A whole bunh of networking questions

[nkk]

I have recently gotten into network/server administration (I am a linux nerd by night and engineering/physics student by day). I am woefully unaware of where to start, so I just had a few questions to do what I want/need to do before I actually start.

Is it possible to daisy chain wireless routers? That sounds dumb, I know. What I need to do is keep my verizon router for the FIOS DVR compatability. However, I wanted to flash dd-wrt on a router and do this: internet > dd-wrt router > FIOS router >lan/wlan connections. Is that possible? Will they interfere?

My mother requested a software to monitor network traffic. She basically wants the URLs of all sites requested/visited so she can keep some tabs on my brother and sister. In her own words, she trusts them/has taught them to be careful enough to not use a firewall, but she would like the data. I thought this would have to be done at the router level, as that is where all the traffic goes through. Is there an easier way?

If possible, I would like to enable MAC screening on the network. However, I do not want to add each address as I have to do with the Verizon router. I would like to create an account for each person, and have them log in to register each device they are using. This way it is also possible to put different restrictions on the MA addresses used by one user without changing it for everyone. How would I do this? I read up on the dd-wrt, and I think it can do this, but I was sort of confused, to be honest. Ideally, someone would connect to the network and find themselves on a landing page prompting them to log in.


I know these are sort of random questions, but they are sort of related.

Oh, and I am not opposed to building a barebones Linux box to act as a server, if that is what is required to do this.

Thanks,
Nkk

 

[Martimus]

Is it possible to daisy chain wireless routers? That sounds dumb, I know. What I need to do is keep my verizon router for the FIOS DVR compatability. However, I wanted to flash dd-wrt on a router and do this: internet > dd-wrt router > FIOS router >lan/wlan connections. Is that possible? Will they interfere?

It's possible... but messy! And it will most probably be a pain in the you-know-what to configure. What you'd want to do, however, is turn your DD-WRT router into a glorified access point. This helps to reduce the possibility of dual firewalls and dual NAT. Otherwise you end up with two routers working at cross purposes and creating all sorts of fun routing issues.

I'd only recommend doing this, however, with a wired connection between the two. To do this wirelessly, use a DD-WRT device capable of supporting dual simultaneous independent radios, with one radio set to Infrastructure and the other to ad-hoc. Another way to do this might be to use a wireless bridge to connect to the FIOS router and then connect the DD-WRT access point to the Ethernet port on the bridge.

My mother requested a software to monitor network traffic. She basically wants the URLs of all sites requested/visited so she can keep some tabs on my brother and sister. In her own words, she trusts them/has taught them to be careful enough to not use a firewall, but she would like the data. I thought this would have to be done at the router level, as that is where all the traffic goes through. Is there an easier way?

The easiest way is to load a "Net Nanny"-type app on their computers to log and track their activities. This will tell you who, what, where, and when. If you do this at the router level (assuming you have a router that supports this level of loffing detail) the best you'll likely see will be IP address, time stamp, and URL

If possible, I would like to enable MAC screening on the network. However, I do not want to add each address as I have to do with the Verizon router. I would like to create an account for each person, and have them log in to register each device they are using. This way it is also possible to put different restrictions on the MA addresses used by one user without changing it for everyone. How would I do this? I read up on the dd-wrt, and I think it can do this, but I was sort of confused, to be honest. Ideally, someone would connect to the network and find themselves on a landing page prompting them to log in.

What you describe sounds similar to what some of my customers do with Cisco NAC controllers. I'm not sure if this is natively possible with consumer grade networking devices.

What you might want to try, however, is building that barebones Linux box and loading an authenticated proxy server like Squid. Point all of your devices to the Proxy server (and point the Proxy server to the FIOS router) and they'll have to authenticate before they can access the Internet. You could also then use a third party log file analyzer to get those utilization reports that your mom wants.

All in all this won't be a quick and easy project...

 

[Tempusfugit]

It's possible... but messy! And it will most probably be a pain in the you-know-what to configure. What you'd want to do, however, is turn your DD-WRT router into a glorified access point. This helps to reduce the possibility of dual firewalls and dual NAT. Otherwise you end up with two routers working at cross purposes and creating all sorts of fun routing issues.

I'd only recommend doing this, however, with a wired connection between the two. To do this wirelessly, use a DD-WRT device capable of supporting dual simultaneous independent radios, with one radio set to Infrastructure and the other to ad-hoc. Another way to do this might be to use a wireless bridge to connect to the FIOS router and then connect the DD-WRT access point to the Ethernet port on the bridge.

^^ this..

And I did it wirelessly with a linksys WRT54g, which should be pretty cheap.

Also you'll probably end up going wall/fios router/dd-wrt router this route.

Turn Your Old Router into a Range-Boosting Wi-Fi Repeater

<3 lifehacker


edit: ohhh on re reading, I think you want router functionality on both(fios for DVR, dd-wrt I'm guessing for QoS or overclocking) That's another story, and I'm not entirely sure its possible.

 

[nkk]

<snip>
The easiest way is to load a "Net Nanny"-type app on their computers to log and track their activities. This will tell you who, what, where, and when. If you do this at the router level (assuming you have a router that supports this level of loffing detail) the best you'll likely see will be IP address, time stamp, and URL



What you describe sounds similar to what some of my customers do with Cisco NAC controllers. I'm not sure if this is natively possible with consumer grade networking devices.

What you might want to try, however, is building that barebones Linux box and loading an authenticated proxy server like Squid. Point all of your devices to the Proxy server (and point the Proxy server to the FIOS router) and they'll have to authenticate before they can access the Internet. You could also then use a third party log file analyzer to get those utilization reports that your mom wants.

All in all this won't be a quick and easy project...

The thing with net nanny is that it is not scalable. It works with one computer. You can buy multiple liscenses, but I worked hard to get my sister to use Linux (she is 10 and familiar with a terminal and simple commands like passwd and sudo and cd), and I know she would not be happy switching. Plus, I wanted to do the login thing anyway, so that Linux barbones looks good. I will look into it, and will probably have more questions later.

Thanks again,
Nkk

 

[Mayhem]

It's possible... but messy! And it will most probably be a pain in the you-know-what to configure. What you'd want to do, however, is turn your DD-WRT router into a glorified access point. This helps to reduce the possibility of dual firewalls and dual NAT. Otherwise you end up with two routers working at cross purposes and creating all sorts of fun routing issues.

I'd only recommend doing this, however, with a wired connection between the two. To do this wirelessly, use a DD-WRT device capable of supporting dual simultaneous independent radios, with one radio set to Infrastructure and the other to ad-hoc. Another way to do this might be to use a wireless bridge to connect to the FIOS router and then connect the DD-WRT access point to the Ethernet port on the bridge.

I didn't think this was possible without having to drop the encryption level to WEP. I tried this with two Wireless N routers from Netgear. Everything I read (after buying the 2nd one. doh!) was that it wouldn't work without dropping to WEP.

 

[Martimus]

edit: ohhh on re reading, I think you want router functionality on both(fios for DVR, dd-wrt I'm guessing for QoS or overclocking) That's another story, and I'm not entirely sure its possible.

The first challenge you run into with both devices acting like routers is NAT. If NAT is enabled on both routers you find yourself double NAT'ing packets. In other words:

FIOS Router
Outside interface - 1.2.3.4
Inside interface - 192.168.2.1

DD-WRT Router
Outside interface 192.168.2.2
Inside interface 192.168.1.1
DHCP Scope - 192.168.1.x

For a packet to leave your network it now has to go from your computer to the DD-WRT router; from the DD-WRT router to the FIOS router; and from the FIOS router to the Internet.

With NAT enabled, the outside interfaces automatically become the NAT interfaces so all packets going out get re-written with the NAT IP address. Packets re-writes are time consuming because they have to extract the data from the packet and then build a new packet header around it. This causes latency delays... a huge problem especially if you're a gamer or doing something that's time sensitive.

And for inbound packets the same process applies (albeit reversed). If the routers firewall is enabled it gets much more fun...

Now I'm not saying that double NAT is not something anyone would ever want to do. I'm just saying that for most Internet users is creates more problems than it resolves...