What are the disadvantages (if any) of accessing the internet through two or more "chained" routers?

My Problem

I just got internet setup in my dorm room at school through a third-party provider. The modem they gave me, however, also functions as a wireless router. I also have my own router with DD-WRT on it, which I would much prefer to use over their... not so good built-in router.

Terminology

router-modem: The router-modem combination given to me by my internet provider
router: My personal router

My Solution

Simple. I just connected the WAN port on my router to the first port on the switch of their router-modem combo thing. Then, I disabled the WiFi on the router-modem, and disabled the firewall completely (effectively making the entire thing a DMZ, as DD-WRT has a built-in SPI firewall).

Just to note this, the IP address on my router is set statically, and DHCP has been disabled on their router-modem. There are no other physical connections to the router-modem other than my router.

My Questions

Are there any disadvantages to what I'm doing?
Am I somehow circumventing any of the protection features of the SPI firewall by doing this?
Will it result in any excess lag when trying to play online games? (due to the additional hop each packet needs to traverse)

Breakthrough

Posted 2009-09-10T18:48:28.547

Reputation: 32 927

it will be slow and possible of security breech – joe – 2009-09-10T18:51:43.983

7I'm doing exactly the same thing - my Verizon FIOS modem/router can't be replaced, so I simply plug my Linksys router inside of it, and run everything off that. Same exact setup. – The How-To Geek – 2009-09-11T01:49:31.763

1@The How-To Geek: I'm assuming it all works fine for you - no lag or anything? (Sidenote: I hate how ISP's assume that we want a router bundled with our modem...) – Breakthrough – 2009-09-11T02:00:29.483

1Yes, it works perfectly for me. – The How-To Geek – 2009-09-11T04:13:04.450

13Re: joe's comment. This is why downvoting comments would be advantageous. – Travis Northcutt – 2009-09-13T03:02:18.833

1tnorthcutt... Agreed. – Breakthrough – 2009-09-13T03:44:15.877

@tnorthcutt upvoting other comments gets them off the main page though :) – Cruncher – 2013-11-26T14:49:37.030

Answers

The amount of lag is too small to notice. I have 3 routers chained together in my house and don't have any problems. Your DD-WRT firewall will still function and protect you.

The only thing you didn't mention explicitly was whether or not you disabled the DHCP on the modem/router. I would think you want your DD-WRT to handle the managment of IP addresses. Either way, you'll need to turn off one of the two so you don't get conflicts.

dubRun

Posted 2009-09-10T18:48:28.547

Reputation: 820

Yes, I disabled DHCP, and set the router to have a static IP. Question has been modified to reflect this. – Breakthrough – 2009-09-10T18:59:07.433

right answer +1 ... only the configuration of port forwarding may take you a bit longer now :) – None – 2009-09-10T19:03:50.887

4It shouldn't because your modem/firewall has the DD-WRT in the DMZ, right? You would just set up port forwarding on the DD-WRT – dubRun – 2009-09-10T19:20:56.140

@dubRun: You are correct, sir. :) – Breakthrough – 2009-09-10T20:22:58.697

So the modem-router will know to forward all port traffic to the specific static IP of the DD-WRT-router by default? – hyperslug – 2009-09-11T03:01:41.770

@hyperslug: Not necessarily. The router is just a client on the modem-router. My router makes all the requests for traffic, the modem-router just sends my router all of the traffic addressed for it. Which should theoretically be everything, because nothing else is connected to it. :) – Breakthrough – 2009-09-11T10:53:36.513

You can measure lag by pinging your DD-WRT router, your ISP router, and some router one hop above that (discover by doing a traceroute/tracert to google or yahoo and picking the next hop). If it all stays under 1mS, dubRun is right, it doesn't matter. – kmarsh – 2009-09-11T12:40:55.333

@Breakthrough, "all of the traffic addressed for it" -> I can see how SPI will send all traffic originating from the inside back to the correct client (dd-wrt router), but what about a request from the outside to the modem-router port 80? What brand/model modem-router, BTW? – hyperslug – 2009-09-11T14:41:31.613

There is nothing wrong with this setup. As a matter of fact using two routers in this way is a good way to protect your LAN from a potentially more dangerous network. Your bandwidth will not be affected in any noticeable way.

raven

Posted 2009-09-10T18:48:28.547

Reputation: 5 135

Actually, most routers provide NAT, which is where the security comes from, as no ports on any computers behind it are exposed. A router, by definition, is not a security device, it simply encapsulates traffic from your LAN before sending it out to your ISP. – MDMarra – 2009-09-11T23:37:48.287

Sounds reasonable to me. The firewall should work by blocking packets somehow, and having another hop outside the firewall should do nothing. I wouldn't think that adding another very short hop via Ethernet would affect ping time or bandwidth.

The potential downsides as I see them are that you are removing their firewall and their wireless, and substituting your own. It is conceivable that their firewall is better and/or their wireless more secure. Unless you're substituting WEP for their WPA or something, I doubt there will be a problem.

David Thornley

Posted 2009-09-10T18:48:28.547

Reputation: 701

Both my router and the modem-router support WPA2, which I enabled on mine, and completely disabled wireless on theirs. The only reason I want to use mine is the customization, the bandwidth logging, and 'cause I love third-party Linksys firmware! – Breakthrough – 2009-09-10T19:03:20.357

What you are essentially doing is adding another hop to each packet. The delay induced by this extra hop (assuming ideal networking hardware - which any modern post-2000 thing will do extremely quickly) will be much less than 1ms.

I'd say you're good to go!

awd555

Posted 2009-09-10T18:48:28.547

Reputation:

Unless there is a reason to protect the "wireless" network from the "wired" network, I would disable the DHCP server on the wireless router, and then connect the two routers together via LAN ports (not the WAN on the wireless as you do now). The wireless router will still handle the wireless connection setup, but once that's done, network settings will come from the wired router.

In this way you are effectively using the wireless router as a wireless hub, instead.

David Mackintosh

Posted 2009-09-10T18:48:28.547

Reputation: 3 728

I think the reason for using the DD-WRT is that it offers so much more than other routers do. – dubRun – 2009-09-10T19:21:49.913

I think "much more" is an understatement... DD-WRT (as well as other firmwares, like Tomato and [esp.] OpenWRT) have really shown the power of wireless routers, and can easily modify them to act similar to devices ten times their cost. – Breakthrough – 2009-09-11T01:44:37.293

Guess how many routers are chained from your computer to SU servers? (you can get an answer with traceroute).

Just another one will not hurt that much.

mouviciel

Posted 2009-09-10T18:48:28.547

Reputation: 2 858

You could have as many routers as you want internally. As long as the default route of each segment leads to the next router and ultimately the internet, you're fine. And if someone breaks in the fist router, he won't be able to get further until he hits the next router. This doe snot mean that it is a recommended setup for a more secure network,as it needs more monitoring, perhaps. However, this lets you setup multiple wireless networks, for example. If you want to increase the security, I would suggest:

Set each segment IP network to be different from 192.168.0.x or 192.168.1.x. Use something like 192.168.45.x, for example.
Set the router's own IP address to something other than x.x.x.1. Use something like 192.168.45.254 for example.

jfmessier

Posted 2009-09-10T18:48:28.547

Reputation: 2 530

This is a perfectly fine configuration. I have my home network configured with an inner and outer router (not counting the cable modem). This is a recommended configuration for some purposes. There is some good discussion here, at GRC.com

Jamie Cox

Posted 2009-09-10T18:48:28.547

Reputation: 639