Jump to content
Hubbo

Building/Apartment Internet and Network Isolation

Recommended Posts

I need some advice from my fellow Atomicans, I have a weird internet situation where my internet is provided by a giant LAN in my apartment building (I cannot access other broadband such as ADSL or cable, 3G is too slow, and LTE is too expensive).

 

Now, I would like to improve my network security and possibly add in some NAS type backup/storage. Internet comes directly into my apartment via ethernet and I currently have a cheap WiFi access point (I don't not control DHCP or have access to the building's routers, switches, etc). Ideally I would like to isolate my apartment from the rest of the LAN and make sure no body else in other apartments can see or access my computers/devices. I'm thinking I need my own DHCP/router/gateway that controls my apartment, but my experience from the past is that having more than one DHCP server on a LAN is a bad idea.

 

I'm not sure if anybody has had any experience with Apple's Airport Express/Extremes - or if these could be handy, or barking up the wrong tree here????? I'm only thinking of these as ideally I would like to setup time machine/capsule for my mac machines (and my current macbook is not 100% happy with my WiFi access point).

 

Ok, other wishful thinking would be to have any network storage using a RAID mirror arrangement for redundancy. It would be nice if I could use this with Mac's time machine and storage for my windows machines. I don't want to go to crazy with costs and hardware (ie. power consumption). I don't really want to setup a server box, but something that is 'relatively' low powered.

 

Any thoughts? Thanks in advance. Cheers!!!

Share this post


Link to post
Share on other sites

Don't know anything about the Apple stuff, but yeah you will want a router. Not one with an integrated modem, but with an Ethernet WAN port.

 

DHCP is fine because it won't be listening on the WAN side, only on your side of the network.

Share this post


Link to post
Share on other sites

Don't know anything about the Apple stuff, but yeah you will want a router. Not one with an integrated modem, but with an Ethernet WAN port.

 

DHCP is fine because it won't be listening on the WAN side, only on your side of the network.

Ah... (forgive my un-Atomican-ness) So, you can piggy-back routers via the WAN port? Suppose that makes sense. Cheers!

Share this post


Link to post
Share on other sites

Assume that your buildings network is just a WAN or some form of gateway to the internet.

 

Put a router/firewall on the ethernet port and you can just run your network segment that is independent of the building. Alternatively PFSense or similar and a low power PC will do the trick nicely.

Edited by SledgY

Share this post


Link to post
Share on other sites

Assume that your buildings network is just a WAN or some form of gateway to the internet.

 

Put a router/firewall on the ethernet port and you can just run your network segment that is independent of the building. Alternatively PFSense or similar and a low power PC will do the trick nicely.

PFSense http://www.pfsense.org/ or Smoothwall http://www.smoothwall.org/ would serve you very well if you have a spare PC but it kind of goes against your whole low power idea.

 

If you can find a second hand router with a wan port you can run it off there and use the integrated firewall (try to find something with a decent level of configuration.)

 

For the storage, i don't use too much apple stuff unless it's given to me.

 

Have a look here: http://www.synology.com/index.php?lang=default

 

I've been using NAS's from there for sometime now and they've always been good.

Edited by Xen

Share this post


Link to post
Share on other sites

The Raspberry PI devices are very cool idea (was thinking of making a dash cam out of one, but that's a story for another day...), if I can get it to work with RAID and Apple then it would be great. Ok, seems like this might be the way to go.... now wheres that credit card...

 

Thanks guys!

Share this post


Link to post
Share on other sites

What sort of Internet connection is it/what speeds or bandwidth do you get?

 

If you're in Japan or somewhere crazy with 100Mb+ you probably don't want to drop performance with a slow router. But if it's regular Internet or speed/performance isn't a concern, then yeah - any router without a modem will do fine.

 

From a security standpoint, if the router supports configuring an access policy it might be worthwhile allowing only outbound connections to public IP address ranges. This would drop traffic from other devices on the untrusted building LAN and inbound connections being initiated by public (internet) addresses. The latter would only be an issue if you need to host any services.

 

The router will perform NAT which does provide some security, however an explicit policy gives you more control.

Edited by lew~

Share this post


Link to post
Share on other sites

You could get this working with an Airport Extreme I'm pretty sure. Use the Extreme as it's own DHCP server so it makes it's own network (Not Bridge mode, where it just extends the existing network), and connect a USB hard drive to it's USB port, which it will then share across the network. You can set a password, or even restrict access to the drive to certain users if you're concerned about snoopers.

Being on a separate network, I don't think it would be entirely necessary to password it, but it's a minor inconvenience for peace of mind.

 

To be fair though, it could probably be done with any number of other routers, as long as they have the feature to share a USB disk over the network.

 

Only thing you might find, if you game on consoles, you might get warnings that you're behind a dual NAT, or a non-Open NAT type. I've never been able to get around this issue if I've had more than one DHCP server between my console and the internet itself.

Edited by ninjacatfish

Share this post


Link to post
Share on other sites

No, not in Japan. Speeds are comparable to ADSL2+ (which is probably on the end, or a few and load balanced).

 

An off-the-shelf Apple product might be the easiest solution though a tad expensive. Raspberry PI could be fun, but I can see where the hours of setup time might get away.

Share this post


Link to post
Share on other sites

Time Capsule is exactly what you're after.

 

http://store.apple.com/au/product/MD032X/A/time-capsule-2-tb

 

$319 w/free shipping for a simultaneous dual-band 802.11n access point, firewall/router, and 2TB NAS, all in one box. Setup is effortless, and will give you full Time Capsule functionality on your Macbook. It's actually pretty decent value.

 

Just plug the ethernet cable from your apartment's outlet to the WAN port of the Time Capsule. Run the config utility on OSX, and you'll be stepped through getting it all up and running.

Edited by SquallStrife

Share this post


Link to post
Share on other sites

Time Capsule is exactly what you're after.

 

http://store.apple.com/au/product/MD032X/A/time-capsule-2-tb

 

$319 w/free shipping for a simultaneous dual-band 802.11n access point, firewall/router, and 2TB NAS, all in one box. Setup is effortless, and will give you full Time Capsule functionality on your Macbook. It's actually pretty decent value.

 

Just plug the ethernet cable from your apartment's outlet to the WAN port of the Time Capsule. Run the config utility on OSX, and you'll be stepped through getting it all up and running.

Yeah, might be the way to go. I think the Raspberry PI might be too much of a hassle at this stage (maybe later when I have more time).

 

If it had RAID I think it would almost be a no brainer. I might just to a manual backup now and again to add another level of redundancy, or might have to add a RAID NAS down the track.

 

EDIT: Perfect solution (and true Atomic style), mod an existing Apple Time Capsule for RAID (found this: Time Capsule with RAID). =)

Edited by Hubbo

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×