Six computers, a router, some laptops, and a NAS walk into a bar... (stop me if you've heard this one)
May 21, 2006 11:32 AM   Subscribe

Six computers, a router, some laptops, and a NAS walk into a bar...

The six computers make up a workgroup. Only six IP addresses are available for that workgroup within a larger range over which I have no control (say, of 192.168.1.1-50, the workgroup has .45-50 and cannot be allocated any more within that range).

I want to take the network socket into which one of those computers is plugged and stick a wireless router into it, assigning the router that IP address. The unplugged computer will then plug back into the router, along with a NAS, another computer, and various laptops via wifi as and when they are around. How do I handle IP addresses behind the router so that everything becomes part of the original workgroup? Can I just give them another private network (like 172.16.*)?
posted by humuhumu to Computers & Internet (5 answers total) 1 user marked this as a favorite
 
to really make all your various computers be part of the original workgroup, you'll need more IP addresses. otherwise you're going to be fiddling around with bridging two networks using NAT, and whether or not that'll work depends on how much access the original workgroup needs to have to your computers and how much access these computers need to the outside. for instance, the NAS box will only be available to computers behind the router if you put it behind the router - if the outside world needs access to it, you're going to have to figure up a solution using whatever controls the router you have has (like port forwarding or whathaveyou). and that may suck, because if your NAS uses, say, SMB, and you have a Windows laptop that needs to serve files too to the workgroup, you'll be out of luck if they're both behind the firewall.
posted by mrg at 11:48 AM on May 21, 2006


If you have a second network adapter in one of the machines, and you're running XP, you could run Internet Connection Sharing. You'd leave it plugged in, plug the wireless device and the NAS into the secondary port, and then use ICS to do another layer of NAT for you. The machines in the even-more-private network space won't be visible to the ones outside, and they won't see the ones outside in Network Neighborhood, although you'll probably be able to connect via IP number.

However, ICS automatically uses the 192.168.0.X network on the 'private' side. If you're using that range on the public side, you're boned.... it won't work.

If you want semitransparent access between the two networks, you're probably going to need a network expert to help you. Getting Windows networking working across multiple subnets is tricky and involved. It can get VERY HAIRY. And you could potentially muck up your parent network if you're trying anything very advanced.

You'd be wisest to recruit help from the people who set up your network to begin with. Any network admin I know of would be FURIOUS with you for putting up WiFi without their knowledge. You're exposing their network to risks... and it's unlikely you'll know enough to properly mitigate them. When they find out (and they will, eventually), they're likely to be Most Unhappy.

If you're trying to do this on the QT because they've told you no.... you'd best keep working on them to do it for you. If you do it yourself, you're likely to do it wrong. If this is a place of business, you could easily get your ass fired.

Let me reiterate... if this is a workplace, what you are trying to do is a VERY VERY BAD IDEA to do without IT's help.
posted by Malor at 12:34 PM on May 21, 2006


Here, the right answer is don't bridge, route.

Get a router. Assign interface one to one of your external interfaces. Assing interface two to another netblock, we'll say 10.0.0.0/8, which will give you *plenty* of adresses. (Joke. If you need one more than five, 10.0.0.0/24 makes much more sense.)

Have the router NAT your internal address to the net-at-large. That solves most of your problems. The other IP address you hang onto in case you need to offer services to the world, you can then use those IPs to make a static connection back through the router.

Benefits: More secure, low network traffic, since everyone in the 192.168.1.1/24 netblock isn't going to be sending broadcast traffic throgh your network, and you get a real network space to work with.

Complications: You're routing, which means you have to work at it. Inbound connections will need to be handled on a case by case basis. Some applications may not work, others will require help. (VoIP is one that really tends to hate NAT, for example.)

Finally, the network guy upstream may get pissy. If this is the case, the first answer is to work one level higher. If that doesn't work, start thinking about your own line.

Finally, the real bitch is if that netblock you listed above is real, it's inane -- I can't even fit a /30 netblock into that range, 192.168.1.44/30 is one two low, but the next block, 192.168.1.48/30, would need 192.168.1.51 as the broadcast address. In both cases, you'd get exactly two routeable addresses -- a /30 gets you four, but the first address is the network address, and the high address is the broadcast, so you get two useable IPs out of it.

If that's what's happening, rather than routing a netblock to your outside interface, you'll have to route individual IPs. PITA. If that's the case, tell the guy above you that you'd like a /29, but you'd settle for a /30, but that means you need to get either .44 or .51 -- his choice.
posted by eriko at 12:43 PM on May 21, 2006


Just in case Eriko's post is too technical for you, here's a solution similar to his, easier to implement, not as pretty.

Here's what'll go wrong:
The computers in the 192... network won't be able to see whatever's on the other side of the NAT (as in network shares, etc.. This would be bad if you put your NAS behind the NAT).

Here's what needs to happen to make sure things go smooth:
All computers need to have network addresses in the same range. If you've got more computers than IPs, the only thing you can do is find a completely new range of IP addresses to use.

Here's what eriko suggested:
maintain a seperate group of IP addresses on the same physical network that you're connected to, with a router to translate between the two. The negative to this is that there is a lot of configuration to make this work. You'll need to assign IPs... Something that can be a pain in the ass for wireless devices. If your wireless router can be configured to only offer DHCP to wireless, this is wouldn't be within the realm of "easy enough to use".

Here's an alternative (though eriko's solution is much better, this may be easier and acceptable).
Physicall wire everything up behind the router, they all get NAT'd to the 192... network, they can see anything in their workgroup, or in the outside network. DHCP works fine, wireless works fine, and now you have 5 free IP addresses
posted by hatsix at 3:08 PM on May 21, 2006


If somebody else controls the IP's that is the person you should be asking these questions of.
On many networks, if you are found out circumventing network security by allowing access by non approved appliances and computers you can be terminated and beaten severely by angry network administrators and security officers.

The Sarbanes Oxley auditors might feed you to their pet dinosaurs as well (U.S. Corporations Only)

Simply put, He who controls the spice...I mean IP addresses, controls the network.
posted by Megafly at 6:17 PM on May 22, 2006


« Older Need a divorce lawyer on the Peninsula   |   Non-religious home school curricula? Newer »
This thread is closed to new comments.