• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 478
  • Last Modified:

How to create a private/local network on my schools pre-existing network

I am on a University network where I live and I would like to create a small, but private network that I can use to connect three computers: 2macbooks and one linux(redhat) box and an ip  printer to all be on the same local/private network.  I want all three computers to be able to print and share files, but I want this network to be private to the outside world but have the ability to connect to the internet.  My inet is the same as my broadcast address so I'm not sure if I am on an internal network, but I can't use dhcp on my DI-624 router to hand out local IP's.  I can use it as a switch, but can I create some sort of network with my router to one that only I can see?  Any help would be great.  I know school networks are a tough subject, but any suggestions would be great.
0
egerzon
Asked:
egerzon
  • 5
  • 4
  • 3
  • +1
2 Solutions
 
Don JohnstonInstructorCommented:
Something like a Linksys BEFSX41 will let you connect up to 4 devices to a single connection using NAT. Those 4 devices will be virtually invisible from the outside would yet still be able to initiate sessions with the outside.
0
 
DToolshedCommented:
If the WAN port of the router is on your internet connection, then anything you connect on the LAN ports will be on a private network. Just make sure the LAN ip addressing you use is different then the addressing on the WAN side, which I assume would be the school network. If the DHCP server in your
router is borked, then just set the IPs as static. It's the same as some ISPs who only give private (10.x.x.x) ip addresses to their customers, no public ip.

If the school net uses a 10.x.x.x addressing via DHCP (for example), then your router will use that as its WAN address and gateway. You have 192.168.x.x LAN addressing, and nobody gets in from the outside as the router is a NAT firewall device. The only way to see your network, is to physically connect on the inside of your router. Just make sure to disable or secure your wireless in the router, or everybody and thier uncle will have access to your "private" network.

The only trouble here is that some things don't like to work this way. It's called a double NAT, and some VOIP and P2P apps will not work like this, but regular internet browsing/downloading works fine.
0
 
egerzonAuthor Commented:
@DToolshed:  I have already been shut off from the network because I used the WAN port of my router.  So I can use my router as a switch, but that will still be visible to the network.  I can't set my router to only hand out IP's from say 10.0.0.100-whatever because as a switch, the only configuration that I can change is the address of the router itself.  

If I could have the router hand out ip's I would, but for that to happen, I need to plug the WAN port in which will get me shut off from the net.
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
DToolshedCommented:
Well, you could use something like hamachi (http://www.hamachi.cc/) to create a VPN between the boxes (windows, linux and mac clients). Use a firewall on each box to close up the systems from the outside, except for your own internet traffic. Hamachi would be the default transport between your computers then. The printer would have to be used as a share off one of the computers, as you can't load a 3rd party VPN client on your typical internal printerserver. Any internet traffic, or any resources on the school network, would default out the real interface.

If you had money to burn, you could buy a managed switch. Set the ports for a private vLAN, and deny any non-requested traffic into the vLAN, expect for the school network DHCP. Not cheap, and a real pain to setup and manage for only a few boxes.

So, do the admins lock you out for using a router within your room, or were you just not able to get access at all with the router? If they watch by MAC address only, the DI-624 can spoof any MAC address you want. Just want to be sure we cover the possibility....
0
 
egerzonAuthor Commented:
As soon as I plugged in the DI-624, they shut off the jack I was using and told me that something I was using was giving out rouge dhcp addresses.  Even before they shut off my jack, I wasn't able to get online which makes my think that they are already running dhcp and my router is just handing out addresses @ the jacks that may have already been handed out.  I'm not sure what spoofing my mac address will do, but I still don't think that I can hand out internal IP addresses.  Isn't there a way that I can configure my linux box or create some kind of virtual network and share it with my router?
0
 
TelnetServicesCommented:
It is interesting that the router is causing problems - it certainly SHOULDN'T be answering DHCP requests via tha WAN port - are you CERTAIN that you used th WAN port?

Reason I ask - is - yes there certainly IS a way to do this via your Linux box - but - kind of ironically, many router appliances (not sure about dlink) actually USE LINUX internally - hence it is just possible that the solution for your linux box is exactly what your router is doing out of the box!!

Anyway - the solution is quite simply to add another network card (should be pocket change from any computer store - or ask-a-geek - any PC savvy person is likely to have a drawer-full.  Follow one of the many many how-to's (since it's faster than me typing here!) on "internet connection sharing"

Example - http://www.linuxathome.net/rh72_minihowto.php

If that one doesn't work for you - prbable best bet is to google "linux internet connection sharing" or similar.

Good luck - if you can get a second opinion about your router thogh (maybe even ask the pc suppor people in your school - they might help) - that would be by far the most elegant solution - it certainly should work.

0
 
DToolshedCommented:
2 ideas here:

#1: Anything that is plugged into a switch can talk to anything else on that switch. Because of the way a switch works, if you connect one of the LAN ports to your WAN (the jack) you are putting the school network on your switch. Any addressing you use on that switch will be accessable from anyone else on the school network who wants to try.
You can setup your 'nix box as a VPN server, and route all your traffic through that. You need to setup something like OpenVPN, which is not an easy task, as there are many issues you need to consider in both the server and client setups. This by itself doesn't make your computers safe from outside snooping. You need to setup the VPN clients to automatically strip the other routes from the adaptor to make sure all traffic is going through the VPN. The router itself (and the ip printer) will not be able to be part of the VPN, and most consumer VPN routers will not be able to act as a VPN endpoint to a VPN on the LAN side. And most print servers are not VPN clients either.
This is not a good option, unless you are already familiar with VPN administration, or are willing to put the time in to try it out.

#2: The DI-624, like any other router, does not hand out DHCP through the WAN port, so you may have connected a LAN port instead, that would be the only way they could detect it. So, yes, that would be handing out rouge dhcp addresses. And that would likely be the reason you could not get online then as well, unless the router is broken. Go back to them and make sure. There is no technical reason you cannot connet the WAN or Internet port of your router to the school network and get online that way. There may be a policy reason, but not a technical one. A router WILL NOT GIVE DHCP OUT THE WAN PORT, so they cannot use that as an excuse. The router WILL pick up dhcp from the outside, but ONLY on the WAN port. The schools I have worked with had minimum security requirements for any wireless routers, and some even have banned wireless access points. Just turn the wireless radio off in the router to take care of that. As long as you don't connect one of your LAN ports to the school jack, it should work.
0
 
DToolshedCommented:
@TelnetServices:
You posted just before me, so I didn't see it.
My tech support brain is running slow (working night shift on not enough coffee), and I'm sorry it didn't register in my brain.
Of couse you can use the 'nix box as, essentially, a router. All the other machines, and the printer, are networked behind it, and the linux box acts as the router.
Of course, if the Dlink is working properly, then there should be no need to do anything except plug the WAN port to the school jack.
0
 
TelnetServicesCommented:
ST - s'ok- the only bad thing here - is that you're a techie working night shift - and your caffiene intake is so disappointingly low!!!! ha ha - have a good shift!
0
 
egerzonAuthor Commented:
@TelnetServices:
Ok so I know which port is my WAN, but one thing I haven't tried is plungging the router into the WAN port while having DHCP disabled.  Will that make any difference?  I still don't think i'll be able to hand out local ip's this way?  As a switch, I don't think the dlink has an option for setting local ip's.  The problem is I am kind of hesitant to try for fear of getting my jack shut off again.
0
 
Don JohnstonInstructorCommented:
If you connect the WAN port of your router to the network and use the "Clone MAC address" feature (found on most SOHO routers these days), there should be no way it can be detected.
0
 
egerzonAuthor Commented:
@DToolshed:

I'm sorry, I guess I'm having trouble reading this morning as well; So if it doesn't hand out dhcp address via the WAN, why when I plugged in the cable from the schools jack into the WAN port only, and only used wireless to access the web, I wasn't able to get online and about 5 minutes later was turned off.  I think actually the jack turned off on its own.
0
 
egerzonAuthor Commented:
@donjohnston:
Should I clone the mac address first, then plug in the WAN?  I would love to try all these things out, I just want to make sure what I'm doing will actually work and not get me kicked off the network?
0
 
Don JohnstonInstructorCommented:
Yes, clone the MAC before connecting the router. Otherwise the MAC of the router will be seen.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 4
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now