" traffic. Larger networks have more "Housekeeping" traffic, but depending on the nature of the devices, the traffic shouldn't be an issue.

 

 

[rbjtech 5284]

The question to ask is why do you need seperate networks and if the reason is to keep traffic segmented, then to allow traffic to pass from one to the other, you need a router and a firewall or ACL switch acting as a firewall - it's that simple.   If you just forward all traffic (or use trick subnets as described above), then there is no point, you may as well have joined/bridged the networks or simply made it a 'bigger' network if that is the restriction.  I have about 8 vlan's on my home network for segmentation - all traffic that needs to flow across the vlan's goes via my firewall rules (if allowed) as that is also the gateway.  For example, I pass traffic from by IoT network (where emby server and most fixed clients live) to my mobile network so emby can be used on mobile phones.  reverse proxy sits on a dmz network etc.

If you want to start doing more complex networking - then you need to invest in proper kit - build your own using software like pfsense, or maybe invest in prosumer kit such Ubiquiti switches and routers that allow you to do this configuration - as ISP supplied equipment simply will not have the ability to do it (beyond maybe a 'Guest' network).

Edited October 29, 2024 by rbjtech

[rbjtech 5284]

15 hours ago, chlywly said:

Subnets are already 255.255.255.0 on both networks. My modem requires 2 separate network/peripherals to pump full Gig/up-down split on a 2Gigabit banwidth frame.

Also - I don't fully understand this ?

Are you saying you have a 2Gb WAN connection - but the modem presents this as 2 x 1Gb LAN connection ?   (if yes, that is very odd).    Normally, for higher bandwidth that 1Gb, they will simply provide a 2.5/5 or 10Gbit copper or SFP type connection.    Other than using trick framing, you cannot get '2Gb' of bandwidth (on the same connection) out of 2 x 1Gb interfaces - it simply doesn't work that way.

Edited October 29, 2024 by rbjtech

[chlywly 1]

3 minutes ago, rbjtech said:

Also - I don't fully understand this ?

Are you saying you have a 2Gb WAN connection - but the modem presents this as 2 x 1Gb LAN connection ?   (if yes, that is very odd).    Normally, for higher bandwidth that 1Gb, they will simply provide a 2.5/5 or 10Gbit copper or SFP type connection.    Other than using trick framing, you cannot get '2Gb' of bandwidth (on the same connection) out of 2 x 1Gb interfaces - it simply doesn't work that way.

Correct. The modem (fiber) requires 2 LAN ports activated that it will stream full 1gigabit up/down to (each) respectively. Also, my PC/Qest (Router) is isolated for a stable connection upstream for Virtual Desktop; also recommended.

However, given the difficulty of all this I will try 1. The subnet mask change 2. Switch the Shield over to the other router.

Edited October 29, 2024 by chlywly

[rbjtech 5284]

10 minutes ago, chlywly said:

Correct. The modem (fiber) requires 2 LAN ports activated that it will stream full 1gigabit up/down to (each) respectively. Also, my PC/Qest (Router) is isolated for a stable connection upstream for Virtual Desktop; also recommended.

ok - strange but that technically makes sense if they are seperate networks, but they cannot be 'one' network.  If you try the subnet trick, I don't believe it will be allowed.

Does the router have any LAN routing or maybe a firewall that lets you specify the interfaces ?   Ignore the WAN routing/ports/forwarding/nat etc - that is not the issue here.

You simply want to bridge(route) LAN traffic from 192.168.1.x to 192.168.2.x on port tcp 8096

Edited October 29, 2024 by rbjtech

[Carlo 4561]

Does your router not have the ability to add static routes?

This would be the preferred way to do this as you could set up a routes to only allow TCP packets from one segment to reach only the IP of the Emby server and only allow TCP from the Emby server to reach the other segment.  This keeps each network (and it's broadcasts) separate while allowing ONLY TCPIP packets to and from a specific IP on the other network.

[chlywly 1]

On 28/10/2024 at 16:57, chlywly said:

Thanks I think I understand, where as Im on 255.255.255.0 I should change subnet mask on both routers to 252.0 (will try)

So I tried the netmask to 252. Did not work even broke my static routes with and without.

I do have static routes setup but something about how envy and shield functions it does not want to communicate with an off network device even with a static routes.

It may be a shield limitation.

[rbjtech 5284]

20 hours ago, Carlo said:

Does your router not have the ability to add static routes?

This would be the preferred way to do this as you could set up a routes to only allow TCP packets from one segment to reach only the IP of the Emby server and only allow TCP from the Emby server to reach the other segment.  This keeps each network (and it's broadcasts) separate while allowing ONLY TCPIP packets to and from a specific IP on the other network.

?  That is not a static route.   What you are describing (I think) is an ACL or Firewall - as I described earlier in the thread.

[chlywly 1]

22 hours ago, rbjtech said:

?  That is not a static route.   What you are describing (I think) is an ACL or Firewall - as I described earlier in the thread.

I most certainly setup static routes.

Thus far I've tried:

Static routes.
Adding a secondary IP (on my Server) to be on the same subnet as Shield.
Expanding range of subnet mask.

Nothing has worked.

 

[rbjtech 5284]

What is the make/model of your router that has the 2Gb WAN connection and 2 x 1Gb LAN ports, each assigned an RFC1918 network (192.168.1.0/24 and 192.168.2.0/24 in your case) ?

Pls also show your routing table.

[chlywly 1]

On 04/11/2024 at 11:31, rbjtech said:

What is the make/model of your router that has the 2Gb WAN connection and 2 x 1Gb LAN ports, each assigned an RFC1918 network (192.168.1.0/24 and 192.168.2.0/24 in your case) ?

Pls also show your routing table.

You mean my modem? I believe it's called a Zone.

Here is my full system.

Router/Modem

Asus Router


GiNet Router

 

 

 

 

 

 

 

 

 

[rbjtech 5284]

Hmm - lot's of things going on here - I think a diagram of some sort would help.

Is 10.88.111.x where your emby server sits ?  If yes, where does the Asus Router and 192.168.1 and .2 networks come into this.

I feel like you are trying to overcomplicate this by adding routers and hardware you don't need. 

[chlywly 1]

5 minutes ago, rbjtech said:

Hmm - lot's of things going on here - I think a diagram of some sort would help.

Is 10.88.111.x where your emby server sits ?  If yes, where does the Asus Router and 192.168.1 and .2 networks come into this.

I feel like you are trying to overcomplicate this by adding routers and hardware you don't need. 

10.88 x is the IP range my fiber modem assigns to the routers connected to it (WAN)

Connected to it's 2 lan ports (for full giga up/down) on each port,  are:

1. Asus - 192.168.1.x (Contains Sheild)
2. Ginet - 192.16t8.2.x (Contains PC - Emby server)

Edited November 6, 2024 by chlywly

[rbjtech 5284]

so this is where I think you are going wrong - 10.88.x is not a WAN address, it's a LAN address (RFC1918)

Therefore, use it as your LAN - via switches.  The Asus as a 'router' is not required - you can use it as just a simple switch if you like (LAN ports only).

[chlywly 1]

5 minutes ago, rbjtech said:

so this is where I think you are going wrong - 10.88.x is not a WAN address, it's a LAN address (RFC1918)

Therefore, use it as your LAN - via switches.  The Asus as a 'router' is not required - you can use it as just a simple switch if you like (LAN ports only).

I see what you're saying but if I use the Modem as the router and the other routers as a switch I don't get the full bandwidth of the 2 Giga/up-down... Don't ask it's just how it works... Its what the ISP said. Not to mention the Zone modem/router needs me to login to the ISP's management hub which gives me very little (almost no) options to manage traffic or anything else

The only solution is to actually create routes that work! alas, it seems to be impossible between some peripherals even when it's setup.

Edited November 6, 2024 by chlywly

[rbjtech 5284]

Any 'bandwidth' the ISP connection has is simply split over however many ports you have on the LAN.     If that is restricted by the 1gig port  - then as I said much earlier in this thread, then simply get a 2.5Gb capable switch to connect directly to the modem/router (which I see has a 2.5Gb port) - then your 2Gb internet is distributed to any 2.5Gb or 1Gb ethernet port.   If you have a 2.5Gb uplink (to the modem/router) but then only 1Gb distribution - then again - that's fine - you could have 2 x 1Gb ports using 1Gb each at the same time.

Edited November 6, 2024 by rbjtech

[chlywly 1]

2 minutes ago, rbjtech said:

Any 'bandwidth' the ISP connection has is simply split over however many ports you have on the LAN.     If that is restricted by the 1gig port  - then as I said much earlier in this thread, then simply get a 2.5Gb capable switch to connect directly to the modem/router (which I see has a 2.5Gb port) - then your 2Gb internet is distributed to any 2.5Gb or 1Gb ethernet port.   If you have a 2.5Gb uplink (to the modem/router) but then only 1Gb distribution - then again - that's fine - you could have 2 x 1Gb ports using 1Gb each at the same time.

Yea that makes sense, but the huge issue with management and customizability still stands. I literally can't do anything on their admin panel. I need to be a able to manage my network, ports, firewall etc.

[rbjtech 5284]

You need to ask the ISP if you can use your own router - and then get one/make one that supports the fiber and has suitable ethernet/lan ports (2.5Gb, 10Gb etc)

[Carlo 4561]

If you have a retired PC lying around, it might make a kick ass firewall/router running pfSense or OPNsense, depending on the network ports it has or open slots to drop in a 4-port NIC.
Around $50 on Amazon can get you a 4 port 2.5Gb card, About $150ish for a 4 port 10Gb 10BaseT PCIe 5, 2 port 10Gb 10BaseT PCI 4 around $60. These 10Gb are Intel rj45, not Rockwell or Broadcom. The 2 Intel NIC support 100Mb, 1Gb, 10Gb with no 2.5Gb or 5Gb. 10BaseT single port 10Gb can be had for $25-30 on Amazon. You could find even less expensive uses on eBay.

I've got 100Gb InfiniBand in 6 Servers used as a backbone. Then I've got dual 10Gb 10BaseT NICs in 6 servers  connected to a MikroTik 10BaseT Cloudrouter using LACP to make each 20GB with 4 10GB ports using LACP connected to my PC router on a VLAN with a Quad 10Gb NIC as well as 2 Quad port 100Gb Infiniband NICs. The 2 remaining 10BaseT ports connect using LACP to another Cloudrouter that connects to everything else in the house. The Cloudrouter supports 100Mb, 1Gb, 2.5Gb, 5Gb & 10Gb on each port.

The PC Router/Firewall has all internal ports on VLANs with another 10BaseT card connected to My FIOS connection.  I can route between Ethernet and Infiniband for internal connections as well as host VPNs, run my firewall, provide QOS bandwidth shaping as well as do reverse proxy functionality.  I have all servers and routers using DRMA so NICs can access memory and PCIe lanes without CPU intervention. Almost forgot I run both a transparent cache & PiHole for internal DNS with filter lists to block add network & malicious domains. PiHole alone supplying local DNS as well as blocking add sites make a big difference browsing sites as page sizes are often quite a bit smaller. You don't realize how many ads are on some websites until you view them without the ads or JavaScript files being loaded.

I'm certainly not suggesting this setup but an older desktop i5 ish with a Quad NIC card or 2 even just 2.5Gb per port would make a really good router/firewall and maybe reverse Proxy functionality as well if you wanted.