I go to school at ferris state and they recently turned off all fire sharing on there network therefore we cannot transfer files between our computers. The ferris network uses Cisco 350 and 450 routers I believe and each dorm room is equiped with a 10mbps connection. The network admins are constantly port scanning us as well, which they claim is for our safety. I would like to setup a router/firewall and run a little internal LAN or would it be safe to call this a intranet from this connection. In other words I just want this connection for the internet only and don't want ferris users/admins to be able to see what I'm doing within my own personal LAN in my room. My plan was to get a router with a built in firewall in it (must be at least 8 ports) and was hoping this would prevent any intrusion. Is there anything else I can do to lock my connection down more? I heard there are specific routers where you can tell which ports you want open, is this true? I really don't want to have each of the clients on my LAN running firewalls too because that makes it harder to connect to them for file sharing, game play, etc.... I figured if I got a good hardware firewall we would be safe from the outside world to leave our firewalls off.

if your at school using thier internet you must abide by their rules. if you try to get around that there can be problems... and beside. its thier network. they have every right to scan you. and remove your right to use thier serivces. everyone is getting more concerned about legal junk with file sharing. I also recall many schools here (CSU and CU) do not permit any "intranets" or WiFi networks to be created within thiers. as they can be security breaches. now if you just want to hook up multi comps in your dorm room. Linksys router/switches are good for that. they have basic firewalls and 5-8 ports or more. and can be had for around 50-80 bucks or so (havent looked recently for prices). but I would read that "terms of use" im sure they made you sign when applying for internet or rights of the dorm before you go circumventing thier security procedures and rules

How would you be connecting the LAN to the internet ?
If you are going through the schools network and connection, if this is the case the ports will be blocked and above your control.
Buying a router/firewall and setting it up to open ports 'will only mean that your internal lan can access these port' it does not mean you will be able to access services through the schools connection as these ports are blocked by the Admin

Originally posted by UnseenMenace
How would you be connecting the LAN to the internet ?
If you are going through the schools network and connection, if this is the case the ports will be blocked and above your control.
Buying a router/firewall and setting it up to open ports 'will only mean that your internal lan can access these port' it does not mean you will be able to access services therough the schools connection as these ports are blocked by the Admin of your school.
he said he didnt want them to see what he was doing.. to prevent port scanning his comp. which the firewall will do. the sharing and stuff is a seperate unfixable problem.

Originally posted by pik4chu

he said he didnt want them to see what he was doing.. to prevent port scanning his comp. which the firewall will do. the sharing and stuff is a seperate unfixable problem.

This is what I was attempting to clarify, from my understanding of the question there appeared to be a little misunderstanding with respective to what could be achieved.
This is why I attempted to say that ' a router / firewall' will allow you open ports or use specific ports however, this does not effect the port blocking of internet services run by the school.
Admittedly your post provides better and more 'valid' information but I do try :D

Originally posted by UnseenMenace


This is what I was attempting to clarify, from my understanding of the question there appeared to be a little misunderstanding with respective to what could be achieved.
This is why I attempted to say that ' a router / firewall' will allow you open ports or use specific ports however, this does not effect the port blocking of internet services run by the school.
Admittedly your post provides better and more 'valid' information but I do try :D

ah :D

but to sum everything up... what he wants to do compared to what he can do wont help anything.. so he's basically SOL and thats the end of that, hehe.

Originally posted by UnseenMenace
How would you be connecting the LAN to the internet ?
If you are going through the schools network and connection, if this is the case the ports will be blocked and above your control.
Buying a router/firewall and setting it up to open ports 'will only mean that your internal lan can access these port' it does not mean you will be able to access services through the schools connection as these ports are blocked by the Admin

Thats the whole point!!! I never said putting a hub or switch will allow me to connect to other peoples computers across campus. I simply stated if I have one in my room my buddies can bring there PC's over and we connect them that way!!

Originally posted by pik4chu
if your at school using thier internet you must abide by their rules. if you try to get around that there can be problems... and beside. its thier network. they have every right to scan you. and remove your right to use thier serivces. everyone is getting more concerned about legal junk with file sharing. I also recall many schools here (CSU and CU) do not permit any "intranets" or WiFi networks to be created within thiers. as they can be security breaches. now if you just want to hook up multi comps in your dorm room. Linksys router/switches are good for that. they have basic firewalls and 5-8 ports or more. and can be had for around 50-80 bucks or so (havent looked recently for prices). but I would read that "terms of use" im sure they made you sign when applying for internet or rights of the dorm before you go circumventing thier security procedures and rules

Its not there right to port scan you and steal files off of your personal computer. A buddy of mine is currently talking to the dean about a network admin who did this. Interesting to see the punishment that will happen.

On another note I think you guys are getting the wrong idea for the purpose of this intranet. Its main purpose is for gaming, security from intruders no matter if they are admins or hackers, and the trading of files between clients connected to it my router. This way we are using my routers bandwidth to interchange game data, sharing of files, and not using the university bandwidth (which we cant now).

Well, if your buds aren't going to be hooking up and LANing all the time, the easiest way to secure your LAN from the portscanning is to disconnect it while you game.
I don't think the campus geshtapo will raid you because you went offline for a while....

If their internet acces is through a USB cable, all the better, so you can leave your NIC settings alone. If not, use two NIC's. You could even disable one by windoze software while you frag with the other (on your hub).

Can't scan ports through a NIC that's off/unplugged, no matter how l33t they may be.

Originally posted by Diggrr
Well, if your buds aren't going to be hooking up and LANing all the time, the easiest way to secure your LAN from the portscanning is to disconnect it while you game.
I don't think the campus geshtapo will raid you because you went offline for a while....

If their internet acces is through a USB cable, all the better, so you can leave your NIC settings alone. If not, use two NIC's. You could even disable one by windoze software while you frag with the other (on your hub).

Can't scan ports through a NIC that's off/unplugged, no matter how l33t they may be.

They both have to be connected as my sweetmate might be surfing the net while we are fragging each other. In otherwords disconnecting it is not an option.

No our internet connection to our room is not through a USB cable, its through ethernet 802.3 standards 10Mbps.

I guess you guys misunderstood my original question. I was simply asking what would be the best way to keep my internet connection alive while maintaining a intranet within my room. Security is with the up most in importance. Would it be possible to setup a linux box with 2 NICs to act as a router/firewall then connect the other NIC to a switch and run a gateway to the internet via the linux box?! Any ideas?