Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Subnetting to one address per client
New Posts  All Forums:Forum Nav:

Subnetting to one address per client

post #1 of 11
Thread Starter 
I am perhaps an IP networking noobie but here's the scenario I am imagining and hoping you will comment on one way or another.

One of my favorite podcasts (security now if i remember correctly) had a user letter about an apartment building who gave everybody a network connection and simply sub-netted so all the residents were on a network of one (technically the gateway plus one client, whatever).

I am about to move into a new place which will have many, many room mates most of which will have their own PCs.

So my question is would it not be worth the trouble to set up the house network this way so no one can access each other's PC (also not infect them)?

Could I do this with nothing but a tomato router?

Would it be more effective/easier to just use my own NAT router to isolate myself from everyone else in the house? (a NAT within a NAT in other words)

Is there some other seamless (e.g. easy or "elegant") way to isolate my few hosts from the rest of the network?

I'll probably end up with the double NAT setup but I thought I would explore my options here. Any input would be greatly appreciated.
 
VM Server
(17 items)
 
 
CPUGraphicsRAMHard Drive
Intel Ivy Bridge Core i7-3630QM nVidia GeForce GTX 680M 16GB DDR3 1600MHz Dual Channel Memory (2 SODIMMS) Hard Drive: Serial-ATA II 3GB/s 
Hard DriveOSMonitorPower
Hard Drive: Serial-ATA II 3GB/s Windows 10 Pro x64 17.3" FHD 16:9 (1920x1080) Battery: Smart Li-ion Battery (8-Cell) 
Audio
Sound Blaster Compatible 3D Audio 
CPUMotherboardGraphicsRAM
Intel Core i7 860 Biostar T5 XE Radeon HD 5870 Corsair 16GB  
Hard DriveHard DriveOptical DriveOS
Western Digital hard drive wd1001fals-00e8b0 Maxtor 300GB I don't need no stinking optical drive Microsoft Windows 7 Ultimate x64 
MonitorMonitorKeyboardPower
HP ZR24w 24'' Samsung SyncMaster 24" logitech wireless k360 Seventeam ST-850ZAF 850W ATX 
CaseMouseAudioAudio
Thermaltake V9 Black Edition Logitech G500 Programmable Gaming Mouse FiiO E7 USB DAC and Portable Headphone Amplifier Sennheiser HD555 Professional Headphones 
  hide details  
Reply
 
VM Server
(17 items)
 
 
CPUGraphicsRAMHard Drive
Intel Ivy Bridge Core i7-3630QM nVidia GeForce GTX 680M 16GB DDR3 1600MHz Dual Channel Memory (2 SODIMMS) Hard Drive: Serial-ATA II 3GB/s 
Hard DriveOSMonitorPower
Hard Drive: Serial-ATA II 3GB/s Windows 10 Pro x64 17.3" FHD 16:9 (1920x1080) Battery: Smart Li-ion Battery (8-Cell) 
Audio
Sound Blaster Compatible 3D Audio 
CPUMotherboardGraphicsRAM
Intel Core i7 860 Biostar T5 XE Radeon HD 5870 Corsair 16GB  
Hard DriveHard DriveOptical DriveOS
Western Digital hard drive wd1001fals-00e8b0 Maxtor 300GB I don't need no stinking optical drive Microsoft Windows 7 Ultimate x64 
MonitorMonitorKeyboardPower
HP ZR24w 24'' Samsung SyncMaster 24" logitech wireless k360 Seventeam ST-850ZAF 850W ATX 
CaseMouseAudioAudio
Thermaltake V9 Black Edition Logitech G500 Programmable Gaming Mouse FiiO E7 USB DAC and Portable Headphone Amplifier Sennheiser HD555 Professional Headphones 
  hide details  
Reply
post #2 of 11
Just get a managed switch and router that supports 802.1q.

You can assign each switchport to it's own subnet/VLAN
You can use access lists on the router to restrict traffic between subnets but still provide WAN connectivity.
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
post #3 of 11
Quote:
Originally Posted by subassy View Post
Is there some other seamless (e.g. easy or "elegant") way to isolate my few hosts from the rest of the network?
Not on basic home equipment. I'm sure there is some crooked half chopped up way of setting........ Oh wait, I just thought of one:

Install GNS3, and install the ASA 8.2 IOS in QUME and then bind your loopback adapter to one of the ports of the emulated ASA using with an inside privilege level, and then another interface as your outside bound to the Physical interface with a lower priority level. Then you'd just need to use the ASDM to configure the interface zones and then add a permanent quad-zero static route to force all of your traffic out the loopback - into the emulated ASA security appliance - and out your physical interface.. Then how you want to configure who, what, can connect to your machine any way you like...

Or something like that.. Have fun..
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
post #4 of 11
Quote:
Originally Posted by scottsee View Post
Install GNS3, and install the ASA 8.2 IOS in QUME and then bind your loopback adapter to one of the ports of the emulated ASA using with an inside privilege level, and then another interface as your outside bound to the Physical interface with a lower priority level. Then you'd just need to use the ASDM to configure the interface zones and then add a permanent quad-zero static route to force all of your traffic out the loopback - into the emulated ASA security appliance - and out your physical interface.. Then how you want to configure who, what, can connect to your machine any way you like...

Or something like that.. Have fun..
Hello excessive latency and 100% CPU utilization
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
post #5 of 11
Oh come on, the idle features of GNS3 fix that & latency? Maybe 1ms.. I'm not sure if the ASA in GNS3 is restricted to the same maximum packet rate of 1000 packets a second though... Probably is..
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
post #6 of 11
Thread Starter 
Quote:
Originally Posted by scottsee View Post
Not on basic home equipment. I'm sure there is some crooked half chopped up way of setting........ Oh wait, I just thought of one:

Install GNS3, and install the ASA 8.2 IOS in QUME and then bind your loopback adapter to one of the ports of the emulated ASA using with an inside privilege level, and then another interface as your outside bound to the Physical interface with a lower priority level. Then you'd just need to use the ASDM to configure the interface zones and then add a permanent quad-zero static route to force all of your traffic out the loopback - into the emulated ASA security appliance - and out your physical interface.. Then how you want to configure who, what, can connect to your machine any way you like...

Or something like that.. Have fun..

My airport express from 2005 can do that right...?

Okay maybe I'll just do the double NAT thing. I assume that will slow down things like WoW updates e.g. torrent-related protocols?

Thanks for your help
 
VM Server
(17 items)
 
 
CPUGraphicsRAMHard Drive
Intel Ivy Bridge Core i7-3630QM nVidia GeForce GTX 680M 16GB DDR3 1600MHz Dual Channel Memory (2 SODIMMS) Hard Drive: Serial-ATA II 3GB/s 
Hard DriveOSMonitorPower
Hard Drive: Serial-ATA II 3GB/s Windows 10 Pro x64 17.3" FHD 16:9 (1920x1080) Battery: Smart Li-ion Battery (8-Cell) 
Audio
Sound Blaster Compatible 3D Audio 
CPUMotherboardGraphicsRAM
Intel Core i7 860 Biostar T5 XE Radeon HD 5870 Corsair 16GB  
Hard DriveHard DriveOptical DriveOS
Western Digital hard drive wd1001fals-00e8b0 Maxtor 300GB I don't need no stinking optical drive Microsoft Windows 7 Ultimate x64 
MonitorMonitorKeyboardPower
HP ZR24w 24'' Samsung SyncMaster 24" logitech wireless k360 Seventeam ST-850ZAF 850W ATX 
CaseMouseAudioAudio
Thermaltake V9 Black Edition Logitech G500 Programmable Gaming Mouse FiiO E7 USB DAC and Portable Headphone Amplifier Sennheiser HD555 Professional Headphones 
  hide details  
Reply
 
VM Server
(17 items)
 
 
CPUGraphicsRAMHard Drive
Intel Ivy Bridge Core i7-3630QM nVidia GeForce GTX 680M 16GB DDR3 1600MHz Dual Channel Memory (2 SODIMMS) Hard Drive: Serial-ATA II 3GB/s 
Hard DriveOSMonitorPower
Hard Drive: Serial-ATA II 3GB/s Windows 10 Pro x64 17.3" FHD 16:9 (1920x1080) Battery: Smart Li-ion Battery (8-Cell) 
Audio
Sound Blaster Compatible 3D Audio 
CPUMotherboardGraphicsRAM
Intel Core i7 860 Biostar T5 XE Radeon HD 5870 Corsair 16GB  
Hard DriveHard DriveOptical DriveOS
Western Digital hard drive wd1001fals-00e8b0 Maxtor 300GB I don't need no stinking optical drive Microsoft Windows 7 Ultimate x64 
MonitorMonitorKeyboardPower
HP ZR24w 24'' Samsung SyncMaster 24" logitech wireless k360 Seventeam ST-850ZAF 850W ATX 
CaseMouseAudioAudio
Thermaltake V9 Black Edition Logitech G500 Programmable Gaming Mouse FiiO E7 USB DAC and Portable Headphone Amplifier Sennheiser HD555 Professional Headphones 
  hide details  
Reply
post #7 of 11
Using a second layer nating strategy would be less then ideal, but if that's all ya got. Whatever..
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
post #8 of 11
Quote:
Originally Posted by scottsee View Post
Oh come on, the idle features of GNS3 fix that & latency? Maybe 1ms.. I'm not sure if the ASA in GNS3 is restricted to the same maximum packet rate of 1000 packets a second though... Probably is..
Nice.
The last time I tried GNS3 on a C2D E8400 with two 2621's it was like 120 ms from one interface to the other, with idlePC values calculated..
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
post #9 of 11
Double NAT is fine. Your situation sounds just like any environment you'd run into on any number of college residences... so yeah, just use your own router and isolate your own environment. That's what I did back in the day...
ESXi Host 1
(15 items)
 
  
CPUMotherboardGraphicsRAM
(2x) Intel Xeon E5520 Dell OnBoard Matrox G200 24GB DDR3 12x2GB UDIMMS (18 slots total) 
Hard DriveHard DriveHard DriveHard Drive
PERC6-RAID50 Intel 730 480GB Intel 320 300GB Synology DS414 iSCSI SAN 
OSMonitorKeyboardPower
VMWare vSphere5 Enterprise Plus Dell iDRAC6 Remote Management [KVM-Over-IP] Dell iDRAC6 KVM Dell Hot-Swap Redundant 1100W 
CaseMouse
Dell PowerEdge T710 Stock Dell iDRAC6 KVM 
  hide details  
Reply
ESXi Host 1
(15 items)
 
  
CPUMotherboardGraphicsRAM
(2x) Intel Xeon E5520 Dell OnBoard Matrox G200 24GB DDR3 12x2GB UDIMMS (18 slots total) 
Hard DriveHard DriveHard DriveHard Drive
PERC6-RAID50 Intel 730 480GB Intel 320 300GB Synology DS414 iSCSI SAN 
OSMonitorKeyboardPower
VMWare vSphere5 Enterprise Plus Dell iDRAC6 Remote Management [KVM-Over-IP] Dell iDRAC6 KVM Dell Hot-Swap Redundant 1100W 
CaseMouse
Dell PowerEdge T710 Stock Dell iDRAC6 KVM 
  hide details  
Reply
post #10 of 11
Quote:
Originally Posted by beers View Post
Nice.
The last time I tried GNS3 on a C2D E8400 with two 2621's it was like 120 ms from one interface to the other, with idlePC values calculated..
I never look at that stuff. You might be right.. I was just pointing out a condiluted jimmy-rigged option.
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Subnetting to one address per client