NAT, DHCP, and Router Help Needed

if your computer/tower has two ethernet cards you could just proxy-it....

DHCP is Dynamic Host Configuration Protocol, this assigns IP address. Disabling this usually messes up stuff, unless you have IP addresses already configured for your connection...

NAT = Network Address Translation, this Provides A Firewall by hiding the Internal IP addresses. Also some other stuff if your connecting a large ammount of computers...

Im just starting Cisco Networking this Year, They must have one l337 system if it can do that....

Should be possible, just make sure that your router handles the NAT side of things for your own network and is on a different private network range from the dorm network. i.e if the dorm network hands out IP addresses in the range 192.168.1.x then set your router's private IP address to 10.0.0.1 and either enable DHCP on it or manually configure your desktop and notebook with their own IP in the same range.

e.g.

Desktop
IP: 10.0.0.2
Mask 255.255.255.0
Gateway: 10.0.0.1

Notebook

IP: 10.0.0.3
Mask 255.255.255.0
Gateway: 10.0.0.1

Going manually will mean you need to set the DNS servers for both laptop and notebook too, on my router I can get this infromation from its configuration settings, but if you just connect your notebook or desktop directly to the network you can check the support section for the network connection to get your DNS settings.

Don't worry about the router being visible to the dorm network. Generally, unless you enable remote administration on the router, it will appear as if nothing is connected to the network, although you may want to set the router up with a host name such as "Cool1Net6's PC" so that when the router receives its IP address from the dorm network it will appear as that in the DHCP log instead of something like "Linksys Router".

If you really want it to appear as if you have one computer attached to the network then set either your desktop's or notebook's IP address to be the DMZ host, that way anytime someone sends a request to any ports at your dorm assigned IP address it will pass straight to the computer you select.

speaking of that, if your router has an option to use a computers Mac Address; go ahead and use your desktop's or lappy's...

That's really a shame, since ICS is the best way to do it without worries... outside of just asking nicely if the network folks will kindly let you put in a hub or switch for your laptop.

What follows is intended *only* to explain the way in which *any* consumer-grade broadband router should be set up. Period. I've also included information on why and how you can still get caught doing this on a network that is not your own.

You can't make your router entirely invisible, but you can try to make it discreet enough that it doesn't warrant attention. By default, routers occasionally like to go "HEY! I'M A ROUTER!!!!111one", because that's what routers do. Most people want to use a broadband router as a proxy, rather than as an actual router... either for sharing an Internet connection or for security (like a passive firewall).

1. Enable NAT. As someone mentioned above, use a private IP range that isn't being used by the host network.

2. Leave your DHCP on (both internally and externally). You'll need your router to get its IP address from the host network's DHCP server unless you have specifically been given a static IP to use.

3. Disable RIP (Routing Information Protocol) in your router (both incoming and outgoing). This is what I mentioned before with routers announcing themselves. Not all consumer-grade routers support doing this, but many do. Without doing this, any two-bit network junkie with a packet sniffer will be able to tell you've got a router (using ethereal or even the traffic log in a software firewall, if you see something coming from port 520 on an IP address... 99% odds it's a router). For use as a proxy, RIP is useless.

4. Tell your router to spoof your desktop's MAC address. Not all routers can do this, but most recent ones will. To find your MAC address, open a command prompt and type "ipconfig /all" (without quotes) while plugged into the network (won't show up if you aren't). The MAC address identifies the manufacturer of the item and can just about be considered a serial number for the device. If your router is using its own MAC address, then many Intrusion Detection Systems will identify it as a router.

At this point, your router should make you look relatively invisible on the host network. You can move your desktop PC into the DMZ, but that negates the security offered by having a router in place to begin with.

If your school is running a very good intrusion detection system, or if they're actively checking for unauthorized network hardware, you're still not going to be able to fool their system into leaving you alone. By virtue of the fact that your have a router to begin with, it's going to look like a hub or switch to anything attached to it. There isn't any getting around that because that's the nature of such devices and is required just to function. My cable tester can distinguish between a hub, switch, or NIC at the other end of the cable, so a good IDS will be able to tell as well. Your cable/DSL provider can't do this because it's too expensive to add that functionality into a broadband modem, which is the only hardware attached to your device.

Bear in mind... if your school is actively policing, then even this setup won't hide you completely, for the reasons stated above.

That would be a public IP, not necessarily a static one. Most likely, you are using DHCP. It just means your school is not using a private IP setup because they have enough public addresses to go around (probably also the reason for the limitation of one PC... public IPs are a valuable commodity.

When you do an "ipconfig /all" from a command prompt, there will be a line that says "DHCP Enabled". If that entry says "Yes", then you're on DHCP.