Eksitus Posted September 20, 2021 Share Posted September 20, 2021 (edited) Hi! I'm currently living in an university dorm with great (almost gigabit) wired internet connection. However they have it configured so that only one device is allowed to connect to internet per single connection (at least that is my hypothesis). I tried splitting this connection with network switch to my laptop and unRAID server and only one was connected to the internet at once. The biggest problem is the usage of virtual machines, because they can't access the internet (probably because they ask for separate IP). So without the internet I can't even access them via RDP/parsec and the lack of internet makes them kind of useless. Do you know what can I do in this situation? Or what information / logs do I need to give to you to be able to receive help? Do you think buying internet router would resolve this issue? (And what are your recommendations for budget-friendly one because I can't find my brand of choice - Fritz! after moving to US) Edited September 20, 2021 by Eksitus Quote Link to comment
ghost82 Posted September 20, 2021 Share Posted September 20, 2021 2 hours ago, Eksitus said: I'm currently living in an university dorm with great (almost gigabit) wired internet connection. However they have it configured so that only one device is allowed to connect to internet per single connection (at least that is my hypothesis). Hi, this will likely not sound good to you, but if that was made there was/is a reason. I don't suggest you to try to hack this config, yes it's a hack, rather ask the admin or whoever he/she is your needs and explain you have one device with virtual machines. Anyway, if you want to go with the hack (think twice!!!!Everything could be logged and the risk could also be the expulsion from the dormitory), first you need to understand where and what is what it's limiting and how the number of concurrent connections, it's by room (?), which ip addresses are assigned, etc. Quote Link to comment
Frank1940 Posted September 20, 2021 Share Posted September 20, 2021 (edited) 8 hours ago, Eksitus said: I'm currently living in an university dorm with great (almost gigabit) wired internet connection. However they have it configured so that only one device is allowed to connect to internet per single connection (at least that is my hypothesis). I tried splitting this connection with network switch to my laptop and unRAID server and only one was connected to the internet at once. You would need a router/switch combination for what you are trying to do. Is there only one connection per room and is there only one person per room? If there are more people than outlets, I would think that they would know that a router would be required for each dorm resident to have simultaneous network access. Does the dorm have WiFi? (I can't believe -- in the day and age -- that the WiFi is not provided on a campus wide basis!) By the way, a wired internet connection can only have one IP address assigned to it. I can see why they have restricted each wired connection to a single IP address because having an infinite pool of DHCP addresses is a real expensive hardware problem. So it is not an attempt to limit you to a single IP address but if campus wide WiFi is available, it makes sense not to run multiple cat5/cat6 cable runs to every dorm room. I would guess that in many cases, the connection would never even be used! Thinking more about it. You want to be very careful putting your Unraid server on that connection. (Your PC is far better protected!) You need to know if each IP address is isolated so that it can not be seen from the other IP addresses that are on the dorm router. Otherwise, you could end up in a situation where everyone in the dorm can see and (possibly) access your server. (BTW, using your own router will address this type of security issue!) EDIT: One more thing, that great Gb connection may not be so great if a large number of your fellow residents decide to use that connection! One more thing, avoid any use of that connection to do anything that is unethical. Not downloading/uploading of pirated music, video, music, etc. Edited September 20, 2021 by Frank1940 Quote Link to comment
Eksitus Posted September 21, 2021 Author Share Posted September 21, 2021 (edited) 3 hours ago, Frank1940 said: Thinking more about it. You want to be very careful putting your Unraid server on that connection. (Your PC is far better protected!) You need to know if each IP address is isolated so that it can not be seen from the other IP addresses that are on the dorm router. Otherwise, you could end up in a situation where everyone in the dorm can see and (possibly) access your server. (BTW, using your own router will address this type of security issue!) Speaking about security... every device connected via ethernet cable has assigned a PUBLIC IP!!! for some unknown reason! Good thing I found about it quickly and took measures not to expose my unraid shares to global internet! 3 hours ago, Frank1940 said: One more thing, avoid any use of that connection to do anything that is unethical. Not downloading/uploading of pirated music, video, music, etc. I'm aware and don't even have a need to do that since I get every software license I need using my .edu email 3 hours ago, Frank1940 said: EDIT: One more thing, that great Gb connection may not be so great if a large number of your fellow residents decide to use that connection! I mean so far it's really great (what a waste would it be not to use it for unraid...) And for some reason when I asked them about using internet router... """ Q: Hi, There is the information that "Personal routers are not allowed in residence halls" but I think I've read somewhere that they were permitted as long as their wifi was turned off. Would it be possible to use the router with all the wireless functionality turned off (I have router that has this option) like a "smart" internet switch? Or is it something that is not permitted from now on? """ A: Unfortunately, personal routers are not allowed in residence halls in any capacity. If you have any further questions, feel free to reply. """ Which makes completely no sense since how am I going to protect my devices against access from public without the router in between?! Should I manually block every port possible? I'd like to ask somebody in charge for the reasoning behind this I can either ask support that knows how to solve only basic problems or make a risk writing more emails just to get an answer "sorry, we can help you" and risk being tracked as potential risk to their network (that I think couldn't be more dangerous than giving everyone open public ip and risking having their files stolen or computers broken into...). I'd just like to set uo my router, open one and only port for wireguard and make windows and linux vms to connect to via rdp on android tablet (lightweight, great battery) when I'm outside the dorm which I find to be way more secure than the forced public ip I have assigned to my server now. Unless I miss some details or lack knowledge in which case please correct me... Maybe it can be done without router with pfsense to treat the server as the router? (but I don't know much about it yet, just heard this name in similar discussions) Anyway, thanks for your responses so far! Please let me know what do you think about this public IP situation, is it as crazy as I think or do I overreact? Edited September 21, 2021 by Eksitus Quote Link to comment
JonathanM Posted September 21, 2021 Share Posted September 21, 2021 Unfortunately you are being exposed to a life lesson, rules sometimes (often) don't make sense, but that doesn't mean it's ok to break them. However... I think you would likely get a different answer if you asked the question like this. "Am I allowed to use a firewall?" If they say no, then I'm afraid your only recourse is to bring your own internet with a cell phone connection and only connect sacrificial machines to their network. If they say yes, and don't elaborate as to WHICH firewalls are approved, then I'd say you are perfectly fine running a hardware firewall, and yes, pfSense is a firewall. The fact that it can be configured as a router is secondary, and not relevant as far as your conversation with university support. You can run pfSense on an older pc, as long as it's got 2 ethernet ports, typically you would need to add a card to a cheap pc for the second port. I've got an old Thinkpad T42 with a second ethernet port added in the cardbus slot that I use as a backup pfsense box, Cut your teeth on the setup and configuration with a separate pc, then you can migrate that knowledge to a VM on Unraid if you wish, and keep the hardware pfsense box available when the VM is down for whatever reason. In order to run pfSense as a VM on Unraid, you will need 2 physical ethernet ports that can be cleanly passed through, and a third port for Unraid's use that will be connected through a plain switch to the VM's LAN port. Unless your Unraid server already has enough ports and they can be divided for passthrough you will probably need to add a multi port GB card to pass through to the VM. Quote Link to comment
Frank1940 Posted September 21, 2021 Share Posted September 21, 2021 9 hours ago, Eksitus said: A: Unfortunately, personal routers are not allowed in residence halls in any capacity. If you have any further questions, feel free to reply. You might consider asking if they provide approved routers for student's use and see what their response is. Most routers can be setup so as to not have be detectable from the Internet. (Basically not responding to pings...) However, most other devices will respond to a ping so it is actually easy (for the University IT Department) to figure out if you have a router by looking for traffic but no ping response. 9 hours ago, JonathanM said: only connect sacrificial machines to their network AMEN! Within a few minutes of connecting a normal computer to that port, you are going to be hammered by hackers trying to get in. (Proven by threads posted by the folks who connected their Unraid servers directly to the Internet by putting their server in the DMZ.) 9 hours ago, JonathanM said: "Am I allowed to use a firewall?" <<< SNIP >>> If they say yes, and don't elaborate as to WHICH firewalls are approved, then I'd say you are perfectly fine running a hardware firewall, Most routers are firewalls and they all use software to perform that function. Any PC that connects to the Internet should have a software firewall installed and running. (A firewall is built into WIN10 and is on by default! You are free to install your own and disable the MS one.) There is a lot of inconsistency in their present position. I suspect it is because they allowed consumer routers with WiFi turned off in the past but most consumer routers have it turned on by default. And that is a big problem... By the way, there do not seem to be a lot of choice of strictly routers (no WiFi) available today. The ones that are available at a reasonable cost are proconsumer types made by Ubiquiti and MikroTik. These are not really plug-and-play devices. They require a setup procedure out of the box to get them running as basic router and the firewall is programmable from that point to do much more than provide simple protection. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.