Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Secure independent connection to internet required
Bteam

89 posts

Master Geek

Lifetime subscriber

#286017 31-May-2021 08:58
Send private message

About to sublet our premises to another tenant and would like to connect them to our fibre connection but have their LAN separate from ours and secure but still on the one bill. What suggestions for how to do this?

 

Thanks in advance

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
decibel
319 posts

Ultimate Geek


  #2715948 31-May-2021 09:06
Send private message

We have a FritzBox which has a guest wifi feature, also one of the LAN ports can be isolated from the others. Which modem do you have?

 

 



Andib
1364 posts

Uber Geek

ID Verified
Trusted

  #2715950 31-May-2021 09:11
Send private message

I assume this is commercial? Any decent firewall will let you do this.
Assign a VLAN to a secondary port on the FW, Give them a separate DHCP scope and ensure there is a block rule between the local networks.




<# 
       .DISCLAIMER
       Anything I post is my own and not the views of my past/present/future employer.
#>

cyril7
9061 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #2715951 31-May-2021 09:17
Send private message

Hi, as others have said a router with more complex feature set than a domestic route will do the job.

 

Cyril



Bteam

89 posts

Master Geek

Lifetime subscriber

  #2715954 31-May-2021 09:20
Send private message

Just the standard Vodafone modem Vodafone HG659. Your suggestion is a possibility I guess

 

Thanks

coffeebaron
6236 posts

Uber Geek

Trusted
Lifetime subscriber

  #2715960 31-May-2021 09:31
Send private message

Request multiple public IP's and assign one of these to their own router.

 

 




Rural IT and Broadband support.

 

Broadband troubleshooting and master filter installs.
Starlink installer - one month free: https://www.starlink.com/?referral=RC-32845-88860-71 
Wi-Fi and networking
Cel-Fi supply and installer - boost your mobile phone coverage legally

 

Need help in Auckland, Waikato or BoP? Click my email button, or email me direct: [my user name] at geekzonemail dot com

Varkk
643 posts

Ultimate Geek


  #2715981 31-May-2021 09:51
Send private message

How long will this be for? It may be worth contacting the supplier to run another UFB link and a new ONT for the tenant if it will be long term. Alternatively it may be possible to get a second connection enabled on port 2 of the existing ONT.

freitasm
BDFL - Memuneh
79323 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2715982 31-May-2021 09:51
Send private message

The easies one would be a guest network and the Fritz does allow LAN4 to be a guest wired network.

 

 

You will be responsible for whatever goes through your network (legal and illegal content). Your usage will be impacted if the users are heavy torrent downloaders (or worse, uploaders which will impact your network performance in general). And if they let visitors use the network... You have no idea who is using it or sharing the password to connect to WiFi.

 

Why not get the second ONT port active with a new connection and let them deal with it?




Please support Geekzone by subscribing, or using one of our referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSync 

 
 
 
 

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.
chevrolux
4962 posts

Uber Geek
Inactive user


  #2716028 31-May-2021 10:47
Send private message

Don't muck around with a consumer grade router.

 

Just get someone to configure a little Mikrotik router for you. Cheap as chips, and will do the job significantly better than any consumer device.

Dynamic
3869 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2716031 31-May-2021 10:49
Send private message

Hi Stephen

If you are super keen on this idea, your options include:

 

  • Leave the Vodafone router as is, and connect a second router behind it for you, and they can also connect up a router behind the Vodafone one.  This would mean you share the internet connection, but neither can touch the other's network.  You would have to connect any WiFi devices to a new WiFi network supplied by the new router.  WiFi printers specifically can be a little tricky to connect to a new WiFi network, so keep this in mind.  You would be double-NATting by accessing the internet through two routers, but for basic internet access this is generally not a problem.  If you are still using the Vodafone router I expect your internet access requirements are still basic.  The advantage to retaining the Vodafone router is that you can ask Vodafone to help sort any internet issues.
  • Replace the Vodafone router with a more advanced router that lets you have two different LAN connections OR as someone pointed out above a router with a guest LAN port.  They connect their router to your guest LAN port, and this prevents them trying to access your stuff.  If you have issues with internet access, Vodafone are much less likely to be able to help you if you are not using their router.

We are Auckland-based and have helped clients with this sort of thing before.

 

Cheers
Mike




“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

 

Referral links to services I use, really like, and may be rewarded if you sign up:
PocketSmith for budgeting and personal finance management.  A great Kiwi company.

Bteam

89 posts

Master Geek

Lifetime subscriber

  #2716039 31-May-2021 11:00
Send private message

Thanks everyone, I now have enough options to mull over. I appreciate how you've all provided useful suggestions.

 

Cheers,

 

Stephen

chevrolux
4962 posts

Uber Geek
Inactive user


  #2716269 31-May-2021 17:37
Send private message

 

Leave the Vodafone router as is, and connect a second router behind it for you, and they can also connect up a router behind the Vodafone one.  This would mean you share the internet connection, but neither can touch the other's network.  You would have to connect any WiFi devices to a new WiFi network supplied by the new router.  WiFi printers specifically can be a little tricky to connect to a new WiFi network, so keep this in mind.  You would be double-NATting by accessing the internet through two routers, but for basic internet access this is generally not a problem.  If you are still using the Vodafone router I expect your internet access requirements are still basic.  The advantage to retaining the Vodafone router is that you can ask Vodafone to help sort any internet issues.

 

 

Whoever was on the "second" router could ABSOLUTELY access the "first" router with ease... Especially with consumer grade garbage.

 

The only two options for the OP are:
- Upgrade their router to something more capable
- Utilise a second ONT port. 

 

I would suggest a port 2 activation is the absolute best way to go for everyone involved.

cyril7
9061 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #2716270 31-May-2021 17:45
Send private message

Sorry but doing as Dynamic says is absolutely the wrong way, a cludged solution like that is both a security issue and just poor network engineering, full stop.

Cyril

Dynamic
3869 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2716496 1-Jun-2021 08:19
Send private message

@cyril7 can you please elaborate why you see this as a poor solution and a security issue?  I'm genuinely curious.




“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

 

Referral links to services I use, really like, and may be rewarded if you sign up:
PocketSmith for budgeting and personal finance management.  A great Kiwi company.

Earbanean
945 posts

Ultimate Geek


  #2716499 1-Jun-2021 08:36
Send private message

We have pretty much the same situation.  We have tenants in a self-contained flat in the basement of our house.  The solution I went for was a separate VLAN for them.  I configured it by setting up a tenant SSID on the Cambium e400 WAP in the flat and tagging everything on that with a separate VLAN ID.  I set that VLAN up on our Edgerouter Lite and configured firewall rules so that all traffic from guest VLAN to main VLAN is dropped.  So they can access internet and any devices on their VLAN, but nothing on ours.

 

This works really well for separating the tenants from us.  I tested pinging from their SSID to devices on our VLAN and no connection.  I can also throttle their bandwidth if I need, but that hasn't been necessary so far. 

 

However, while I have stopped the tenants having any access to our network, I have no control over what they do on the internet.  As others have alluded to, there is still the risk that they conduct illegal activities using our internet connection.  I guess that is a trust situation and we made a judgement call on it, having met them, vetted them etc.

cyril7
9061 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #2716561 1-Jun-2021 09:19
Send private message

Dynamic:

 

@cyril7 can you please elaborate why you see this as a poor solution and a security issue?  I'm genuinely curious.

 

 

Hi, users in the 2nd Router are NAT'd into the first, therefore they have full and unfettered access to all hosts and devices in that first network.

 

Your solution is what you would do if all you ever used or understood was residential routers. A commercial router need not cost a lot, and will let you do the job correctly, but will require more in depth knowledge of networking to make the most of it.

 

Cyril

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Gen Threat Report Reveals Rise in Crypto, Sextortion and Tech Support Scams
Posted 7-Aug-2025 13:09

Logitech G and McLaren Racing Sign New, Expanded Multi-Year Partnership
Posted 7-Aug-2025 13:00

A Third of New Zealanders Fall for Online Scams Says Trend Micro
Posted 7-Aug-2025 12:43

OPPO Releases Its Most Stylish and Compact Smartwatch Yet, the Watch X2 Mini.
Posted 7-Aug-2025 12:37

Epson Launches New High-End EH-LS9000B Home Theatre Laser Projector
Posted 7-Aug-2025 12:34

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright