adding a firewall-unit before my 16 port switch?

[GreyT-Drumming]

Hi, I post here because I hope to find some advise from other users.
I have several units, Mac's, NAS, Airplay2 units... and I live in a building with 16 apartments. Each having a cabled outlet connected to router/switch in the basement. That part works fine. But someone from the house have commented upon the naming of my disks!!! (implying he could access them) That I find very disturbing, so I want to put up some sort of effective (hardware) filter or Firewall. Something where the other users on the router/switch must be blocked if they don't have a password to 'get in'!
Is that possible?
would ne nice to have

GreyT

 

[KALLT]

You should get your own router then. You can set up your own private network with it and have the router be the gateway to the residential network, along with firewalls.

 

[GreyT-Drumming]

Not really, because if I add my own router, then there will be ‘war’ between this and the residential router, about which of them are setting the adresses.
this is a wellknown problem here. Everytime a new resident move in they tend to bring their own router, an then the whole setup crashes... until they drop the routerpart an just use the switchpart of their box.
I am considering getting a Ubiquiti UniFi USG Security Gateway box which may fix my problem but have no experince with that, and its about $110 too

 

[GreyT-Drumming]

So I got the Ubiquiti Unifi USG, and after some strange problems that seems to have noting to do with the USG it is now up and running. If you, as I was, is worried about ALL the possible setup options, there is relief: dont worry... in my last run I just plugged it in connected the two ethernetcables and after say 15 minute it was performing 100%.
When / if you run the software that goes with it (controlls every unit in their range) You get umpteen possibilities. Indulge in those, or just enjoy watching the statistics as they unfold.
I am very satisfied now, because I rest assured that no-one / nothing can get inside my systems.
If you want to ask me simpler questions just go ahead.

 

[KALLT]

That thing is a router. It is certainly possible to misconfigure routers and wreak havoc on shared networks.

I am not sure what exactly this Ubiquiti device does differently, but it seems to have worked out all the same without a complicated setup. ?

 

[jzuena]

Your building needs someone who actually knows about networking. The correct way to stop your neighbors from seeing your device names is to stop the broadcast traffic which is designed to make it easy to find and connect devices by sending out their name from reaching your neighbor. And the way to do that is with a router, preferably one with a built-in firewall.

On the wired side there is no reason a router in one of the apartments should be trying to give addresses outside of the apartment and no reason devices in the apartment should be making address requests that reach the router in the basement. Your router should show up as the only device needing an address from the basement router in your apartment. Through Network Address Translation it will then pick a whole new range of addresses to give to devices in your apartment. Since the basement router is likely using that same method to share a single address to the whole building and many hardware vendors pick the same exact address range for their address pools behind NAT, you need to make sure you don't pick the same address range for your apartment's addressing. That's not an addressing war, it's just a fact of life when using double NAT. On the wireless side, as long as your router has a unique network name and password, then only devices which select your network name and know the password will be joining your network.

 

[TiggrToo]

Your building needs someone who actually knows about networking. The correct way to stop your neighbors from seeing your device names is to stop the broadcast traffic which is designed to make it easy to find and connect devices by sending out their name from reaching your neighbor. And the way to do that is with a router, preferably one with a built-in firewall.

On the wired side there is no reason a router in one of the apartments should be trying to give addresses outside of the apartment and no reason devices in the apartment should be making address requests that reach the router in the basement. Your router should show up as the only device needing an address from the basement router in your apartment. Through Network Address Translation it will then pick a whole new range of addresses to give to devices in your apartment. Since the basement router is likely using that same method to share a single address to the whole building and many hardware vendors pick the same exact address range for their address pools behind NAT, you need to make sure you don't pick the same address range for your apartment's addressing. That's not an addressing war, it's just a fact of life when using double NAT. On the wireless side, as long as your router has a unique network name and password, then only devices which select your network name and know the password will be joining your network.

Sounds like there's a shared router that all tenents are connected to.

If so, then that's a major "yikes" of intergalactic proportions!

 

[jzuena]

Sounds like there's a shared router that all tenents are connected to.

If so, then that's a major "yikes" of intergalactic proportions!

That's exactly what they have. It is very possible to have another router behind that first router, as long as everything is configured correctly. We used to have FiOS and it comes with a required router. The FiOS tech said the same thing as the OP, just trust our router and put yours in bridge mode. As soon as he left I reconfigured to make my AirPort a router again and shut off WiFi on their router... and that's in a single family house. I didn't trust Verizon to have access to anything beyond their router, so there's no way I would trust 15 other apartments.