Im just thinking about an problem i have. Im sharing an IP Cam with my neighbour. The problem is that we have the same internal subnet. My idea is to have a router between the two networks and as a third interface the ip cam attached.
Mrox, not totally necessary. Can you give us the high level view? Are you to connected in anyway now? Also you wouldn’t to have 2 interfaces with overlapping address spaces that aren’t or at least aren’t meant to be bridged. It won’t work well.
A common solution when faced with overlapping address space is to use a technique called double NAT. The way it works is we setup on your side a NAT statement that translates either the cameras 192.168.2.0/24 IP or the entire 192.168.2.0/24 subnet to an entirely different IP or subnet not used by either of you and we do the same thing on his side, he translates his 192.168.2.0/24 to another network. The key component is we only do these translations when packets are sourced from the overlapped space and destined for the others “fake” subnet.
Here is a drawing. It’s a fairly complex setup but it is the answer for how to deal with overlapping subnets. It’s also something I’ve pushed to start using in business to business site to site VPNs as well as it frees either business of having to care about what is on the opposite side of the VPN from an address scheme standpoint.
An alternative option is to simply apply an IPv6 address to the camera if you both have global unicast or ULA IPv6 address space on your networks already they should be different (especially if you used the ULA generator like you’re supposed to). You can then use straight forward destination based routing via IPv6 between the two of you to make it work.
Thank you for your reply.
Both networks have their own router to connect to the Internet, but should share one camera. But I don’t want that LAN A can see LAN B. For example we both have a NAS running and don’t want to grant access. Also there are two dhcp servers which would disturb each other. Maybe there is a better way then using double Nat?
Phiscally I have 3 LAN cables where the camera is located. LAN1 LAN2 and the IP Kamera.
If you have the same address space either one of you have to change it or you’ll need to use double NAT. The cable that goes to LAN2 I assume goes to his router right? If so that will need to be made into a routed /30 connection that can be used to handle the NAT.
Just renumber one network, how hard it can be? It doesn’t sound like you’re a corporation with thousands of devices. There are usually some possible tricks to avoid it (NAT, …), but clean solution (renumbering) is better.
Change it to -
Interface1 192.168.3.1/24 (Camera Lan1)
Interface2 192.168.2.0/24 (Private Lan2)
Interface3 slave master port 1 (or bridge if you already have interface 2 as a master)
(IP Cam) 192.168.3.3 on interface 3.
Neighbour router can be 192.168.3.2/24 on the camera LAN
Your neighbour then only needs to add another network 192.168.3.0/24 to his router. Basically you both have very similar configurations, the home network 192.168.2.0/24 and the camera network 192.168.3.0/24. Your firewall rules for both routers only permit established connections from the 192.168.3.0/24 network.
There are usually some possible tricks to avoid it (NAT, …), but clean solution (renumbering) is better.