Menu
What's new
By:
Filters Better Search

How to hide from the building network?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Scooterit

Scooterit

Regular Contributor
I need to connect a office to the internet that is provided by the building without exposing all my computers and devices to the others in this building.

I am experimenting with a Apple Airport Extreme. But I am unsuccessful. No matter what I do I can see the IP addresses of the other devices on both sides of the router.

HELP :confused:
 
Are you connecting to the WAN port or using a LAN port?
 
Wan port to the building network and my own devices to the LAN port of the router.
Monitoring both sides with different computers, seeing all connected devices on both sides...
 
Can you change the LAN IP's to a different subnet?

For example if the rest of the network is in the 192.168.x.x range, use a 10.0.x.x range or vice versa.
 
Apple Airport Extreme:

Test 1:
Internet (WAN) DHCP
Network (LAN) NAT
Everything works but all devices a visible from WAN and LAN

Test 2:
Internet (WAN) Static with same settings but with different DNS server addresses.
Network (LAN) DHCP ONLY
Everything works but all devices a visible from WAN and LAN

Test 3:
Internet (WAN) Static with same settings but with different DNS server addresses + changed subnet mask from 255.255.255.0 to 255.255.0.0
Network (LAN) DHCP ONLY
Everything works but all devices a visible from WAN and LAN

Test 4:
Internet (WAN) Static. Impossible to change the router address other than the last digits
Network (LAN) DHCP ONLY
Everything works but all devices a visible from WAN and LAN
 
This is why I can't stand Apple 'solutions', if this setting is really hid of course. :)

Is the router in any special mode? As an AP, etc.? You might want to do a reset on it and set it up again as a router if it gives an option.

Any other router will let you configure the LAN side IP to any private address you want.

It may be it is time for an upgrade if the Airport Extreme is as limited as it your current tests show.
 
This is the router that is available at this location.

What settings do I need to be able to change?
And what needs to be changed?
 
As I said before, you have to be able to configure the private LAN IP addresses to be different than the IP Address that the WAN is on.

With NAT enabled on your router, the networks should be isolated.

Here is an example of where to change this setting in an Asus router.

http://event.asus.com/2012/nw/dummy_ui/en/Advanced_LAN_Content.html


Note that the link above is a live demo of the Asus RT-AC66U - go ahead and play with all the settings to get a sense of the power a more fully adjustable router offers you.


Can you not buy your own router to use at this location? The apple solution is the only one? I'd be moving right about now. :)
 
It should, as long as no one else on your physically connected network (after the ISP) is not using the same LAN IP as you.


An IP address is considered private if the IP number falls within one of the IP address ranges reserved for private uses by Internet standards groups.

These private IP address ranges exist:

10.0.0.0 through 10.255.255.255
172.16.0.0 through 172.31.255.255
192.168.0.0 through 192.168.255.255


As long as you pick one of the IP's in the ranges above, and the IP you choose is different than the others on the physical network you're connected to, you should be secure.



Informational:
There is also the APIPA (Automatic Private IP Addressing) range that we can't directly select for use, but can be used by Windows clients and are also Private IP addresses.

169.254.0.1 to 169.254.255.254
 
Another option that may or may not be available to you is to request your own static IP from the ISP. Plug the ISP modem into a portable switch, then plug your router and any other building routers into other ports on the portable switch. You can then configure your router with your static IP. The switch will automatically route traffic to your static IP to you and you only.
 
I don't think there is access to the modem or that a static IP would help.

The connection is to another router connected to the ISP and shared with the building tenants.
 
I wanted to share how I ended up configuring the network in the sublet office.

As it turned out every user needs to pay for network access by going trough a portal. Once on the network all IP addresses are on the same subnet.

The previous IT guy hacked the system by connecting the server (Mac Mini OSX 10.9.4) to only one paid account and then shared it internally. Using the OSX server DHCP / DNS server. To protect the network he used a free 3rd party firewall software. Further did many other "clever" things that were not very wise...

After some digging I did find the option in the Airport Extreme to set my own Subnet on the LAN side but that did not work (as expected..).

Was able to obtain (and pay) for a Vlan with static IP. After some trouble with their firewall I could connect the Airport and create my own LAN with subnet.
Connected Gigabit Switch. Wired everything with Cat6 (except printer...) and set IP reservations for Printer - Scanner - NAS and Server.

Enabled all firewalls and disabled public access and other not needed server features (it just serves files and back-up internally).

Works like a charm, simple & stable.

Done

Smiles across the wires,



Rogier
 

Attachments

  • IMG_0102.jpg
    IMG_0102.jpg
    60.7 KB · Views: 404
to prevent exposing your network use NAT and use a firewall to block invalid connections and packets. There are a lot more you can do but i doubt the apple networking products can do even what i suggested.

Thats why i keep suggesting non consumer ones because they can have the security you want. It is difficult but with some study and effort you will get to keep your network secure based on how the networks themselves work.

Even with NAT they can still see whats behind which is why i am still working on fixing that for my router. There just isnt any posted method around for this so its a lot of research into NAT,L3 and L2
 
You must log in or register to reply here.

Similar threads

johndoe85
VPN site to site with additional VPN client to hide IP
Replies
14
Views
677
johndoe85
johndoe85
C
Faster Network
2 3
Replies
50
Views
2K
sfx2000
sfx2000
L
Is there a way to monitor the WAN port (ISP traffic) on the AX88U?
Replies
3
Views
586
Jeffrey Young
J
D
File system or OS with self-healing and spin-down
Replies
3
Views
422
ddaenen1
ddaenen1
M
Video conference hiccups - MoCA problem?
Replies
12
Views
935
drinkingbird
drinkingbird
Similar threads
Thread starter Title Forum Replies Date
R Unknown Hidden Network from Xbox General Network Security 3
D Network security from kids General Network Security 11
C IoT and overall network performance General Network Security 2
E Guest network isolation - what did I miss? General Network Security 0
P Threat protection / DNS filtering / Router security (on home network) General Network Security 1

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 910 (members: 19, guests: 891)
Top