OT-Computer networking

OK this is 99 and 44/100% OT, but you guys know everything.

The place I work has an IT department straight out of a Dilbert cartoon. For a department of 15, we have been allowed

1 (!) internet computer, located in the far corner of our area. Major nusiance. We use this alot, and would like to set up a clandestine sub-network off of our department computer, to get web access to our desks. We asked repeatedly via offical channels and where refused, with no explaniation. Never a group to avoid from such a challange, I turn to you for help.

Our internet connection is a T1, distributed over an internal network, seperate from the "regular" company network. We originally tried the obvious, which was to plug a hub into where our web computer is and distribute from there, but it won't work. I found out that the system is set up to communicate only with the MAC address of the specific ethernet card in that computer. It ignores any other network device that is plugged into it.

Now I understand that it is possible to put 2 network cards in 1 computer. Is that true, and would it be possible to do that and use the second network card to allow "passthrough" (for lack of a better term) access to the web? What would it take, SW and HW wise?

As I am sure you have gathered, I am not any sort of networking expert, but maybe know just enough to be dangerous. Any ideas or suggestions as to the best way to accomplish this?

All of these computers are P3's (sad, I know...) running Win98 or

98SE.

Thanks for any suggestions!

Reply to
claviusb.b
Loading thread data ...

Check into Internet Connection sharing. It's a built in function courtesy of MS. You will need a second NIC to connect to your "local" network.

formatting link
I have not done this on Win98 but it is simple on Win2k. I expect it is similar on Win98.

JW

Reply to
jw

Many DSL routers, like a Linksys BEFSR41 can fake a MAC address and act as a hub the way you intended,

But what happens when the IT department discovers your evasion of their policy?

Reply to
John Ings

If we don't, we'll make something up.

Sounds...inconvenient.

I'd suggest getting a reason, even if it's a bad one. Management tends to frown on (read: fire people for) what I think you're about to describe...

I'm having a hard time guessing, then, why they care about what happens on it.

You need, fro instance, a Linksys switch, which will allow you to spoof the MAC address of that hardware.

If I was going to do it (and I still think that the whole "getting fired" thing is more of an inconvenience than the "getting to tha intarweb" thing, but that's your call, not mine) I'd use a Linksys, spoof the MAC that your provider sees now from that one PC. So now, as far as the provider is concerned, nothing has changed.

Now, on the Linksys, set up a DHCP server so that each of the clients can fetch an IP address. As long as you're not running webservers or anything on your systems, you don't have to worry about port forwarding inbound. Set the clients to get the IP and DNS automatically, and you _should_ have it working.

Again, that having been said, your new networking experience might be a necessary skill to add to your resume should your employers take this poorly. Most IT departments that are reasonable will give you either control _or_ support - if you can get unsupported control, you should be fine. Some insist on control without giving you support, which seems like what you've got, in which case this could be touchy.

Dave Hinz

Reply to
Dave Hinz

I suspect your IT people are trying to keep viruses off the regular company network. A good idea, believe me.

Reply to
ff

Yabbut, he said it's a separate T1 feed from the local provider, not the corporate network. I think maybe they're just overworked and don't want to deal with it.

Still safer to propose it & get permission, though...

Reply to
Dave Hinz

I'm the Tech cor. and I can tell you if you where here at the school, you would be gone, toast, history. Anyone that bypass network safe guard I have in place do not get a second chance very often.

Reply to
Jim Geib

Yes and as soon as he does anything he essentially connects the corp net to the real net and blamo... virus city..

98/98SE isn't going to do the gateway, an external router is the only way, and now they will have to put dual nics in all their machines so they can hook to both corporate and their 'hack net'..

and when, not if... WHEN, they virus the whole company I'm SURE heads will roll.

just my 2 cents worth

Dave

Reply to
Dave August

No, he specified that it's a separate feed and a separate network. If that's not correct, then yes, bad idea for valid reasons.

Right.

As soon as they do that, the whole thing falls apart and is very much fire-able.

Yup, if he's tying those clients to two networks, one secure and one insecure, that'd be a problem. Didn't sound like what he was saying. But, I think enough of us have thrown huge red flags up at this point that if he's going to continue, he at least knows he's walking into a buzzsaw.

Reply to
Dave Hinz

Thanks all, for the replies.

As to the risk for doing this sort of thing, it is pretty minimal. The IT department is, essentially, one guy. He seems to simply not want to do this sort of thing. When we asked for unsupported control, he said no. When we asked for support, he said no also. This is not a new pattern for him. He really is an OK guy, just a bit odd. This was the guy who was unreachable (no "reach me here" number, cell phone shut off, etc) on the opposite coast, for 5 days when our company network went down. The guy he left in charge was not even given keys to the server room, so we broke the lock off the door for him, only to find out that all of the stuff was password protected, and he had not shared the passwords. Shut down an entire section of the company for 4 days. he still works here, I think we are OK.

Our experience has been that once we set this up, word will get around, and then the IT guy will just sort of take it over. That is fine with us, there is nothing illicit going on here. That was how we got our web computer in the first place. We sort of "borrowed" an underutilized one from a neighboriing department, after being refused one of our own. He takes care of it since.

just seems to be a way to get things done sometimes in one of these not-big-but-not-small-either-companies. It is a silly way for things to work, but it does keep life there interesting.

Thanks again for all of the replies. I really do appreciate all of your advice, technical and otherwise.

Reply to
claviusb.b

Keep in mind that he can (legally and technically, but not ethically) read your email.

You obviously know more about the situation than we do, so good luck. I don't see any _technical_ reasons it wouldn't work, as long as you don't tie the outside network to the inside network, bypassing his firewalls. That's where I'd get very excited if it was my domain.

Beats working, y'know?

Reply to
Dave Hinz

Management has decided this question. Do you have new employment waiting?

Reply to
nobody

I may have worded poorly, but there is NO connection between the internal corperate network and the web. We are not trying to add one. I agree that would be dangerous and stupid. Everybody here has at least

2 computers in thier office, one on the company network, and one or more that are not.

Would just like to have more than one web computer in our area, so that we don't have to stand in line to get outside email. Like I said, nothing sinister or suicidal. Maybe "clandestine" was a bit too strong a word. : )

Reply to
claviusb.b

Firewall issues.....viruses....better off seeing if they will perhaps agree to add a second terminal onto that particular node if the one is busy too often...

To do otherwise would be pretty much asking for them to fire you.

Reply to
PrecisionMachinisT

You need a NAT router connected to the internet connection and the LAN. It takes the place of the computer connected to the internet and assigns local access to all computers on the local area network, as a gateway.

You'll need to be able to keep that hidden from Catbert or whoever.

Reply to
nospam.clare.nce

One of my computer customers (my hobby business, 20 years, 12 customers) bypassed the security I put in place to keep employees off the net except on one isolated machine. Result: over two days down-time on their accounting package including order entry, shop orders and billing. Cost to the company: They estimate $18,000 plus lost customers. Think twice!!!

Reply to
Tom Gardner

I don't think it's so much "faking" it as that's basically the way it works. I have one of those partly because it was highly recommended for my needs. Nothing "subversive" just a good working unit. At the moment I have four computers (only two of which will be here for any great span of time) hooked to it and all can see my internet connection.

You threaten to quit and mean it. IT organizations are less important to company success than any IT department. Been there, done that.

Ted

Reply to
Ted Edwards

This is very easy to do. Here's how you do it.

  1. Install a second ethernet card, connect it to the ethernet hub or switch of your clandestine sub-network.

  1. Install a software router to route between the two cards. Do a google search on "software router" for your operating system. All Internet traffic will pass from your hub or switch to the 2nd ethernet card, then get routed via software to the first card. All traffic will appear to originate from the "authorized" card.

Some of the other suggestions re: routers w/NAT were pointing you in the right direction, but were not exactly what you needed. The more modern way to do this is with a router w/NAT, but in that case, your router would have a different MAC address, which wouldn't work in your situation.

Some of the other suggestions re: viruses and other dangers were also on target; so be careful if you succeed.

Incidentally, I did exactly as described above for many years, back when dedicated routers w/NAT cost a lot of money. I had a server that did very little beyond routing traffic between a couple ethernet cards. Then I replaced it with a little Linksys router for around $50.

Reply to
Jedd Haas

He keeps saying it's a separate network with separate machines. This is no different than what we have right over ---> there, our "DSL lab", with a local provider's DSL dropped in so we can test our sites from a computer which is networkologically "outside". It's in the same building, but it's no more on our network than my computers at home are on our network.

Reply to
Dave Hinz

ROFL, what I do is find and implement solutions for hirer's problems. Sometimes I "find" those solutions on the Internet. Now, if I have to wait until I get home to do the finding/reasearch, then that can double the time to solution.

It is a bit like bundying on and off, either you are employed to do the job or employed to put in the time (which may or may not mean you do the job).

Each to their own, but you get what you pay for.

Reply to
Terry Collins

PolyTech Forum website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.