Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Mesh Charts

Click for Mesh Charts

Variations and Limitations

Although the example shows one wired and two wireless routers, you can use any combination of router flavors. If you need more private networks, just add more routers, connecting each one's WAN port to an "Internet" router LAN port.

If you use multiple wireless routers, set each one to a different channel (1, 6, or 11 for up to three and 1,4,8 and 11 for four router setups) and use different SSIDs so that clients can tell the LANs apart. To control access, use different WEP keys for each WLAN and you may want to enable MAC address association control too.

Dedicated servers are easy to handle by just connecting them to the "Internet" router and forwarding the appropriate port(s) to the server's IP address. This is also where you would put computers used for file and printer sharing, since they can be reached by computers on either private LAN (but not vice versa). If you don't want to share files from computers connected to the "Internet" router, be sure to disable File and Printer sharing on these machines, or password-protect the shares if you want to do selective sharing.

Tip! TIP: Shared resources on File and Printer Sharing-enabled machines connected to the "Internet" router won't be seen in My Network Places / Network Neighborhood on computers connected to either "LAN" router. But they can still be accessed from any of the "LAN" machines. See this part of the Setting up File and Printer sharing between two routers Problem Solver for the how-to.

Everything comes at a price and the trade-off in this setup is the difficulty in handling Internet services where requests originate from machines someplace else on the Internet. Allowing inbound traffic means opening holes in two firewalls, which gets a little tricky due to the way that NAT-based firewalls work.

Depending on the application you're trying to use, you might be successful opening only the ports you need on the "Internet" router and the "LAN" router that connects to the computer that's running the Internet-accessible application. Note that when you configure port forwarding on the "Internet" router, you'll use the WAN IP address of the corresponding "LAN" router because all data that comes out of that router is made to look like it's coming from the WAN IP address - not the IP address of the client itself. The port forwarding rule on the "LAN" router will use the IP address of the specific client machine.

Unfortunately, this "feature" or NAT also means that you can establish port forwarding to only one computer per private LAN because each port forwarding rule must specify a single IP address that the rule applies to. Using the DMZ or "exposed computer" function on the routers doesn't help either, because, again, you can specify only one IP address for the DMZ computer.

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Don't Miss These

  • 1
  • 2