Apartment networking

[Stumpy]

Hello, I wonder if anyone can help me.

I just moved to an apartment complex with free internet provided to each apartment.

It's a 10/100 feed from a switch, that plugs into Comcast Business Gateway. Speed test shows that it's a 35Mbps down / 15Mbps up service, which isn't too bad for free!

However, when I'm connected to the wall socket - I can see other PC's listed in Net View. This is not good. I want to keep my stuff private. To make this work, I bought an Apple Time Capsule 3Tb router, connected it's WAN interface to the wall feed, and plugged a gigabit switch into a LAN port. The Time Capsule router thing was showing it had a double NAT problem - I put this on ignore as everything seemed to be working properly.

All my PC's, NAS, xbox etc. go into the switch. All my wireless stuff connects to the Time Capsule. Is this sufficient to keep my network private?

 

[thiggins]

Yes, you are good to go. The Time Capsule's NAT firewall will prevent local networking traffic both in and outbound.

 

[sfx2000]

Hello, I wonder if anyone can help me.

I just moved to an apartment complex with free internet provided to each apartment.

Nice, it's not free, it is included in your rent, but nice in any event for most purposes

It's a 10/100 feed from a switch, that plugs into Comcast Business Gateway. Speed test shows that it's a 35Mbps down / 15Mbps up service, which isn't too bad for free!

indeed!

However, when I'm connected to the wall socket - I can see other PC's listed in Net View. This is not good. I want to keep my stuff private. To make this work, I bought an Apple Time Capsule 3Tb router, connected it's WAN interface to the wall feed, and plugged a gigabit switch into a LAN port. The Time Capsule router thing was showing it had a double NAT problem - I put this on ignore as everything seemed to be working properly.

Comcast has the addresses in the NAT space - welcome to gamer hell (and voip and other items that depend on hole-punching thru firewalls for incoming connections...

If the assigned address to your PC/Router is one of the following:

100.64.0.0/10 - this is the carrier-grade NAT block

or...

10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

For details - Look for IETF RFC 1918 and RFC 6598 - very technical, but consider above...

All my PC's, NAS, xbox etc. go into the switch. All my wireless stuff connects to the Time Capsule. Is this sufficient to keep my network private?

Yes, as long as they're all behind the TC - you might see others, but they won't see you. Device (PC's, Mac's, etc) that are directly attached, you might see their network shares, and that would make for interesting spelunking, but as long as you're behind a router/AP (which the TC is), you're ok...

The challenge here is gaming - PS3 is unforgiving at Double-NAT's, and some VOIP apps as well - really depends on what you want to do - you can port forward some things, perhaps even put a box into the "DMZ", but you're behind an upstream NAT, and that makes things, erm, interesting...

sfx