0

I'm trying to set up two separate private networks connected to one Internet Service Provider. My ISP has supplied 1 Modem-Router (X) and then I have 2 other different Routers (Y & Z).

I have already successfully set up a similar thing before using "non-bridge" as the Switch Mode for the Modem-Router (X). But constant DDOS attacks and Port Scans on the Modem-Router (X) made that type of connection impossible. Only "bridge" connection type seems to work but only with 1 Router (Y) connected. My question is, how do I add one more Router (Z) in this kind of set up and is it even possible? Kindly see the network diagram below that I have in mind.

Home Network Diagram:

enter image description here

Improve this question
5
  • 1
    Is it your intention to isolate the two sub-nets? Why do you think that this config is more resistant to DDOS (and why would you be attacked)?
    – harrymc
    Commented Sep 27, 2020 at 16:25
  • Yes, I need to separate the 2 networks. This is so I can easily reset the configuration and/or firmware of any router without affecting the connections of each network. The 1st network would connect devices from trusted users and has strict security settings. The 2nd network would be for guests and for use of software and allowed visits to websites that are normally restricted on the 1st network.
    – RendCycle
    Commented Sep 29, 2020 at 7:07
  • The router used by the 1st network has higher specs and updated security software. The router for the 2nd network is quite old and its intended to be regularly reset. Not sure if the DDOS attacks are deliberate. I have a hunch it is caused by a persistent Malware that infected one of our connected devices making it part of the botnet.
    – RendCycle
    Commented Sep 29, 2020 at 7:12
  • If the better router supports VLANs, you could do without the old one.
    – harrymc
    Commented Sep 29, 2020 at 8:17
  • I think VLANs could work... But its added complexity for what I need. I just opted to use a manual LAN Switch Splitter Selector Box. Thanks for the suggestions. :-)
    – RendCycle
    Commented Oct 14, 2020 at 6:45

1 Answer 1

Reset to default
0

With ordinary consumer and entry level commercial gear, you cannot do as you have drawn.

I have already successfully set up a similar thing before using "non-bridge" as the Switch Mode

I think that would use a second IP address from the ISP. I have done this as well.

For one External IP Address, you can have one ordinary router and then chain your other routers and devices onto the main router. I do this as well.

DDOS security should be handled by your main router and top grade routers do accomplish this.

Improve this answer
7
  • MAC Cloning worked for me for Routers Y & Z if using "Router Mode" for the ISP's Modem (X). But the Internet connection speed still degrades and becomes intermittent similarly if only one Router is connected to the Modem. I guess this happens because Modem is old and has low specs that it can't handle too many DDOS attacks.
    – RendCycle
    Commented Sep 29, 2020 at 7:18
  • Do you have a suggested budget-friendly commercial-grade Wireless Router that can handle these DDOS attacks?
    – RendCycle
    Commented Sep 29, 2020 at 7:21
  • I have another idea but I'm not sure if it will work. What if I directly connected a Switch instead to the Modem (X) and then connected both Y & Z Routers to the Switch, Would you know if I can still use "bridge mode" for the Modem (X) and have the other 2 connected Routers work?
    – RendCycle
    Commented Sep 29, 2020 at 7:24
  • I'm kinda worried of connecting the old Router (Z) to the other newer Router (Y) because I think the old one still has unremovable Malware even after a hard factory reset and firmware upgrade. Thus I'm aiming for a direct connection to the Modem for both Routers and just regularly reset Router Z every time it experiences problems.
    – RendCycle
    Commented Sep 29, 2020 at 7:38
  • Routers (at least any decent one I have seen) do not have malware, "What if I directly connected a Switch instead to the Modem (X) and then connected both Y & Z " <-- With a single external IP, I do not think that will work. Can you get a decent router?
    – anon
    Commented Sep 29, 2020 at 10:47

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .