Three neighbors and I live in a rural, orphan area where neither DSL or Cable modem broadband will be available for at least 10 years. We want to correct this by connecting to a 4Mbaud cable modem service at a business 2.5 miles away with line of sight over water.
This looks like a wireless problem but really the fact that some of the links are WiFi is incidental. The real problem is isolating the users from one another. We are NOT kids. We don't play games and we have confidential information on our computers.
The proposed setup is like this:
Cable Modem > DLink DI-604 which we will call "WAN router"
From there one connection to a Linksys BEFSR41 called "Business Router", for the three users there, and one to our long range bridge.
This 2.5 mi. link will use a pair of Engenius Senao 2611-CB3+DELUXE AP's in PtoP bridge mode with narrow beam parabolic dishes.
The output from the bridge goes to a DLink DES-105 switch which we call "NAN Switch". (Chosen at the suggestion of DLink Support).
From there one output goes to a Netgear FS-605 called "Mary's Switch" and to the two users in that house.
Three outputs go to short haul WiFi links to three other homes using pairs of DLink DWL-2100AP's also in PtoP bridge mode also with narrow beam dishes.
One of these short haul links only wants one user so the bridge AP will connect directly to the PC. The other two links will go to existing Linksys BEFW11S4's ("John's Router" & "Riley's Router") and thence to both hard wired and wireless users.
PROBLEM:
We DO NOT want ANY connectivity between any of the homes or between the business and any or all of the homes. The ONLY thing we want is access to the internet.
We DO want strictly local connectivity for computers within the business and at each home. I.E. downstream of the local routers/switches.
The problem is: after a month of reading manuals and searching on the internet I can't find any reinforcement that this setup will work as we wish. Everyone WANTS to connect to everyone on their network. Nobody talks about using this kind of equipment to isolate subnets the way we want.
QUESTIONS:
Q: Will this setup do what we wish?
Q: What kind of IP addressing scheme should we use.
Are those two questions related?
Here's the scheme we've been thinking.
WAN router = 192.168.0.1 NAN Switch is non-configurable
Business router = 192.168.1.1 and users are 192.168.1.2-4 Mary Switch is non-configurable. Her users are 192.168.2.2-3
Riley Router = 192.168.3.1 and users are 192.168.3.2-8
John Router = 192.168.4.1 and users are 92.168.4.2-5
and would the subnet mask in these cases then be: 255.255.252.0 or does that open up conductivity? Should it be 255.255.255.0?
Q: As we understand it (maybe wrongly) this kind of uniform addressing tree would be necessary for the "WAN router" to act as NAT server. Would it be possible to let the routers in each home act as a "second stage" NAT server? Then the local addressing in the business and each home would be independent of the others.
Would this add too much overhead?
Q: Would it be necessary/useful to activate the firewalls on all routers or just the "WAN Router" unit.
Q: Is the DI-604 "WAN Router" necessary or could we connect our long range link to the unused port on the "Business Router"? Since all three of the existing workstations on this router can "see" each other, we thought the extra router would be necessary to protect the business.
I sure hope we can make this work because all the equipment is already in use or is on the way. PLEASE don't tell me that I bought the wrong models and if I just upgraded everything would be easy.
BTW. We propose to use static IP addressing for security and to lock the size of the pool.
Thanks
John