Bridging machines on differnet subnets

[John_J]

In simple terms currently network:

Unmanaged wired Ethernet switch for 10.10.10.x network.
Unmanaged wired Ethernet switch for 192.168.1.x network.

Need a "bridge/firewall" to connect 2 specific machines on the different subnets (10.10.10.1 & 192.168.1.1) hopefully in a small profile device.

These are the ONLY 2 devices that need to talk across the different subnets.

Is there an off the shelf low cost device that can do this or would one need a level 3 switch, 2 routers, etc?

Thanks for the help.

 

[kevnich2]

If the two devices each have two interfaces that can be attached to both subnets, no. If the devices only have one interface, then you need SOMETHING that can route at layer 3 that also has enough interfaces to be connected to both subnets.

 

[John_J]

Both devices only have only one network interface each.

Was hoping there might be a lower cost solution than a managed layer 3 switch or buying dual routers to connect just 2 devices.

 

[Fardringle]

What kind of "talking" do you need between the two devices? Simple file sharing? Application/database sharing? Domain security?

If the devices are in separate locations, a VPN might be the best option.

If they are local, you can install a second adapter in each and connect them together.

 

[John_J]

Should have been more specific with details.

"Talking" is a very small amount of TCP/IP, UDP traffic (traffic consists of 6 temperature readings send every 15 seconds).

Devices are network enabled "appliances" with a single Ethernet port per unit. Adding a second port to these units in not an option.

The switches for the two networks are physically only a few feet apart from each other.

 

[JackMDS]

One specific solution (as mentioned above).

You put a second NIC (wire or Wireless) in each computer and Bridge them.

Given your need a sub $10 cards would do.

http://windows.microsoft.com/en-us/windows/create-network-bridge#1TC=windows-7


That said, while it is OK that people do not know how to solve all Networking problems. The sad part is that they do not know (or too lazy to bother) in providing the info that is needed to solve networks issues. In most cases help seekers think that just saying the Best and inexpensive are Network components.

 

[John_J]

Sorry, am still not explaining this clearly.

The two devices to be networked are not computers in the traditional sense. The devices are pre-build appliances with a single network Ethernet port. There is no way to install a second network card or modify the hardware in any meaningful way. Hence installing a second NIC card is not an option with these units.

 

[kevnich2]

The only way to get traffic from two devices on different subnets with one interface is to use a router. You sound like you already knew this though? This is how the Internet works and needs to be viewed as such. There is no magical way around this.

 

[ArisVer]

The devices are pre-build appliances with a single network Ethernet port.

Let me guess..... is it a toaster? NO! it's a coffee maker.

 

[Gryz]

Simplest solution: connect both switches with an UTP cable and make everything one LAN/one subnet.

Should work fine, unless you have specific security considerations. Which you don't seem to have, because right now you allow half your network to access machine-A and allow the other half of your network to access machine-B. If that is the case, I don't see the problem when all of your network can access both A and B.

If A and B don't need Internet access, or access to your servers, you could just straight hook em up with a cable. You just need to configure static ip-addresses and subnet masks on both of them (because there's no DHCP).

If you could do VLANs on your switches, you could put A and B in their own little VLAN. That would make pulling cables easier.

There are all kinds of tricks you could do, if you can configure stuff on your switches. But unmananged switches implies they won't do anything but simple "transparent bridging".

You could also just give both A and B static ip-addresses from a completely different subnet. That means other machines would not be able to talk to them, unless someone configured that machine also with a static ip-address in the same subnet. Not really tight security. But for day-to-day purposes this might be good enough. A and B would still not be able to talk to the rest of the network. (Unless you muck around on a router somewhere with secondary IP-addresses).

When thinking about your problem, this seems to be a situation where VLANs would make most sense. No idea what a cheap switch with VLAN-capabilities would cost. But using VLANs would be the cleanest solution. And clean solutions usually pay themselves back because: 1) less downtime when something unexpected happens, 2) less man-hours wasted coming up with a crappy design, 3) less man-hours wasted because you need to troubleshoot stuff every 6 months.

 

[JackMDS]

In general there is two categories in Networking.

1. Business Pro type in which it is very important to adhere to standards and the right way to deal with anything related to Networking.

2. Personal private system that can be dealt with in a more flexible way in order to save money and accommodate to personal issue (like my wife would not let me to install wires).

I have a situation like the OP.

What I did! I had an Old Dell D-600 (XP level P4-M Laptop, currently goes on eBay for about $30).

I plugged my appliance to its wire NIC and Bridged with the Wireless card to the second Network.

P.S. OP sorry about my blunder yesterday.

I opened the reply box to post to this thread. Before I finished I had to deal with some other issue. After 30 Min. I returned to the computer finished and post without checking the thread. Mean time you (within these 30 minutes you posted your post and I was not aware of it.

 

[John_J]

Thanks for all the feedback.

More details:
This application involves industrial process skids with VFD's, temperature & pressure transmitters and various process controllers that consolidate their data onto a PLC (programmable logic controller) i.e. "toaster #1" on the skid LAN.

The corporate LAN has a paperless data recorder i.e. "toaster #2" that needs to be viewed by engineers on the corporate LAN.

So toaster #1 on the skid LAN needs to talk to toaster #2 on the corporate LAN.

Don't want to get to wordy in an explanation but for various reasons the skid network and corporate network really need to be on separate LANs.

Have addressed this kind of situation in the past with a DIN rail mounted Linux computer with 2 network cards running iptables ~$400us.

Current company does not want a Linux box so looking at 8 port din rail mounted layer 3 managed switch as one alternative ~$800us.

Also looked at routers. Most routers now seem designed specifically to route traffic to the Internet not from LAN to LAN, but that said am testing a pair of din rail routers that look like they will work for this application.

Posted on this forum as networking is NOT my area of expertise. Was really hoping there was a niche product designed for firewalled bridging of two addresses on different LAN networks but such a product doesn't seem to exist.

Now looks like a question of routers v.s. a managed switch?

 

[mv2devnull]

You have two LANs:
LAN_A 10.10.10/24
LAN_B 192.168.1/24

Does either of them have outbound gateways, or are both totally isolated?

How is the network configured for the two devices? DHCP? Does either of them support VLANs?

Do the switches of LAN_A and LAN_B support VLAN's?

 

[kevnich2]

Well a layer 3 switch IS a router. What your referencing as a router is a firewall which does routing as well as firewall features. For your intends, you need just a router so a layer 3 switch will work just fine. You will need to reconfigure default gateways or add a route to your existing gateway to get traffic to and from both subnets.

 

[avos]

My main question would be what is currently assigning 192.168.1.x and 10.10.10.x and why not handle the routing there?

Can you do what you want cheap? Sure. Go pickup a Ubiquiti ERLite-3. Configure a couple routes and you have a $100 solution. But I wouldn't call it a great solution.