View Full Version : Overcoming airport's lack of ethernet ports
Jul 22, 2009, 04:42 PM
I would post this in the peripherals section, but this is more of a networking question anyways.
So the airport extreme/tc only has 3 lan ports, that blows. I have 3 devices that need ethernet+ a network printer.
I currently live in apartment with a crap isp forced down my throat. ethernet in the walls, internal network, no public IP.
I am going to try and get a public IP soon, however there is certain traffic i want to keep within the apartment network and not public.
what i've devised to do is do (wall -> wrt610n -> airport -> clients). problem is that i need another ethernet port for the printer, luckily my wrt610n has 4 of them. i was going to run from the wall into the wrt's wan, then out from one of the ports on the wrt into the airport's wan. this way i can run a proxy server on the wrt and direct traffic into the apartment network and have all other traffic forwarded to the airport.
my question is how can i plug the printer into the wrt and still have it on my lan, behind the airport.
here is a basic drawing of how my network is setup
i'm guessing I can assign the printer a static IP and keep it on my lan's subnet and it should work, but i've never done this before so I'm trying to make sure i can get this to work before i drop money.
Jul 22, 2009, 04:45 PM
Just use the Time Capsule and an ethernet switch/hub to expand the ports.
edit: unless I missed something and you can't get all the wires physically to one place. The drawing is a bit confusing as it seems to show a wireless connection between the Linksys and the Time Capsule PLUS a wired connection through the Mac Mini. None of that is needed if you simply need more ethernet ports off the Time Capsule.
Jul 22, 2009, 04:56 PM
You need something like this (http://www.linksysbycisco.com/US/en/products/EG005W) connected to your TC.
You cannot connect a network printer to your wrt610n and have it inside the TC network.
Jul 22, 2009, 06:31 PM
i guess i didn't convey my idea properly. I need to setup 2 different interfaces to access the network through.
so to the apartment's network, it looks like 2 devices are connected to the one port. I need to keep one inside of the apartment complex's network, and one of them will have a public IP.
I have traffic that needs to go through the apartment network, and everything else can go through the public connection.
i understand that i can just buy an extra hub and that would accomplish the same thing, but it involves spending money that i'd rather hang onto if there is a way i can route it through the other router and take advantage of it's ports.
Jul 22, 2009, 06:44 PM
I'm not sure if I understand you. Are you trying to setup dual networks, one private and one public but both connecting to the internet?
Jul 22, 2009, 08:48 PM
yeah, i want to forward specific traffic through a secondary gateway. I'm still trying to figure out how to do this setup.
essentially, I could just setup a second computer (or router) from another ethernet jack in my apartment (i think there's one in the living room), and setup a proxy server from it to forward everything through, but i'm just enchanted by the idea of the time capsule even though all of my backups are already taken care of by an afp-drobo. i'm still trying to figure out if it's even worth it.
Jul 23, 2009, 02:18 PM
All routers have NAT (http://en.wikipedia.org/wiki/Network_address_translation) built in. You don't need a proxy server. I can't figure you out. Sometimes you appear to me as if you know exactly what you are doing, but others you seem to not have a clue.
Are you sure you can get a public IP within your apartment's network? I know for a fact that this cannot be done unless the ISP is connected directly to your specific apartment. If it is (it should), you already have a public IP, but it is a dynamic IP. You will need a static IP or a service such as DynDNS (http://www.dyndns.com/).
There is one way I can think of that will require no new equipment and allow you to use the ports on your Linksys router. It will place all your devices on the same network, but only have your web server accessible from the outside.
First you need to turn the DHCP server off (sometimes called access point mode) on the TC and connect it directly to the Linksys router. Do NOT use the "Internet" port to connect the TC. Use one of your three local network ports. Doing this will combine the two networks into one and your TC will become an access point and your Linksys will become the main router.
Now you need to forward all incoming traffic to your server. On your server, turn on a static IP in the network config. Make sure it is within the range of IPs for the Linksys's DHCP server otherwise there could be problems. You will now be able to setup the Linksys to forward all incoming traffic to your server, or better yet, only forward the ports needed (25, 80, 443, etc) for added security.
Jul 23, 2009, 11:01 PM
I know, this crap is confusing me because I'm just trying to figure out the most effective setup for all of this. I know i can run the airport in bridge mode and forward dhcp from the linksys, but that doesn't really accomplish what I want.
I'm just going to setup another router somewhere in my apartment to run a proxy on to forward traffic to, and get a time capsule to use as my main router. the wrt610n is a piece of trash for what i need anyways.
i know i can get a public static ip at my apartment, so i don't have to use dyndns. i used that for years when i had a dynamic public ip living at home.
I think i've got everything figured out now. i've been racking my brain trying to figure out how to set everything up.
i'm just going to live with the lack of a network port. my home macbook doesn't need to be plugged into the network. wireless N is fine. I'm probably going to get a wrt54gl and just setup the wireless on it to a proxy server. whatever, i'll figure it all out. i'm sick of thinking about this, lol. I'm a network architecture/digital forensics major, so i have a bit of a grasp on this stuff. it's just the having to deal with my crap isp part that's complicating everything.
a final drawing just because i like conceptdraw. i hope it will make a little more sense of what i'm trying to accomplish. i'm trying not to say anything that could get me banned, but this might make it a bit more obvious.
Jul 24, 2009, 11:22 AM
Okay, judging by that last illustration, I understand what you are trying to accomplish, but I also realize that you don't know how internet connections work.
A few things you need to know:
- If you have a static IP to your apartment, this doesn't change the fact that ALL your traffic will come and go from this IP, regardless if it is private or for your web server. You can get more IPs, but this is completely pointless unless you need a unique IP for each domain you host (for SSL certificates). If you don't have multiple domains with SSL certificates, one IP will suit you.
- There is no "apartment network". If you are paying the ISP directly (even if you cannot choose the provider) you are connected directly to the ISP. You would not have a public static IP if you were truly connected to an "apartment network". Physically there is a switch (http://en.wikipedia.org/wiki/Network_switch) inside your apartment complex, but from your network's perspective, it is the "internet" and should be ignored.
- Computers don't connect directly to the "internet". Computers can only connect to your network, which is network connected. Devices connected over a cellular network shouldn't even be in your model.
- ISPs limit access to the internet to one MAC address (http://en.wikipedia.org/wiki/MAC_address). You can only have one device facing the outside network. There is no way around this. For this reason, you need to have a router which is your network's main hub. This router will handle incoming requests for your web server and requests from your computers to access the internet.
- Do NOT use a proxy server. This simply over-complicates things. You would only need a proxy server if you wanted to filter the accessible web sites from internal computers. Routers can filter incoming web traffic without trouble.
- Devices connected via WiFi connect directly to the router providing WiFi
- Never rely on WiFi for incoming web traffic. Always use wired. WiFi is not reliable enough.
How to setup your network:
- Main router (Linksys)
Connects to internet with "internet" or "WAN" port. Forward requests for specific internet ports to the web server's internal network IP (not the public IP).
- Secondary router (TC)
In "access point (http://en.wikipedia.org/wiki/Wireless_access_point)" mode (DHCP server off). "Internet" port must be left empty. Wire it directly to the main router by using the local network ports on each.
- Web Server (Mac Mini)
Wire this directly to either router. It will not matter which router you connect it to directly because it will actually be connecting to the main router (your network's hub) automatically. It is recommended that you connect it directly to the main router to subtract the number of steps required and decrease the work load on the secondary router. Make sure to have a static internal IP setup under network configuration. Turn off wireless, you don't need it.
- Other Wired Devices (iMac, Printer)
Wire these directly to either router. Which router you wire them to is arbitrary as you will be able to access the internet, the other computers connected to both routers, and the TC either way.
- Other Wireless Devices (MacBook, iPhone)
Connect these wirelessly to either router (assuming the Linksys has wireless). Again, the router connected to is arbitrary.
That setup WILL accomplish what you desire in having incoming traffic transferred to your web server while preventing incoming traffic from getting to your other computers and allowing all computers to access the internet. The added benefit is you can access your web server internally and you do not need to purchase any more equipment. Having two networks is NOT needed.