All of the sudden my ISP blocks traffic behind a router - is there any way around it?

Are there any software based proxy servers that hide the fact that requests are coming from machines on a different subnet? Up until a month ago I used my Netgear WGR614v5 router to allow my computers and XBox to get online. Then I go on vacation for a week, come back and whenever I try to browse the net everything times out. The router is still getting the IP assigned by the cable modem (I also have always had the router use the same MAC address as the desktop's network card - I set up the connection initially by directly connecting the PC to the cable modem)

Now, I have the cable modem plugged directly into one of the network cards on my desktop and a second network card connects to one of the lan ports on the router. At least this way I can get online with my desktop, and still allow me to transfer files between my computers and XBox.

I am just hoping there is some type of software proxy that somehow hides the fact that other computers are making the requests. I have my doubts, but I figure someone in here might be able to elaborate on a fix (or lack thereof).

Thanks all.

OK, the IANA (Internet Assigned Numbers Authority) has specific IP address ranges for use as non-routable, internal network addresses – these addresses are unregistered. (192.168.0.0-192.168.255.255 | 172.16.0.0-172.31.255.255 | 10.0.0.0-10.255.255.255) All of the computers on an internal network (stub domain) which are connected to the router are assigned numbers such as these – for instance, my desktop was 192.168.1.2.

But the router is connected directly to the cable modem, and it has its own unique registered IP, which allows it to query information on the internet. So computer “A”, my desktop (IP 192.168.1.2), attempts to connect to a computer outside the local network – such as a web server. The computer sends out a packet, which the router receives. The router saves the computer A’s non-routable IP address to an address translation table – the router then re-writes the packet header replacing computer A’s non-routable IP address with its own – but specifies a different port. So when a packet comes back from the destination computer, the router checks the destination port of the packet and checks the information against the address translation table, therefore it knows which computer on the internal network it is supposed to go to – then the router re-writes the packet header again, changing the destination IP to the non-routable IP of the correct computer in the address translation table – computer A’s.

So the servers only see the router’s IP address, but it also sees the port number the router assigned to identify which computer on the network sent the request. So there is extra information in the packet header that the servers can read, and if they don’t want people to access from behind a NAT, the servers simply won’t respond to the router’s assigned port. My ISP is my university. I live in university owned apartments – and if two computers exist in one residence the IT department wants the resident to register each computer – and therefore pay multiple access charges.

Here’s the thing. I’m pretty sure that it’s blocking requests that are re-routed because of this. Like I said before, I have the desktop computer connected directly to the cable modem currently, and it works. If I go to Network Connections -> Local Area Connection -> Properties -> Advanced…and under “Internet Connection Sharing” there’s a check box for “Allow other network users to connect through this computer’s Internet connection.” If I check this box, then the computer starts re-writing the packet header with information about where every request comes from, and then my desktop can’t access any webpages – everything just times out. When I uncheck the box – and packet headers return to normal – everything is fine.

If my understanding of routers is completely false, please tell me. But this is my situation at the moment.

My router does have MAC address cloning - and its always had the same MAC addy as my desktop - I set it up that way months ago. All of the sudden, I come home from vacation, and that doesn't work anymore.

Actually the university controls access to the network by MAC address of the computer entirely. Anyone can plug in a cable modem here, and it will access the network, but once a request is made the server requires you to register the MAC address to a student ID. If you change MAC addresses, then you are required to re-register, deactivating the old MAC address's ability to get online - or you add the MAC address to your account and get charged for two connections.

Granted, the ISP can only see the router's IP - BUT, they can also see the information in the packet header the router added to distiguish which computer the request came from.

I don't think that it is an issue with the router, because even when I elimate the router completely, and use the internet connection sharing capabilities built in Windows XP - requests to access internet resources are completely ignored (most likely due to the extra routing info XP adds to identify the source of the packet request).

The only reason the university cares is because they don't want students sharing resources. From what I heard, some students connected wireless routers to their connection - and allowed multiple students in the general area access to the network - they split the cost 8 ways (since access costs $80 a semester - each student only paid $10 a semester. If every student paid the $80, then that comes to $640...so the IT department felt like it was scammed out of $560. Say this happens with 10 sets of students - that's $5,600 in revenue they aren't collecting. So they don't allow routers.

I initially setup the internet connection with my desktop connected directly to the cable modem – this allowed me to easily register the computer’s MAC address, and connect it to my student ID. Then I unplugged the cable modem and connected the desktop to the router….spoofed the MAC address of the computer onto the router, and reconnected the cable modem.

So the cable modem authenticates the correct MAC address and everything is good. For about three months. Nothing changed on my computers when I went on vacation, but fall semester did start, therefore I thing IT implemented the new safeguards to prevent new students from sharing resources.

You know what the most ridiculous thing is, the entire university is blanketed with wi-fi. As far as I know it was one of the first 2 or 3 schools to implement campus wide internet access. I'm sure that they aren't starved for bandwidth. And there no charge to get online anywhere on campus….in the grass, in the classrooms, etc. the only place they block it is the dorms and apartments – because they want students to pay for access!@!

Just found some new and interesting info on the "Office of Information Technology" page:
Also, there was this gem:
FYI - the statements in red were in red on the OIT website.

I'm thinking I might build a small linux IP-Masquerade (IP-MASQ) box. I know linux is better about not putting all your info out there for the server to see. With a linux box, I should be able to connect the other computers without the IT servers knowing. Does anyone have experience with this?