Splitting an internet connection between multiple separate subnetworks

Problem

I have an internet connection that I want to split between four separate networks. My requirements are:

I need to be able to monitor the amount of bandwidth and data being used by each network, and notify or control as necessary.

The four networks should only be able to connect to the internet, not each other.

My parents need to be able to operate it, so it needs a simple, preferably Windows-based GUI.

Bandwidth control

I spent a long time researching solutions here. The majority of the control systems/software I found could control bandwidth usage via QOS, but could not monitor or control the amount of data being used. Eventually I found the SoftPerfect Bandwidth Manager, which has everything I need in terms of monitoring and control - per-interface quota management, usage statistics, a web interface for checking usage, and email notifications when quotas are exceeded. It is also Windows-based and has a simple GUI.

Internet sharing

This is where I am having issues. I am currently using Windows XP Pro SP2 for the server (yes, I know this is far from ideal, but it's the only spare Windows OS I currently have). I can't use the built-in Internet Connection Sharing for several reasons:

The upstream internet router has an IP of 192.168.0.1 which ICS clashes with, and I cannot change the router settings.

ICS can only share an internet connection with a single interface, but I have four. I have tried bridging the four network cards, but then the Bandwidth Manager cannot see the four individual interfaces - it only sees the bridge.

I have tried setting up Dual DHCP DNS server (and am having issues getting DHCP offers to be received by clients), but that would still require gateway software of some sort, which I have been unable to find.

My current attempt is to use OpenVPN, with a server for the internet NIC and a separate client for each of the four networks. My thought is that I could bridge the OpenVPN TAP devices to each NIC, meaning that the Bandwidth Manager would control traffic from the bridge instead of the interface. I have not made much progress here though - I've never used OpenVPN before.

Questions

Is there a Windows software package that does everything I need? (Unlikely, I know)

Is there a Windows software package that will share internet between multiple NICs without bridging?

Are either of my about attempts feasible?

Would it help to have a newer/server version of Windows?

Is there a non-Windows alternative that is easy to use?

Answers

Instead of using a Windows machine and doing ICS, why not instead use a router/firewall and Nat behind the Internet facing interface? I would suggest using something like pfsense.

pfSense is an open-source firewall that will allow you to do a lot of what you would want to do. For instance,

internet connection that I want to split between four separate networks.

How this could be achieved is by setting up a NAT. You can create four different Class C ranges - 192.168.1.0/24, 192.168.2.0/24,192.168.3.0/24,192.168.4.0/24. Then in the firewall rules, only allow these networks to talk to the public facing interface. This will meet the requirements of:

The four networks should only be able to connect to the internet, not each other.

Here is a resource to help you do that.

To meet this requrement:

I need to be able to monitor the amount of bandwidth and data being used by each network, and notify or control as necessary.

pfSense has a lot of monitoring software that is installed, or is available via a package installation. This will allow you to carefully track bandwidth usage.

Finally, pfsense has a reasonably easy web-interface to use. It might take a little bit of training but it should not be difficult to show your parents how to use it.

In terms of network design, you might want to have something like this:

Interface list
- em0 - public interface (192.0.43.10/16)
- em1 - internal 1 (192.168.1.1/24)
- em2 - internal 2 (192.168.2.1/24)
- em3 - internal 3 (192.168.3.1/24)
- em4 - internal 4 (192.168.4.1/24)
NAT
- Outbound Nat - pfsense 2.0 should normally apply NAT so that packets leaving the firewall will be source natted to the interface they are leaving (192.0.43.10/16).
- If you wish to configure that look here.
Firewall Rules
- What you want to do is enable only the rules allowing the different networks to leave the firewall (pfSense by default is stateful so it will remember the sessions so you do not need a route coming back in)

I know this is not a Windows solution, but it might be easier to setup and use. Hope that helps!

References:

http://doc.pfsense.org/index.php/How_can_I_monitor_bandwidth_usage%3F

http://www.pfsense.org/

http://doc.pfsense.org/index.php/Outbound_NAT

https://en.wikipedia.org/wiki/Network_address_translation

http://tools.ietf.org/html/rfc2663

prateek61

Posted 2012-11-18T04:29:03.550

Reputation: 1 146

Thanks for the comprehensive reply! Something like this is what I originally wanted to do, and your solution looks good for bandwidth monitoring and network separation. However, I cannot see anything in pfsense that allows data usage to be monitored, or quotas to be implemented (the latter is crucial). Is there something I am missing? – pythonian4000 – 2012-11-18T05:12:37.643

In regards to monitoring I gave you a link - but more specifically this part will give you about bandwidth monitoring. It should be easy to log that information to track data usage. If you want to do QOS take a look here or here.

– prateek61 – 2012-11-18T22:09:21.483

To clarify the first requirement: I need to be able to set a data quota and a bandwidth limit for each network (the bandwidth limit can be burstable, but each network needs a guaranteed minimum), and be able to shape or disconnect networks which approach or exceed their quota. I also need to be able to generate monthly usage reports for billing purposes. SoftPerfect Bandwidth Manager is able to do this. – pythonian4000 – 2012-11-18T05:26:35.503