sharing a wireless router- need suggestions

  • Thread starter Thread starter Rob
  • Start date Start date
R

Rob

Hello,
I just got 2 new room mates that wants to share internet. Prior to them
moving in I was just using a switch between my 4 devices (2 computers, xbox
and dishnetwork). I configured the router and I disabled dhcp and that works
fine. But then I realized my ISP only provides 5 IPs (DHCP, not static), and
just between my stuff I'm already using 4.

Ideally I would like my devices to obtain DHCP from my ISP. Then the router
could get the 5th IP from my ISP and provide DHCP to the wireless devices.

Here is my physical setup
Modem plugged into switch
Router plugged into switch
All of my stuff plugged into switch

I would like to keep all of my devices separated from theirs. So the shares
on my 2 computers wont be available to them, and their shares or whatever
they may have will not be available to me.


Another reason I'd prefer my stuff to not be on the router is because I
don't want to be behind the router firewall. All my stuff is locked down and
I don't want to have to deal with NAT, but on the other hand their stuff
could probably use it just to be safe, d


Is there a way I can configure the router without having to plug the modem
directly into it, yet prevent it from trying to DHCP my stuff and only DHCP
the wireless connections?
 
Hi
What you did before is Highly Risky since you did not have a real LAN but
few computers sitting directly on the Internet.
If this was done in my place i would Yank the person's cables out of the
wall.
If you want to secure yourself and your roommate you should use a
configuration as described in the following link.
Put them on the first LAN and put your LAN behind the second Router.
Network Segregation - http://www.ezlan.net/shield.html
Jack (MS, MVP-Networking)
 
Rob said:
Hello,
I just got 2 new room mates that wants to share internet. Prior to
them moving in I was just using a switch between my 4 devices (2
computers, xbox and dishnetwork). I configured the router and I
disabled dhcp and that works fine. But then I realized my ISP only
provides 5 IPs (DHCP, not static), and just between my stuff I'm
already using 4.
Ideally I would like my devices to obtain DHCP from my ISP. Then the
router could get the 5th IP from my ISP and provide DHCP to the
wireless devices.
Here is my physical setup
Modem plugged into switch
Router plugged into switch
All of my stuff plugged into switch

I would like to keep all of my devices separated from theirs. So the
shares on my 2 computers wont be available to them, and their shares
or whatever they may have will not be available to me.


Another reason I'd prefer my stuff to not be on the router is because
I don't want to be behind the router firewall. All my stuff is locked
down and I don't want to have to deal with NAT, but on the other hand
their stuff could probably use it just to be safe, d


Is there a way I can configure the router without having to plug the
modem directly into it, yet prevent it from trying to DHCP my stuff
and only DHCP the wireless connections?

Youch. You've been playing with fire, dude. You do need to be behind a
firewall, and you do need to use NAT. Anything else is asking for a world of
hurt - you are not as locked down as you think you are - I guarantee it. :-)

Since you have multiple public IPs, what you could very easily do is get two
cheap & cheerful firewall/gateway appliances with integrated wireless.
Connect your ISP's modem into a small workgroup switch. Connect each of the
firewall/gateway/router appliances to the switch, and assign each WAN
interface with one of your ISP's IP addresses. Set the LAN IPs to be
different subnets entirely - e.g., 192.168.1.0 and 192.168.2.0. Have them
both do DHCP, and configure WPA+PSK. You now have two wired/wireless LANs
and they can't touch each other.
 
I'm aware of the risk of not being behind a hardware firewall but my
computers are pretty locked down. I was just looking for a somewhat hassle
free way to do this because I don't want to become the IT guy for my room
mates.
I guess I'll just leave things as is and not use the 2nd computer when both
room mates are home.

"Lanwench [MVP - Exchange]"
 
Robbie said:
I'm aware of the risk of not being behind a hardware firewall but my
computers are pretty locked down.

OK. I'm sure you're very tech-savvy and keep all your applications and OS
patched to the gills and locked down your wireless using WPA and have good
software firewalls blocking all inbound traffic (right??). But look at it
this way - just because you keep the family silver in a safe doesn't mean
you don't lock the front door of your house. I don't understand the downside
of being behind a hardware firewall/NAT - there isn't one. You can still
publish/expose what you like.
I was just looking for a somewhat
hassle free way to do this because I don't want to become the IT guy
for my room mates.
I guess I'll just leave things as is and not use the 2nd computer
when both room mates are home.

That's your call. If I were one of your roommates I wouldn't share your
connection :-)
"Lanwench [MVP - Exchange]"
Youch. You've been playing with fire, dude. You do need to be behind
a firewall, and you do need to use NAT. Anything else is asking for
a world of hurt - you are not as locked down as you think you are -
I guarantee it. :-)

Since you have multiple public IPs, what you could very easily do is
get two cheap & cheerful firewall/gateway appliances with integrated
wireless. Connect your ISP's modem into a small workgroup switch.
Connect each of the firewall/gateway/router appliances to the
switch, and assign each WAN interface with one of your ISP's IP
addresses. Set the LAN IPs to be different subnets entirely - e.g.,
192.168.1.0 and 192.168.2.0. Have them both do DHCP, and configure
WPA+PSK. You now have two wired/wireless LANs and they can't touch
each other.
 
Back
Top