Internet Connection Sharing to WiFi Router? Please Help.

[aikjo2]

I have a single internet connection running to my apartment, and it will only connect one computer to the internet... but I want WiFi, becasue the USB to Ethernet adapter for my MacBook Air is flaky at best and becasue, as an American, I want everything (but that part is obvious).

I have the internet running into my desktop. What I am trying to do is connect a WiFi router to the second NIC in my computer and use Internet Connection Sharing (ICS) to rout the internet through my desktop to the wifi router.

Problem is, I can't squeeze the internet out of the 2nd NIC card and into the router... help???


TLR; how do I use ICS to get the internet through a WiFi router?

 

[keenan]

Why would you do this? If you have a router just connect the WAN to it and then connect all your devices to the router. ICS is terrible and is to be avoided at all costs.

 

[aikjo2]

Right, the internet is provided form the university I work at, and live next to; and as a result my "WAN" is really just a LAN from teh University, and i can only connect a single pc to it, not a switch or router.

 

[keenan]

Right, the internet is provided form the university I work at, and live next to; and as a result my "WAN" is really just a LAN from teh University, and i can only connect a single pc to it, not a switch or router.

If you use ICS, your computer is acting as a router. This is a policy, not a technical limitation, and either way, you're circumventing it. If you're okay with running ICS against their policy, you may as well just connect your router directly to their network.

 

[J-Will]

How do they limit you to one single PC? Usually this is done through MAC address, in which case you would just give the IT dept the MAC of the router. Tell them you got a new computer or something.

If this is done automatically through a website, just connect your router to the university's port, and plug in your computer to the router. The software will detect the MAC of the router, not your computer's. This can be double checked before you save any changes by going into the routers config and making sure the routers MAC is the one the website is showing.

The apt complex I used to live in used to do the same thing, we were limited to 2 computers. I used the same method obtain a wireless connection.

 

[keenan]

The only real caveat that I failed to mention is that most consumer routers can't keep up with 100mbit WAN->LAN, let alone the GbE that could be available to you. If that's the case, and you need the performance, your setup might make sense.

 

[aikjo2]

I have 100mbit availible to me, I just want wifi...

they limit it to a single pc, and do not allow sub-routing, I am a hardware guy, not a networking buff.

I know enough to know that one can't plug a router into our ResNet (our internet)

 

[InvisiBill]

I have 100mbit availible to me, I just want wifi...

they limit it to a single pc, and do not allow sub-routing, I am a hardware guy, not a networking buff.

I know enough to know that one can't plug a router into our ResNet (our internet)

keenan is right. ICS is a (very limited) NAT router, just like a Linksys WiFi router.

With ICS, the first NIC is the WAN interface and the second NIC is the LAN interface. With the Linksys box, you have a WAN port and the LAN ports and WiFi are the LAN side.

In both cases, the WAN interface is a single device connecting to the "internet". You then have the NAT router, either ICS software or the firmware in a Linksys, which converts things back and forth between the WAN side and the LAN side. Regardless of which method you use, the WAN interface is the only device on the external network. The other devices are on your own LAN, which is only connected to the WAN interface via the NAT routing software.

If they do actually lock things down, you can do what J-Will said and "register" your computer through the router, so that the router's WAN interface is actually the one getting registered. If you can't change that, or they won't allow certain manufacturer's MACs because they're routers, many routers include a feature where you can clone your existing PC's MAC address to the router's WAN interface, specifically for this reason (ISP's used to lock access down to certain MAC addresses). Your router's WAN interface will look exactly the same on the network as your PC did.

If you truly can't plug a router into the network, then you can't plug in a PC running ICS. ICS is a NAT router.

 

[djBon2112]

How exactly are they keeping you locked down? If it's based on the MAC address, most routers can spoof MACs. If it's something blocking NAT, then you're boned either way because that's what ICS does too.

EDIT: Yea, exactly what InvisiBill said

 

[aikjo2]

Yeah, they use 802.1x authentication, I tried spoofing the mac address of my PC and it is still a no-go.

dang.

BTW: Since when has any technically savvy person (us) given a squirrel's testicle about violating IP "Policies" seriously...

 

[keenan]

BTW: Since when has any technically savvy person (us) given a squirrel's testicle about violating IP "Policies" seriously...

If my education or internet access were at risk, I'd be more inclined to listen, but a silly policy is a silly policy. Still, it's just the responsible thing to do to point out that conceptually the two are equivalent and you might be putting yourself at risk, not suggesting you're going to care

Anyway, 802.1x poses some difficulty, but it's not an unsurmountable problem. I'd suggest looking at an OpenWRT router and using xsupplicant to authenticate.

The easiest way to accomplish what you originally set out to do using ICS would be to disable DHCP on your router and plug the ICS LAN side into a switch port (instead of the WAN port) on the router. Basically just turn it into a wireless bridge instead of a router But ICS sucks and I can pretty much guarantee it will be unreliable and causes issues.

 

[aikjo2]

Figured it out!

This is really not a solution, but a workaround... It's a technological marvel of a certain form of ethnic engineering, or "rigging."

Internet runs from wall to Desktop.
Desktop 2nd NIC runs to LAN of WRT54G (Neutered Version 6, so no DD-WRT)
MacBook Air connects to WRT54G over WiFi

USE VNC to remote control a virtual desktop, thus multiple users can use the Desktop to utilize the internet. direct downloads still remain a problem, but at least I have the internet to browse over WiFi. I can even use my Zune HD to browse this way by hacking together a VNC viewer client for it.

HUZZAH!

 

[InvisiBill]

Figured it out!

This is really not a solution, but a workaround... It's a technological marvel of a certain form of ethnic engineering, or "rigging."

Internet runs from wall to Desktop.
Desktop 2nd NIC runs to LAN of WRT54G (Neutered Version 6, so no DD-WRT)
MacBook Air connects to WRT54G over WiFi

USE VNC to remote control a virtual desktop, thus multiple users can use the Desktop to utilize the internet. direct downloads still remain a problem, but at least I have the internet to browse over WiFi. I can even use my Zune HD to browse this way by hacking together a VNC viewer client for it.

HUZZAH!

You can put DD-WRT Micro on the crippled v5 and v6. http://dd-wrt.com/wiki/index.php/Version_5_And_6_Router_Information I know this works because I set up a v5 for my parents.

If you have ICS enabled, the cable running to a LAN port, and the WRT54G's routing stuff disabled, then PCs connected to the WRT54G should work 100%. You're simply plugging the shared-out internet from ICS into a switch and WiFi access point. It should be exactly the same as plugging a second PC directly into the cable.

Some quick Googling shows that DD-WRT does support 802.1x. Most of what I've found is regarding using DD-WRT with your own RADIUS server. I don't know a whole lot about 802.1x and RADIUS, so I don't know if you have enough info to point DD-WRT at their existing authentication server, or if it's possible to do some sort of passthrough (so that each client would authenticate transparently through the router to their network). Since Micro has to be so small, it is missing some features. It's possible that Standard might support something to get this working, but Micro wouldn't.

 

[djBon2112]

Figured it out!

This is really not a solution, but a workaround... It's a technological marvel of a certain form of ethnic engineering, or "rigging."

Internet runs from wall to Desktop.
Desktop 2nd NIC runs to LAN of WRT54G (Neutered Version 6, so no DD-WRT)
MacBook Air connects to WRT54G over WiFi

USE VNC to remote control a virtual desktop, thus multiple users can use the Desktop to utilize the internet. direct downloads still remain a problem, but at least I have the internet to browse over WiFi. I can even use my Zune HD to browse this way by hacking together a VNC viewer client for it.

HUZZAH!

Interesting solution. Let us know how it works out in the long run.

 

[prochobo]

Figured it out!

This is really not a solution, but a workaround... It's a technological marvel of a certain form of ethnic engineering, or "rigging."

Internet runs from wall to Desktop.
Desktop 2nd NIC runs to LAN of WRT54G (Neutered Version 6, so no DD-WRT)
MacBook Air connects to WRT54G over WiFi

That's correct, but this is exactly what the OP was trying to do in the first place, so it is a solution.

OP, you mentioned ResNet. I'm guessing your university uses Cisco Clean Access? I'm a CCA admin at my university so I may be able to help

Does the router get an IP when you plug it directly into your wall port? If it does, is that IP different than what you normally get?

At my school, we don't block wireless routers. The requirement is that only PCs with the Clean Access agent are allowed network access. So, if they are blocking your wireless router, it's probably MAC filtering where they've compiled a list of MAC OUIs associated with routers. However, that would be kinda hard to do since those OUIs can be on devices that aren't routers, like PCI network cards for example. But in any case, if you can always install DD-WRT and change your MAC to test it out.

FWIW: I did the exact same thing aikjo2 mentioned when I was in the dorms. Works perfectly.