Cascading Router/Network

SandLake · 17 Aug 2022 at 09:54

I have a home network which works pretty well but I would like to try out some other equipment. Is it straightforward and generally a good idea to add a 2nd router to an existing network - if the existing network is for example on 192.168.1.X and the new router is on 192.168.2.X. The new router would typically have 1 client, a laptop, connected to it?

Just to allow me to try out PfSense.OpnSense, OpenWRT and also to try setting up VPN's and adblocking configurations - then to factory reset or rebuild the router and start again.

ChrisD. · 17 Aug 2022 at 09:58

If you only have 1 ISP line, you can't have multiple routers doing NAT on it, you can only use one at a time to properly test out OPNsense etc. Well you can, if you do double NAT but that won't properly test out what you're wanting to do.

WJA96 · 17 Aug 2022 at 12:09

You can certainly do this. You just set the WAN source in Router 2 to be DCP or Fixed IP from Router 1. Router one has an address range of /24 (xxx.xxx.xxx.1 to xxx.xxx.xxx.254) and Router 2 has a different range (xxx.xxx.yyy.1 to xxx.xxx.yyy.254) with or without DHCP. This is literally what routers do. Move traffic between subnets.

As @ChrisD. pointed out, you will end up with multiple NAT (not a massive issue) unless you turn off the NAT on one or other routers. PfSense etc. let you turn off NAT so that shouldn’t be an issue.

WJA96 · 17 Aug 2022 at 12:12

ChrisD. said:
If you only have 1 ISP line, you can't have multiple routers doing NAT on it, you can only use one at a time to properly test out OPNsense etc. Well you can, if you do double NAT but that won't properly test out what you're wanting to do.

Would disabling NAT on the upstream (test) router make a huge difference to the performance of something like pfSense, OPNSense etc? It’s not something I’ve ever tested but I suppose it could give an artificially ‘fast’ result.

ChrisD. · 17 Aug 2022 at 12:26

WJA96 said:
Would disabling NAT on the upstream (test) router make a huge difference to the performance of something like pfSense, OPNSense etc? It’s not something I’ve ever tested but I suppose it could give an artificially ‘fast’ result.

My rationale is that I think the OP is interesting in testing new router models/distro's ro replace their current one. Doing that through double NAT won't give a realistic result of the full experience.

WJA96 · 17 Aug 2022 at 13:02

ChrisD. said:
My rationale is that I think the OP is interesting in testing new router models/distro's ro replace their current one. Doing that through double NAT won't give a realistic result of the full experience.

It’s a fair point. BTW - were you aware that, by default, UT has NAT switched off?

ChrisD. · 17 Aug 2022 at 13:06

WJA96 said:
It’s a fair point. BTW - were you aware that, by default, UT has NAT switched off?

Yeah, it’s off until you define a WAN interface if I remember right. It’s been a few months since I set it up though.

WJA96 · 17 Aug 2022 at 14:30

As far as I can tell it’s currently off even after you have defined a WAN interface.

They used to ask a question in the setup wizard about whether or not it was the primary firewall or behind another router but now it seems to assume it will be behind a NAT’d interface, and that’s clearly not always the case.

It‘s only a couple of clicks to turn it on and I just find it surprising in an otherwise very safe default configuration.