+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 26
Wireless Networks Thread, Two Internet Connection One Network in Technical; Right, I maybe putting two much thought into this but having trouble making sense.... To explain... We have recently installed ...
  1. #1
    webby74's Avatar
    Join Date
    Jan 2008
    Location
    Southampton
    Posts
    97
    Thank Post
    64
    Thanked 11 Times in 6 Posts
    Rep Power
    15

    Two Internet Connection One Network

    Right, I maybe putting two much thought into this but having trouble making sense....

    To explain...

    We have recently installed a secondary internet connection in our office. We have our internet provided by the local authority but when it comes to looking for software, drivers, resources etc everything is blocked. So after much complaining to SMT we've got a standard broadband connection with a Belkin router just for IT Support.

    Now since then I've got to thinking it would be handy if we could access this internet connection when I take my macbook around the school.

    Now to do this is as simple as turning of DHCP on the Belkin router, adding the router via ethernet to the network and pointing devices to this router for internet access? Would this work and would I be able to use our school wireless to connect to the new internet connection?

    At first I thought it would be simple, but can't seem to get it straight in my head. I would be grateful for advice.

    Andrew

  2. #2

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,992
    Thank Post
    1,359
    Thanked 1,828 Times in 1,135 Posts
    Blog Entries
    19
    Rep Power
    602
    One of the things to be careful over is that you are likely to find that it is in the ToS of the LA connection that you cannot have 2 feeds running on the network at the same time. The main reason for this is not about LA control, but a term of the connections many LAs and RBCs have with JA.NET ... if people do have 2 lines then it is usually in a fail-over mode ... the LA line runs until it fails and then the network fails over to the other line (a number of firewall appliances will manage this for you, including Cisco and Watchguard kit). To have 2 separate and concurrent connections, used for different services, then you are looking at the use of firewalls and VLANs to segregate traffic. It can be done and keep everyone happy, but it is chunk of work. I do know a few places who have done this, but they had the in-house expertise to do it ... and enough money for the extra / upgraded hardware too.

    If you do go ahead with it I would be interested to see any documentation ... I know a few academies who are moving away from RBCs and are looking at getting multiple lines in from different providers for different tasks. One of the things stopping them is the pain to configure their LAN.

  3. #3
    budgester's Avatar
    Join Date
    Jan 2006
    Location
    Enfield, Middlesex
    Posts
    486
    Thank Post
    4
    Thanked 37 Times in 30 Posts
    Rep Power
    24
    Depends how you network is set up.

    But couldn't you just use a different default gateway for your laptop ?

    I.e

    Rest of the school default gateway = LEA Broadband Router
    IP settings Allocated by DHCP.

    You laptop default gateway = belkin router.
    IP static and manually entered into your laptop.

  4. #4

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,215
    Thank Post
    893
    Thanked 1,773 Times in 1,529 Posts
    Blog Entries
    12
    Rep Power
    461
    I think the best way would be to setup a small proxy server on a pc. Have 2 network cards. One in the main school and the other in your belkin lan. Just point your machines to that proxy on your main lan that you want to use the outside line for.

    Z

  5. #5

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,683
    Thank Post
    1,268
    Thanked 788 Times in 685 Posts
    Rep Power
    237
    Quote Originally Posted by webby74 View Post
    Now to do this is as simple as turning of DHCP on the Belkin router, adding the router via ethernet to the network and pointing devices to this router for internet access? Would this work and would I be able to use our school wireless to connect to the new internet connection?
    Yes, it's that simple and yes, you should be able to connect via wireless. Remember to make sure you assign your router an internal address that your machines can see, i.e. something on the same subnet. Of course, anyone who found your second gateway could also point their browser at it, thus bypassing any filtering. You could, maybe, connect the unfiltered line directly to your desktop PC and remote in to your desktop from your laptop around the school or perhapse use a VPN connection between the two.

    If you do want to load-balance/failover between two lines then the ZeroShell router/firewall Linux distribution will do that for you for free, you'll just need to provide something with three network ports in. You would probably want some local filtering on your ADSL line, too, of course.

  6. #6

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,821
    Thank Post
    272
    Thanked 1,140 Times in 1,036 Posts
    Rep Power
    350
    We have it here - we have an old desktop sitting between the 2nd line and our network running squid and dansguardian - we then just set our proxy to that and it routes out through that router rather then our LEA line.

    We then have it so that only Me, my boss, and teh other tecs have access through it. (we added dansguardian for accountablity etc)

  7. #7

    Join Date
    Mar 2009
    Location
    West Yorkshire
    Posts
    67
    Thank Post
    12
    Thanked 6 Times in 6 Posts
    Rep Power
    16
    Use an old box and put Smoothwall Express on it (Express Open Source Firewall Project).

    From memory:

    Secondary Internet (ADSL) -> Belkin (you could leave DHCP on as it will NOT connect directly to your network, otherwise you need to set your red IP to one in the same subnet as the Belkin LAN IP) -> Red connection on Smoothwhall | Green connection on Smoothwall -> network.

    Go for a closed setup, then open the ports outbound as you see fit. You can restrict the IP addresses that are allowed to use it (restrict it to those you will assign manually to your own machines), and on those machines, change your gateway to that green IP of the Smoothwall.

    You'll need to config your Belkin before wiring it like this as you won't have access easily after this wiring.

    Let me know if you need further info, or check the SWE community forums. (community.smoothwall.org • Index page)

    Mark

  8. #8
    Mr.Ben's Avatar
    Join Date
    Jan 2008
    Location
    A Pirate Ship
    Posts
    942
    Thank Post
    182
    Thanked 158 Times in 126 Posts
    Blog Entries
    2
    Rep Power
    65
    I have a similar set up - we have a separate connection for our Cafe WiFi (The cafe is open to the public).

    I have set up the router with DCHP enabled, but I have separated traffic with a VLAN. As we have a managed Wireless network I am able to set up a new SSID and connect it only to the second VLAN.

  9. #9
    webby74's Avatar
    Join Date
    Jan 2008
    Location
    Southampton
    Posts
    97
    Thank Post
    64
    Thanked 11 Times in 6 Posts
    Rep Power
    15

    Success!

    Thanks for all your replies! Its now working.

    Spent the afternoon setting it up.

    As suggested above I disabled DHCP, connected it via ethernet network, and gave it a static IP. I've manually configured IT Support devices with static IPs and point them to the Belkin Router.

    I've tested it round the school and can successfully access everything on the network and connected to the unfiltered internet.

    It's always nice when you achieve something successfully, thanks guys

  10. #10
    webby74's Avatar
    Join Date
    Jan 2008
    Location
    Southampton
    Posts
    97
    Thank Post
    64
    Thanked 11 Times in 6 Posts
    Rep Power
    15
    Quote Originally Posted by glennda View Post
    We have it here - we have an old desktop sitting between the 2nd line and our network running squid and dansguardian - we then just set our proxy to that and it routes out through that router rather then our LEA line.

    We then have it so that only Me, my boss, and teh other tecs have access through it. (we added dansguardian for accountablity etc)

    Interesting that you say you've done this. Can I ask what led you to this? Does it filter much if anything?

    Here its only myself and a part time tech who can access this connection.

    Cheers

    Andrew

  11. #11

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,992
    Thank Post
    1,359
    Thanked 1,828 Times in 1,135 Posts
    Blog Entries
    19
    Rep Power
    602
    Quote Originally Posted by webby74 View Post
    Interesting that you say you've done this. Can I ask what led you to this? Does it filter much if anything?

    Here its only myself and a part time tech who can access this connection.

    Cheers

    Andrew
    Except there is nothing to stop someone else with a laptop in the area using a well-known tool to see where your traffic is going, set up their own device with a static address on a LAN port and plug it into your network, getting unfiltered access to everything. They can spoof MAC address if you are using ACLs too.

  12. #12

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,683
    Thank Post
    1,268
    Thanked 788 Times in 685 Posts
    Rep Power
    237
    Quote Originally Posted by GrumbleDook View Post
    getting unfiltered access to everything
    If it's the case that they want this connction to access specific sites they could just use Squid with a whitelist to let them through to the sites they want and nothing else.

  13. #13

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,821
    Thank Post
    272
    Thanked 1,140 Times in 1,036 Posts
    Rep Power
    350
    Quote Originally Posted by GrumbleDook View Post
    Except there is nothing to stop someone else with a laptop in the area using a well-known tool to see where your traffic is going, set up their own device with a static address on a LAN port and plug it into your network, getting unfiltered access to everything. They can spoof MAC address if you are using ACLs too.
    exactly that reason - somebody clever trying to get around our filters (although they can't change there proxy)

    and also incase somebody turns around and says they saw me on dodgy sites - i can then turn around and say look through the logs.

    just covering my own backside.

  14. #14

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,683
    Thank Post
    1,268
    Thanked 788 Times in 685 Posts
    Rep Power
    237
    Quote Originally Posted by glennda View Post
    and also incase somebody turns around and says they saw me on dodgy sites - i can then turn around and say look through the logs.
    Spoof MAC address, obtain IP from DHCP, visit dodgy website, say "I saw Sir on dodgy website"...

  15. #15

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,821
    Thank Post
    272
    Thanked 1,140 Times in 1,036 Posts
    Rep Power
    350
    Quote Originally Posted by dhicks View Post
    Spoof MAC address, obtain IP from DHCP, visit dodgy website, say "I saw Sir on dodgy website"...
    it only works from a set ip range and also it authenticates against ad so that it needs credentials aswell.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Well, we've got an internet connection....
    By Dos_Box in forum General Chat
    Replies: 0
    Last Post: 23rd February 2011, 11:50 AM
  2. Internet Connection
    By stebo730 in forum Internet Related/Filtering/Firewall
    Replies: 15
    Last Post: 15th February 2011, 06:30 PM
  3. Internet connection
    By leco in forum Mac
    Replies: 23
    Last Post: 4th February 2010, 07:51 AM
  4. Internet Connection Woes
    By u8dmtm in forum Internet Related/Filtering/Firewall
    Replies: 3
    Last Post: 2nd October 2009, 09:13 AM
  5. VPN connection with internet connection option
    By FN-GM in forum Wireless Networks
    Replies: 6
    Last Post: 29th December 2007, 07:19 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •