Solved

How to create a private/local network on my schools pre-existing network

Posted on 2007-04-06
14
440 Views
Last Modified: 2013-12-14
I am on a University network where I live and I would like to create a small, but private network that I can use to connect three computers: 2macbooks and one linux(redhat) box and an ip  printer to all be on the same local/private network.  I want all three computers to be able to print and share files, but I want this network to be private to the outside world but have the ability to connect to the internet.  My inet is the same as my broadcast address so I'm not sure if I am on an internal network, but I can't use dhcp on my DI-624 router to hand out local IP's.  I can use it as a switch, but can I create some sort of network with my router to one that only I can see?  Any help would be great.  I know school networks are a tough subject, but any suggestions would be great.
0
Comment
Question by:egerzon
  • 5
  • 4
  • 3
  • +1
14 Comments
 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
Something like a Linksys BEFSX41 will let you connect up to 4 devices to a single connection using NAT. Those 4 devices will be virtually invisible from the outside would yet still be able to initiate sessions with the outside.
0
 
LVL 5

Expert Comment

by:DToolshed
Comment Utility
If the WAN port of the router is on your internet connection, then anything you connect on the LAN ports will be on a private network. Just make sure the LAN ip addressing you use is different then the addressing on the WAN side, which I assume would be the school network. If the DHCP server in your
router is borked, then just set the IPs as static. It's the same as some ISPs who only give private (10.x.x.x) ip addresses to their customers, no public ip.

If the school net uses a 10.x.x.x addressing via DHCP (for example), then your router will use that as its WAN address and gateway. You have 192.168.x.x LAN addressing, and nobody gets in from the outside as the router is a NAT firewall device. The only way to see your network, is to physically connect on the inside of your router. Just make sure to disable or secure your wireless in the router, or everybody and thier uncle will have access to your "private" network.

The only trouble here is that some things don't like to work this way. It's called a double NAT, and some VOIP and P2P apps will not work like this, but regular internet browsing/downloading works fine.
0
 

Author Comment

by:egerzon
Comment Utility
@DToolshed:  I have already been shut off from the network because I used the WAN port of my router.  So I can use my router as a switch, but that will still be visible to the network.  I can't set my router to only hand out IP's from say 10.0.0.100-whatever because as a switch, the only configuration that I can change is the address of the router itself.  

If I could have the router hand out ip's I would, but for that to happen, I need to plug the WAN port in which will get me shut off from the net.
0
 
LVL 5

Expert Comment

by:DToolshed
Comment Utility
Well, you could use something like hamachi (http://www.hamachi.cc/) to create a VPN between the boxes (windows, linux and mac clients). Use a firewall on each box to close up the systems from the outside, except for your own internet traffic. Hamachi would be the default transport between your computers then. The printer would have to be used as a share off one of the computers, as you can't load a 3rd party VPN client on your typical internal printerserver. Any internet traffic, or any resources on the school network, would default out the real interface.

If you had money to burn, you could buy a managed switch. Set the ports for a private vLAN, and deny any non-requested traffic into the vLAN, expect for the school network DHCP. Not cheap, and a real pain to setup and manage for only a few boxes.

So, do the admins lock you out for using a router within your room, or were you just not able to get access at all with the router? If they watch by MAC address only, the DI-624 can spoof any MAC address you want. Just want to be sure we cover the possibility....
0
 

Author Comment

by:egerzon
Comment Utility
As soon as I plugged in the DI-624, they shut off the jack I was using and told me that something I was using was giving out rouge dhcp addresses.  Even before they shut off my jack, I wasn't able to get online which makes my think that they are already running dhcp and my router is just handing out addresses @ the jacks that may have already been handed out.  I'm not sure what spoofing my mac address will do, but I still don't think that I can hand out internal IP addresses.  Isn't there a way that I can configure my linux box or create some kind of virtual network and share it with my router?
0
 
LVL 7

Assisted Solution

by:TelnetServices
TelnetServices earned 50 total points
Comment Utility
It is interesting that the router is causing problems - it certainly SHOULDN'T be answering DHCP requests via tha WAN port - are you CERTAIN that you used th WAN port?

Reason I ask - is - yes there certainly IS a way to do this via your Linux box - but - kind of ironically, many router appliances (not sure about dlink) actually USE LINUX internally - hence it is just possible that the solution for your linux box is exactly what your router is doing out of the box!!

Anyway - the solution is quite simply to add another network card (should be pocket change from any computer store - or ask-a-geek - any PC savvy person is likely to have a drawer-full.  Follow one of the many many how-to's (since it's faster than me typing here!) on "internet connection sharing"

Example - http://www.linuxathome.net/rh72_minihowto.php

If that one doesn't work for you - prbable best bet is to google "linux internet connection sharing" or similar.

Good luck - if you can get a second opinion about your router thogh (maybe even ask the pc suppor people in your school - they might help) - that would be by far the most elegant solution - it certainly should work.

0
 
LVL 5

Accepted Solution

by:
DToolshed earned 200 total points
Comment Utility
2 ideas here:

#1: Anything that is plugged into a switch can talk to anything else on that switch. Because of the way a switch works, if you connect one of the LAN ports to your WAN (the jack) you are putting the school network on your switch. Any addressing you use on that switch will be accessable from anyone else on the school network who wants to try.
You can setup your 'nix box as a VPN server, and route all your traffic through that. You need to setup something like OpenVPN, which is not an easy task, as there are many issues you need to consider in both the server and client setups. This by itself doesn't make your computers safe from outside snooping. You need to setup the VPN clients to automatically strip the other routes from the adaptor to make sure all traffic is going through the VPN. The router itself (and the ip printer) will not be able to be part of the VPN, and most consumer VPN routers will not be able to act as a VPN endpoint to a VPN on the LAN side. And most print servers are not VPN clients either.
This is not a good option, unless you are already familiar with VPN administration, or are willing to put the time in to try it out.

#2: The DI-624, like any other router, does not hand out DHCP through the WAN port, so you may have connected a LAN port instead, that would be the only way they could detect it. So, yes, that would be handing out rouge dhcp addresses. And that would likely be the reason you could not get online then as well, unless the router is broken. Go back to them and make sure. There is no technical reason you cannot connet the WAN or Internet port of your router to the school network and get online that way. There may be a policy reason, but not a technical one. A router WILL NOT GIVE DHCP OUT THE WAN PORT, so they cannot use that as an excuse. The router WILL pick up dhcp from the outside, but ONLY on the WAN port. The schools I have worked with had minimum security requirements for any wireless routers, and some even have banned wireless access points. Just turn the wireless radio off in the router to take care of that. As long as you don't connect one of your LAN ports to the school jack, it should work.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 5

Expert Comment

by:DToolshed
Comment Utility
@TelnetServices:
You posted just before me, so I didn't see it.
My tech support brain is running slow (working night shift on not enough coffee), and I'm sorry it didn't register in my brain.
Of couse you can use the 'nix box as, essentially, a router. All the other machines, and the printer, are networked behind it, and the linux box acts as the router.
Of course, if the Dlink is working properly, then there should be no need to do anything except plug the WAN port to the school jack.
0
 
LVL 7

Expert Comment

by:TelnetServices
Comment Utility
ST - s'ok- the only bad thing here - is that you're a techie working night shift - and your caffiene intake is so disappointingly low!!!! ha ha - have a good shift!
0
 

Author Comment

by:egerzon
Comment Utility
@TelnetServices:
Ok so I know which port is my WAN, but one thing I haven't tried is plungging the router into the WAN port while having DHCP disabled.  Will that make any difference?  I still don't think i'll be able to hand out local ip's this way?  As a switch, I don't think the dlink has an option for setting local ip's.  The problem is I am kind of hesitant to try for fear of getting my jack shut off again.
0
 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
If you connect the WAN port of your router to the network and use the "Clone MAC address" feature (found on most SOHO routers these days), there should be no way it can be detected.
0
 

Author Comment

by:egerzon
Comment Utility
@DToolshed:

I'm sorry, I guess I'm having trouble reading this morning as well; So if it doesn't hand out dhcp address via the WAN, why when I plugged in the cable from the schools jack into the WAN port only, and only used wireless to access the web, I wasn't able to get online and about 5 minutes later was turned off.  I think actually the jack turned off on its own.
0
 

Author Comment

by:egerzon
Comment Utility
@donjohnston:
Should I clone the mac address first, then plug in the WAN?  I would love to try all these things out, I just want to make sure what I'm doing will actually work and not get me kicked off the network?
0
 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
Yes, clone the MAC before connecting the router. Otherwise the MAC of the router will be seen.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review …
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now