IP Networking

Hey there,

I am a network administrator of a student dorm. Me and my team (we do this in our spare time) have the task to upgrade and rebuild our dorm intern network. But unfortunately we don't have that much experience with server setup and ip-routing and stuff. So here is the topic I want to ask you about:

Currently our users can connect one device, which is addressed with a static ip-address (so we have quite few external ip addresses). Our boss wants us, to set up a few access points, so that the users can use wifi, provided by us. So far, so good. But we don't have as many ip addresses as we would need to cover at least 2 devices per user. So we thought about this and came up with a idea, to use our server as a router for 400+ ips. So that each student has its own private network with local ip-addresses, routed to one external ip address, special for each user.
So for example it would look like this:
User 1: (192.168.0.100;192.168.0.10)=>153.126.30.101=>Gateway=>Internet
User 2: (192.168.0.101;192.168.0.50)=>153.126.30.102=>Gateway=>Internet
...
User 479: (192.168.0.103;192.168.0.105;192.168.0.161)=>153.126.31.249=>Gateway=>Internet
User 480: (192.168.0.107;192.168.0.150)=>153.126.31.250=>Gateway=>Internet

Is this possible and if yes, do you have some advice what we should have a look into? Or can you even explain, what would be the best way to achieve this?

Best regards,
mrgruen

Not sure I understand. The 192.168.0.0 private network offers 2^16 - 2 individual addresses (cf RFC 1918). Should that not suffice, why don't you use the 10.0.0.0 private network?

Greetings,
You could use 2 private network one being a subnet of the other like that you have WIFI and lan virtualy separated... And use a proxy server for all request to the wild world... That said I agree with RudiC, using a private lan I see not why you should run short of IP ... its just a question of choosing the correct...

Thank you for the quick responses.
Yeah, that's right. We could use private IPs, but because of legally issues every user has to be addressed with a public ip, that only belongs to him. We can't just open a private subnet for all users. So if one of the users does something illegal with his account, he is in charge and not we, part of the ISP. (because the only thing visible to the outside would be the public IP of our Server)
Or is my thinking totally off the track?

You are creating one large management nightmare. Just use DHCP and log all request. Then when something goes wrong or you need to know who did what look at the mac address associated to the IP address. Only thing you need to keep track of are MAC addresses. Ensure that only known MAC addresses receive an IP.

Another question is how are you going to ensure that only the user has access to his/her network?

But would it be possible though?

Ok, that sounds good. But there is one thing, I can't stop thinking about. In the past there were one or two request over four years (so, not that often, but it occurs) from the police who asked about the owner of a specific IP-adress to specific time. There was no more information about it (so no clue what event would be, nor the MAC-address of the subject). But with this system of yours we wouldn't be able to answer those requests in a proper way. That's why I thought every user should have an unique identifier, besides the MAC adress.

Yeah, we have some knowledge on that part, since our current network is based on MAC/IP-binding

Well, I thought we could use something like IEEE802.x/Radius to authentificate the user going over WiFi and when they want to go online via the provided cable connection, then we could route the port of the connected switch to the ip... something like that...

I'd be VERY surprised if you could deploy close to 500 public IP addresses for a student dorm.