Solved

How to create a private/local network on my schools pre-existing network

Posted on 2007-04-06
14
460 Views
Last Modified: 2013-12-14
I am on a University network where I live and I would like to create a small, but private network that I can use to connect three computers: 2macbooks and one linux(redhat) box and an ip  printer to all be on the same local/private network.  I want all three computers to be able to print and share files, but I want this network to be private to the outside world but have the ability to connect to the internet.  My inet is the same as my broadcast address so I'm not sure if I am on an internal network, but I can't use dhcp on my DI-624 router to hand out local IP's.  I can use it as a switch, but can I create some sort of network with my router to one that only I can see?  Any help would be great.  I know school networks are a tough subject, but any suggestions would be great.
0
Comment
Question by:egerzon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +1
14 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 18868551
Something like a Linksys BEFSX41 will let you connect up to 4 devices to a single connection using NAT. Those 4 devices will be virtually invisible from the outside would yet still be able to initiate sessions with the outside.
0
 
LVL 5

Expert Comment

by:DToolshed
ID: 18868660
If the WAN port of the router is on your internet connection, then anything you connect on the LAN ports will be on a private network. Just make sure the LAN ip addressing you use is different then the addressing on the WAN side, which I assume would be the school network. If the DHCP server in your
router is borked, then just set the IPs as static. It's the same as some ISPs who only give private (10.x.x.x) ip addresses to their customers, no public ip.

If the school net uses a 10.x.x.x addressing via DHCP (for example), then your router will use that as its WAN address and gateway. You have 192.168.x.x LAN addressing, and nobody gets in from the outside as the router is a NAT firewall device. The only way to see your network, is to physically connect on the inside of your router. Just make sure to disable or secure your wireless in the router, or everybody and thier uncle will have access to your "private" network.

The only trouble here is that some things don't like to work this way. It's called a double NAT, and some VOIP and P2P apps will not work like this, but regular internet browsing/downloading works fine.
0
 

Author Comment

by:egerzon
ID: 18868705
@DToolshed:  I have already been shut off from the network because I used the WAN port of my router.  So I can use my router as a switch, but that will still be visible to the network.  I can't set my router to only hand out IP's from say 10.0.0.100-whatever because as a switch, the only configuration that I can change is the address of the router itself.  

If I could have the router hand out ip's I would, but for that to happen, I need to plug the WAN port in which will get me shut off from the net.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Expert Comment

by:DToolshed
ID: 18868814
Well, you could use something like hamachi (http://www.hamachi.cc/) to create a VPN between the boxes (windows, linux and mac clients). Use a firewall on each box to close up the systems from the outside, except for your own internet traffic. Hamachi would be the default transport between your computers then. The printer would have to be used as a share off one of the computers, as you can't load a 3rd party VPN client on your typical internal printerserver. Any internet traffic, or any resources on the school network, would default out the real interface.

If you had money to burn, you could buy a managed switch. Set the ports for a private vLAN, and deny any non-requested traffic into the vLAN, expect for the school network DHCP. Not cheap, and a real pain to setup and manage for only a few boxes.

So, do the admins lock you out for using a router within your room, or were you just not able to get access at all with the router? If they watch by MAC address only, the DI-624 can spoof any MAC address you want. Just want to be sure we cover the possibility....
0
 

Author Comment

by:egerzon
ID: 18868922
As soon as I plugged in the DI-624, they shut off the jack I was using and told me that something I was using was giving out rouge dhcp addresses.  Even before they shut off my jack, I wasn't able to get online which makes my think that they are already running dhcp and my router is just handing out addresses @ the jacks that may have already been handed out.  I'm not sure what spoofing my mac address will do, but I still don't think that I can hand out internal IP addresses.  Isn't there a way that I can configure my linux box or create some kind of virtual network and share it with my router?
0
 
LVL 7

Assisted Solution

by:TelnetServices
TelnetServices earned 50 total points
ID: 18869004
It is interesting that the router is causing problems - it certainly SHOULDN'T be answering DHCP requests via tha WAN port - are you CERTAIN that you used th WAN port?

Reason I ask - is - yes there certainly IS a way to do this via your Linux box - but - kind of ironically, many router appliances (not sure about dlink) actually USE LINUX internally - hence it is just possible that the solution for your linux box is exactly what your router is doing out of the box!!

Anyway - the solution is quite simply to add another network card (should be pocket change from any computer store - or ask-a-geek - any PC savvy person is likely to have a drawer-full.  Follow one of the many many how-to's (since it's faster than me typing here!) on "internet connection sharing"

Example - http://www.linuxathome.net/rh72_minihowto.php

If that one doesn't work for you - prbable best bet is to google "linux internet connection sharing" or similar.

Good luck - if you can get a second opinion about your router thogh (maybe even ask the pc suppor people in your school - they might help) - that would be by far the most elegant solution - it certainly should work.

0
 
LVL 5

Accepted Solution

by:
DToolshed earned 200 total points
ID: 18869006
2 ideas here:

#1: Anything that is plugged into a switch can talk to anything else on that switch. Because of the way a switch works, if you connect one of the LAN ports to your WAN (the jack) you are putting the school network on your switch. Any addressing you use on that switch will be accessable from anyone else on the school network who wants to try.
You can setup your 'nix box as a VPN server, and route all your traffic through that. You need to setup something like OpenVPN, which is not an easy task, as there are many issues you need to consider in both the server and client setups. This by itself doesn't make your computers safe from outside snooping. You need to setup the VPN clients to automatically strip the other routes from the adaptor to make sure all traffic is going through the VPN. The router itself (and the ip printer) will not be able to be part of the VPN, and most consumer VPN routers will not be able to act as a VPN endpoint to a VPN on the LAN side. And most print servers are not VPN clients either.
This is not a good option, unless you are already familiar with VPN administration, or are willing to put the time in to try it out.

#2: The DI-624, like any other router, does not hand out DHCP through the WAN port, so you may have connected a LAN port instead, that would be the only way they could detect it. So, yes, that would be handing out rouge dhcp addresses. And that would likely be the reason you could not get online then as well, unless the router is broken. Go back to them and make sure. There is no technical reason you cannot connet the WAN or Internet port of your router to the school network and get online that way. There may be a policy reason, but not a technical one. A router WILL NOT GIVE DHCP OUT THE WAN PORT, so they cannot use that as an excuse. The router WILL pick up dhcp from the outside, but ONLY on the WAN port. The schools I have worked with had minimum security requirements for any wireless routers, and some even have banned wireless access points. Just turn the wireless radio off in the router to take care of that. As long as you don't connect one of your LAN ports to the school jack, it should work.
0
 
LVL 5

Expert Comment

by:DToolshed
ID: 18869016
@TelnetServices:
You posted just before me, so I didn't see it.
My tech support brain is running slow (working night shift on not enough coffee), and I'm sorry it didn't register in my brain.
Of couse you can use the 'nix box as, essentially, a router. All the other machines, and the printer, are networked behind it, and the linux box acts as the router.
Of course, if the Dlink is working properly, then there should be no need to do anything except plug the WAN port to the school jack.
0
 
LVL 7

Expert Comment

by:TelnetServices
ID: 18869047
ST - s'ok- the only bad thing here - is that you're a techie working night shift - and your caffiene intake is so disappointingly low!!!! ha ha - have a good shift!
0
 

Author Comment

by:egerzon
ID: 18869741
@TelnetServices:
Ok so I know which port is my WAN, but one thing I haven't tried is plungging the router into the WAN port while having DHCP disabled.  Will that make any difference?  I still don't think i'll be able to hand out local ip's this way?  As a switch, I don't think the dlink has an option for setting local ip's.  The problem is I am kind of hesitant to try for fear of getting my jack shut off again.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 18869760
If you connect the WAN port of your router to the network and use the "Clone MAC address" feature (found on most SOHO routers these days), there should be no way it can be detected.
0
 

Author Comment

by:egerzon
ID: 18869767
@DToolshed:

I'm sorry, I guess I'm having trouble reading this morning as well; So if it doesn't hand out dhcp address via the WAN, why when I plugged in the cable from the schools jack into the WAN port only, and only used wireless to access the web, I wasn't able to get online and about 5 minutes later was turned off.  I think actually the jack turned off on its own.
0
 

Author Comment

by:egerzon
ID: 18870008
@donjohnston:
Should I clone the mac address first, then plug in the WAN?  I would love to try all these things out, I just want to make sure what I'm doing will actually work and not get me kicked off the network?
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 18870055
Yes, clone the MAC before connecting the router. Otherwise the MAC of the router will be seen.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
checking for updates 11 86
What Accesspoint 7 59
Cisco router is restricting wireless bandwidth download and upload speed 38 92
Cisco ACS second root certificate 3 13
In this article I will describe how to setup a Cisco WLC 5508 to work with Apple's Bonjour protocol across VLANs.  I will also discuss using screen mirroring and Airplay on an AppleTV v3.  This article covers the wireless network only and requires m…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question