Internet connection sharing

AdamF

We are moving into a new office building and we have the following setup:

Comcast ISP
Block of 5 static IPs from Comcast. We only use about 3 of them.

We have another business in the building that will be sharing our connection. They will have their own router.

I was thinking about just having my Edge router plug into the Comcast modem, and using my assigned IPs on the WAN interface of the Edge router like I do now. Then have the other business plug into the same Comcast router and assign the 1 IP that I am not using to their router. This should work I believe, unless I am missing something. Assuming this works, then that's great, but I would have no way to control traffic if I would want to. For example, I couldn't limit the bandwidth to the second router.

Would it be better to run the 2nd router through my Edge router? I don't want to create a double NAT situation. Is this possible? OR is it better to just do the first scenario and not worry about limiting bandwidth to the second business?

syko24

@fuznutz04 said in Internet connection sharing:

We are moving into a new office building and we have the following setup:

Comcast ISP
Block of 5 static IPs from Comcast. We only use about 3 of them.

We have another business in the building that will be sharing our connection. They will have their own router.

I was thinking about just having my Edge router plug into the Comcast modem, and using my assigned IPs on the WAN interface of the Edge router like I do now. Then have the other business plug into the same Comcast router and assign the 1 IP that I am not using to their router. This should work I believe, unless I am missing something. Assuming this works, then that's great, but I would have no way to control traffic if I would want to. For example, I couldn't limit the bandwidth to the second router.

Would it be better to run the 2nd router through my Edge router? I don't want to create a double NAT situation. Is this possible? OR is it better to just do the first scenario and not worry about limiting bandwidth to the second business?

First thing I would make sure you are not violating terms of service with Comcast before doing this.

You could possibly throw a cheap managed switch between Comcast and their router and set the port speeds on the managed switch to limit their bandwidth. Alternatively, you can throw an EdgeRouter X between Comcast and their router. Assign their router's WAN a private static IP. Then setup a DMZ on the EdgeRouter and point it to the private static IP of their router. This will pass all port forwards to their router.

scottalanmiller

@fuznutz04 said in Internet connection sharing:

They will have their own router.

Is this a requirement?

AdamF

@scottalanmiller said in Internet connection sharing:

@fuznutz04 said in Internet connection sharing:

They will have their own router.

Is this a requirement?

Not sure 100%. Details are sketchy so far. Just in the planning stages.

1337

@fuznutz04 said in Internet connection sharing:

OR is it better to just do the first scenario and not worry about limiting bandwidth to the second business?

If you are going to share a connection, it's better to have each company have their own router and use their dedicated IPs. Less management and less failure points. Bandwidth limiting or QoS over the entire connection is out though.

If it's allowed to share a connection, and that's a big IF because I would be surprised if it's allowed.

scottalanmiller

@fuznutz04 said in Internet connection sharing:

@scottalanmiller said in Internet connection sharing:

@fuznutz04 said in Internet connection sharing:

They will have their own router.

Is this a requirement?

Not sure 100%. Details are sketchy so far. Just in the planning stages.

A single router with two connections would make it very handy.

JaredBusch

Assuming it is allowed by your ToS, the best thing would be to put a dumb gigabit switch and put it between the Comcast gear and the routers.

Then make sure you block traffic from the IP addresses you let the other business use.

JaredBusch

If you want any control whatsoever, then you have to supply the router and do the NAT. They don’t have a choice there.

You can’t route your /29 again. You have to NAT it.

RojoLoco

I can't imagine Comcast allowing this, even on a biz class connection. And I feel like asking them about it would raise a huge red flag.

StorageNinja

@RojoLoco said in Internet connection sharing:

I can't imagine Comcast allowing this, even on a biz class connection. And I feel like asking them about it would raise a huge red flag.

At worst. If you change for it, you likely become legally a telecom provider. Get ready for weird tax’s, logging requirements.

At best, get ready for the other business to get malware, and Comcast’s abuse department shutting down your connection, or the FBI knocking on your door when someone gets involved In something sketchy...

scottalanmiller

I think that the key thing here might be in interpretation of the language.

"We have another business in the building" could mean that they own two companies and those two "companies" are sharing a connection. We might use that terminology for two divisions that do different things but legally can share a connection no problem.

Or it might be some random business that just happens to be in the same building that is trying to not pay for their own Internet, in which case this is a big problem.

Everyone is assuming the second, but I had read it assuming it was the first. But both are just assumptions, to know what the best options are and what is an option really requires understanding that.

AdamF

@scottalanmiller said in Internet connection sharing:

I think that the key thing here might be in interpretation of the language.

"We have another business in the building" could mean that they own two companies and those two "companies" are sharing a connection. We might use that terminology for two divisions that do different things but legally can share a connection no problem.

Or it might be some random business that just happens to be in the same building that is trying to not pay for their own Internet, in which case this is a big problem.

Everyone is assuming the second, but I had read it assuming it was the first. But both are just assumptions, to know what the best options are and what is an option really requires understanding that.

Wow, I am terrible at following up with posts in a timely manner....

Yes, it is the first. So you assumed correctly. So I think we are all set with just breaking out the connection via a switch after the modem.

Thanks!

scottalanmiller

@fuznutz04 said in Internet connection sharing:

@scottalanmiller said in Internet connection sharing:

I think that the key thing here might be in interpretation of the language.

"We have another business in the building" could mean that they own two companies and those two "companies" are sharing a connection. We might use that terminology for two divisions that do different things but legally can share a connection no problem.

Or it might be some random business that just happens to be in the same building that is trying to not pay for their own Internet, in which case this is a big problem.

Everyone is assuming the second, but I had read it assuming it was the first. But both are just assumptions, to know what the best options are and what is an option really requires understanding that.

Wow, I am terrible at following up with posts in a timely manner....

Yes, it is the first. So you assumed correctly. So I think we are all set with just breaking out the connection via a switch after the modem.

Thanks!

If it was me and it was two companies that I controlled, I'd use an EdgeRouter Lite, it has one WAN in and two LAN out. That way I'd have central control. Make that control owned by the "parent" organization. Then have each place have their own switches after that point. But only one router.

JaredBusch

@scottalanmiller said in Internet connection sharing:

@fuznutz04 said in Internet connection sharing:

@scottalanmiller said in Internet connection sharing:

I think that the key thing here might be in interpretation of the language.

"We have another business in the building" could mean that they own two companies and those two "companies" are sharing a connection. We might use that terminology for two divisions that do different things but legally can share a connection no problem.

Or it might be some random business that just happens to be in the same building that is trying to not pay for their own Internet, in which case this is a big problem.

Everyone is assuming the second, but I had read it assuming it was the first. But both are just assumptions, to know what the best options are and what is an option really requires understanding that.

Wow, I am terrible at following up with posts in a timely manner....

Yes, it is the first. So you assumed correctly. So I think we are all set with just breaking out the connection via a switch after the modem.

Thanks!

If it was me and it was two companies that I controlled, I'd use an EdgeRouter Lite, it has one WAN in and two LAN out. That way I'd have central control. Make that control owned by the "parent" organization. Then have each place have their own switches after that point. But only one router.

This is also how I would do it. There would only be one company in control of the one router.