Increase my security on a shared internet connection

[Murdlih]

My current set up is as follows.

I pay my neighbor a to share his internet connection. He uses WEP. I think this is because he has a nintendo or some such that does not support WPA. There is a little bit of a language barrier.

I just put together a couple of machines, and if/when I need to connect them to the internet, I just do it through the wireless cards in them and connect to his Linksys WRT54G Router

What I would like to do is network my machines together so that I can share files between them, and backup between them and all that good stuff. I would also like it if my neighbor could not share files with me. Or even see what computers I have, what folders are shared, etc. I am just a little paranoid, as his network is definitely the low-hanging fruit in my area. Every other router in range is WPA or WPA2 protected, so if someone were to try to hack into someone else's wifi, it would be his.

What is the best way to protect my computers from my neighbor and potentially malicious hackers? I have a WRT54G V2.0 (currently running Tomato 1.27 firmware) as well as a Microsoft MN-700 Router. My place is small, so wiring in my apartment is an option, but maintaining security and wireless would be sweet, for my smartphone and friends with laptops.

Also, my neighbor understandably doesn't want to give me access to his router, is there a way to check to see if he has any ports forwarded, if I were going to access my computer from the Web?

Please forgive my ignorance, and feel free to point me at any faqs or pre-existing threads I missed. And thanks in advance!

 

[zzz2496]

Use your WRT54G to connect to your neighbor's Internet connection, but you'd need to buy an Access Point that's capable of connecting as a client... But you'd need an access point. Here's my idea:

Your LAN [Wired/Wifi using WPA2/WPA] --> [LAN/Wifi]WRT54G[WAN]-->An Access Point(client mode)-->Your neighbor's Net.

This way you can "pretend" as if your neighbor's Network is an "ISP", and you are "firewalling" your self off his network...

zzz2496

 

[Murdlih]

Wonderful.

My WRT54G running Tomato can be set up as a client, now just to figure out how to do that! Assuming I can get my WRT54G in client mode, I am guessing I could then run ethernet from it's LAN port to the WAN port of my old microsoft router? And have that serve as my wifi/wired network?

So far this has been a very immersive experience. I am fairly computer savvy, but subnetting and valid IP ranges are a thing I have not delved into yet.

One of the things that has been bothering me is that whenever I switch from finding help on the web to setting up and playing with my router is having to disable my wifi card to access the router, and having to disable my router to access the wifi. It is kind of a pain. Is there any good way to simplify or speed up this process?

 

[zzz2496]

Hmm, so you want to do this:

Your LAN(wired)--> [LAN]Microsoft Router[WAN]--> [LAN]WRT54G[Wifi Client mode bridge] --> Neighbor's Net.

Is that what you want? Here's what I'm thinking... If your WRT54G goes into client mode, you can't use it as a "Hot spot", you'd need to connect to your neighbor's Wifi network to connect, which will defeat the purpose... If your old Microsoft router doesn't have Wifi, then I don't think you can connect to your "secure LAN" over wifi, since the WRT54G is acting as a client... I think you'd be better off buying an Access point and use that as a wifi client to connect to your neighbor's net and use the WRT54G as the router...

zzz2496

 

[Murdlih]

Thanks for the quick replies. The microsoft MN-700 is a wireless router, albeit an older one that doesn't have great windows 7 support. Would that me a problem?

My LAN [Wired/Wifi using WPA2/WPA] --> [LAN/Wifi]MN-700[WAN] --> [LAN] WRT54G [set up as a client] --> My neighbor's Net.

The linksys is a versatile router from my understanding, with lots of different firmwares having been written for it. So that should be able to do any of the fancy stuff I need. The MN-700 should do fine for basic wireless [or wired] routing needs.

The firmware I am using right now on the linksys is a little spotty on documentation, so I think I will switch to DD-wrt nd follow these instructions.

Client Mode - DD-WRT Wiki

The knowledge that I could set up a router as a client, and make my computer or possibly another router think of it as my ISP is clutch.

 

[zzz2496]

Thanks for the quick replies. The microsoft MN-700 is a wireless router, albeit an older one that doesn't have great windows 7 support. Would that me a problem?

I don't think so, it should work fine...

My LAN [Wired/Wifi using WPA2/WPA] --> [LAN/Wifi]MN-700[WAN] --> [LAN] WRT54G [set up as a client] --> My neighbor's Net.

Ahh, that's great... I thought the MS router doesn't have Wifi, so... Your plan is sound, go ahead and do it then

The linksys is a versatile router from my understanding, with lots of different firmwares having been written for it. So that should be able to do any of the fancy stuff I need. The MN-700 should do fine for basic wireless [or wired] routing needs.

The firmware I am using right now on the linksys is a little spotty on documentation, so I think I will switch to DD-wrt nd follow these instructions.

Client Mode - DD-WRT Wiki

The knowledge that I could set up a router as a client, and make my computer or possibly another router think of it as my ISP is clutch.

Learning new things everyday

zzz2496

 

[acurasd]

Actually If you have access to his internet....then you have access to his router.
unless he really put a secured password on his router.

by him giving you his WEP, that gives access to his network.

Unless he has a router that is only giving you internet as a "Guest"

find your Gateway and open his router up like that.

you can look at his settings without him knowing. Yes, that would be invasion of privacy if he had already told you no.
================================================
another thing you can do is ask him to give you the DMZ rights to the router and use your router to set up your own ports.

iF YOUR APARTment isn't too inclosed. Maybe you can do a Port to Port hard wire... So it would be Lan 4 to your WAN port on your router and he will give you the DMZ grounds and that way you can set up your own security there using yuor own router.

if you can't do that then you would need an access point to catch the signal and translate it.

 

[zzz2496]

Actually If you have access to his internet....then you have access to his router.

by him giving you his WEP, that gives access to his network.

Unless he has a router that is only giving you internet as a "Guest"

find your Gateway and open his router up like that.

you can look at his settings without him knowing. Yes, that would be invasion of privacy if he had already told you no.

another thing you can do is ask him to give you the DMQ rights to the router and use your router to set up your own ports.

First: DMZ

Second: unless the OP knows what the username/password combination - I don't think he can access his neighbor's router admin interface...

zzz2496

Edit: Boy I type fast today

 

[zzz2496]

By the way, acurasd - the neighbor's router is WRT54G, the web interface is not available through Wifi connection...

zzz2496

 

[acurasd]

Actually If you have access to his internet....then you have access to his router.

by him giving you his WEP, that gives access to his network.

Unless he has a router that is only giving you internet as a "Guest"

find your Gateway and open his router up like that.

you can look at his settings without him knowing. Yes, that would be invasion of privacy if he had already told you no.

another thing you can do is ask him to give you the DMQ rights to the router and use your router to set up your own ports.

First: DMZ

Second: unless the OP knows what the username/password combination - I don't think he can access his neighbor's router admin interface...

zzz2496

Edit: Boy I type fast today

Yeah i tried to fix the DMZ not the DMQ, guess i forgot to save... My bad.

I use to have that router and I could access it with no problem.

Yeah i know... when i tried to fix the DMZ thingy, i mentioned the uer name and password for the router.

That is why i am thinking if he could just run a direct line.. hard wire it to another router into the WAN port, have that 2nd router take a STATIC IP and then the first router would give that static IP the DMZ, so that the OP could set up his own ports.

I am not really sure of his geographical location from one access point to another.

Slideshows would be great.

 

[Murdlih]

Yeah. I can actually get to his router's log in wirelessly by going to the default 192.168.1.1, but he has changed from the default user name and password. (Shhh! I actually tried a bunch of default username password combinations. I also thought briefly about trying to brute force his router, but then my ethics light came on.)

Running cable is not an option, as we are renters and not about to route cables through hallways or on the outside of buildings.

He is giving me a pretty sweet deal of only paying him $5 a month, so I don't want to hassle him too much. He does change his password every few months, and sends me an e-mail saying so. So I have it pretty sweet.

I am currently still trying to get my linksys to work in client mode, as I am thinking that is what needs to happen. I am not having superb luck in setting it up. But if something amazing happens I will let you all know.

 

[acurasd]

Yeah. I can actually get to his router's log in wirelessly by going to the default 192.168.1.1, but he has changed from the default user name and password. (Shhh! I actually tried a bunch of default username password combinations. I also thought briefly about trying to brute force his router, but then my ethics light came on.)

Running cable is not an option, as we are renters and not about to route cables through hallways or on the outside of buildings.

He is giving me a pretty sweet deal of only paying him $5 a month, so I don't want to hassle him too much. He does change his password every few months, and sends me an e-mail saying so. So I have it pretty sweet.


Nevermind... found it for you. Its on page 20.

http://download.microsoft.com/downl...67/mn700_base_station_configuration_guide.pdf

I am currently still trying to get my linksys to work in client mode, as I am thinking that is what needs to happen. I am not having superb luck in setting it up. But if something amazing happens I will let you all know.

Yeah that is what I am thinking too.

You somehow have to use a access point.. then convert the wireless into a cable and then you can plug that into your own router which will be your WAN port...then you can configure your ports that way. The only thing you can ask him to do is that when you configure the access point. ask him to turn on the DMZ for that perticular IP address.

now the hard part is finding something to act as your access point. Trust me, stores don't make it cheap either. I think that is a way you can do it to that microsoft, i actually have the microsoft one your talking about, but its been years since i've actually booted that thing up, coudln't even tell you where the a/c adapter is.

I would try to get the manual online to see what is needed to change it client mode or access point mode

 

[acurasd]

I found it for you..

its on page 20

http://download.microsoft.com/downl...67/mn700_base_station_configuration_guide.pdf

 

[Murdlih]

Cool. Thanks. The MN-700 can do some fun stuff ( Jozerworx - MN-700 Tutorial ), but with it's default firmware it can only be a router or an access point. Great for extending the range of your network, but does not firewall or subnet, and therefor no better security. I managed to get my linksys into client mode following the the directions in the original link ( Client Mode - DD-WRT Wiki ). Not sure what I was doing wrong all day, but in case someone else is stumbling upon this post,

I had my Wireless --> Basic --> Network Mode: is now set to G Only. It was set to mixed.

Also, I temporarily disabled the firewall, and that is when my OS saw the internet. After which I was able to restart the firewall, and no hiccups. I haven't rebooted or shut down either the router or the computer yet. So we shall see.

Currently I have my linksys as a client to my neighbor's router, connected via ethernet to my computer. The next step in the process is to put the MN-700 in between my computer and the linksys, and see if I can actually rebroadcast the shared internet signal. But as I haven't played with that thing in a few years, and it is getting a little late, I think it is time for bed.

 

[zzz2496]

I suppose the neighbor is not smart enough to disable "Wireless Access Web" in administration...

zzz2496

 

[Murdlih]

Hoorah. So I finally got the network topography that I wanted. It took me a while, and I got a little frustrated. But it turns out my major hitch was that I had my client and my router on the same subnet. Which my router did not like.

Details:

Neighbor's LAN - 192.168.1.1

Client Routers WAN - Dynamic - 192.168.1.100-150
Client Router's LAN - 192.168.2.1
Client Router's Gateway - I did not need to set - 192.168.1.1

Local Router's WAN - Dynamic - 192.168.2.100-150
Local Router's LAN - 192.168.3.1
Local Router's Gateway - Did not need to set - 192.168.2.1

And now that I have that all set up, I can start playing with QoS stuff to make sure my bittorrent doesn't eat all my bandwidth. It would be great if I could set this up on HIS router, so I could be sure it wasn't eating up his bandwidth as well, but instead I will just keep my same schedule rules of only downloading while he is asleep or at work.

 

[zzz2496]

Good

By the way, it's called router because it routes packets - which means your LAN and your "ISP" must NOT use the same subnet. That is the basics of routing.

zzz2496