Personal Firewalls / Routers at the Residences

Network Operations Center -- 8/2007

In addition to software firewalls like ZoneAlarm, McAfee's or the one built in to Windows XP SP2, some people use hardware firewalls or routers from vendors like Linksys, NetGear and Belkin, among others. These can give you an additional layer of protection against virus and worm infections. But since they are easy to misconnect, we strongly recommend against hardware firewalls in the Residences. In other words, if you decide to use a router/firewall, you'd better know what you're doing.

WIRELESS ROUTERS ARE NOT PERMITTED in the residences. Here are the reasons:

  • There is a faster, wired connection for every student in the Residences. There's no need for wireless.
  • Your wireless access point may interfere with other wireless connectivity on campus,
  • Students with laptops, your neighbors, may connect to your router, which means:
    1. They'll steal bandwidth from you - your connection will be slower,
    2. You're responsible for their behavior - if they do something that causes us to disconnect them, YOU will be disconnected as well,
    3. Their laptops may also be connected normally, by wired Ethernet, in which case their PC will be confused about where to send and receive data, and they will become disconnected. We do not condone the physical or verbal abuse which might be inflicted upon you by your fellow students if you make this mistake.

Properly Connecting Wired Routers in the Residences

Using a wired firewall/router is only a good idea if you know what you are doing. If you don't, you will cause problems for everyone in the Residences. The most important thing you can do to prevent a disaster is to make sure your router/firewall is connected correctly:

  1. If you're using a wired + wireless router, turn off the wireless radio.

  2. On your router identify the WAN port. It is usually marked differently and separated physically from the other ports on the device. Sometimes it's called an Internet port. Here's what it looks like on the back of a Netgear router, and on a Linksys router. The only way to be sure is to consult the manual for the device.

  3. Now use an ordinary Ethernet cable to connect the WAN port to your room's network port on the wall. Some caveats:

    • DO NOT use a crossover cable that may have come with your router. Use a straight-through, ordinary Ethernet cable that you would use to hook up your PC to the router. Using a crossover cable probably should not work at all - your router's activity lights should not light up when you plug it in. If it DOES work, be suspicious that something's wrong...

    • CRITICAL: NEVER connect any port to the wall EXCEPT your router's WAN port.
      • Think: WALL = WAN = WORLD = the Internet.
      • Most routers are configured by default to give out IP addresses to devices connected to their INTERNAL or LAN or LOCAL ports. If you give out addresses, your fellow students will get disconnected because they'll think YOUR ROUTER is the path to the Internet. Once again, we do not condone and are not responsible for physical or verbal abuse inflicted by your fellow students.

  4. When you register at http://dormlord.dowling.edu you will need to register the MAC address of your router's WAN port, not your PC's MAC address. Connect your PC to one of your router's LAN ports and browse to the router's web page (usually http://192.168.1.1), then hunt for this information. Here is an example of what a Linksys Router's web page looks like, and where the WAN MAC address can be found.

If you are having difficulty with a router or firewall that you have connected in the Residences, schedule an appointment to bring it to the Help Desk in Fortunoff 032 (phone 244-3445). Don't forget to bring your router's manual and its power cube. We will try to help you as time permits.