Hoping some resident network folk can help me out here.

I've just moved into an office that provides Internet access -- I have a cat-6 port in the wall of my office, which I've hooked up to a switch, which my PC's then plug into. After doing that, all my PC's have internet access, yay.

The issue is, I'm pretty sure that this cat-6 port in the wall just plugs into a central router that's shared by the building, which in turn actually connects to the cable internet service. This means I'm basically on the same network as other offices in the same building.

If I look at the windows network view, I can see other PC's on this network with file sharing... so if I'm sloppy enough to enable non-password-protected sharing on my PC, anyone else in the building will be able to access it.

Yeah, I can use authentication, but that's besides the point here (I may want to have other devices on the network like printers or dev-kits, which don't use authentication and should be public to my office, but private to the building).

What's the best way to isolate the PC's in my office from the rest of the PC's in the building so we have our own private LAN, but still allow them to access the shared building internet?

Can I just set up my own router in between my network and the building network?

Your own router would work, yes. You'll also need to define your own IP subnet and look after DNS and DHCP (if you use it) yourself, as these may be centrally managed by the building's ISP.

Yes, the best method is what has been said and what you suggested at the end: Plug your own router to the office network; and your computers to that router.

We have a cheap one at home that has an incoming eth port, and 4 outgoing ports. The router gets its own IP from the real router; and our router manages DHCP for our own private LAN, while still providing internet access (we could say it's working like a NAT behind a NAT; which is probably what's actually happening)

Of course, be sure your router is not in bridge mode or else it will pass through (should be obvious if you get the same IP address family than without the router; and/or you can still see other PCs in the office).

Also make sure the router's password is strong or disable access from WAN; since it's the only thing visible to the other offices.

Normally very cheap WiFi routers come with these features as they're designed to be plugged to a non-wifi router connected to the internet (our case).

Configuring port forwarding is hell though, since you have to configure both devices (you're better off plugging the server system directly to your office router). However for general client applications, it works wonders.

Thanks guys. I think I've got a spare router stored away somewhere, so I'll give it a go.

@haegarr -- my PC is currently getting it's IP/DNS/Gateway etc all automatically via DHCP. I assume I'll be able to tell my router to do the same (interface with the "WAN" automatically) but then have it act as my own personal/internal DHCP server.

@matiasgoldberg -- I won't have to deal with port-forwarding from this router to my servers, because I'm already unable to forward ports from the building's router to my router/servers -- i.e. I think that I simply can't host any internet-facing equipment from this location (without bribing the central network admin to forward ports to my router)

I have an internet facing server in another location, so I'll look into linking the office to that server via a VPN once I get some network privacy here, so I can access the office remotely.

@samoth -- yeah the switch isn't a dirt-cheap one, but it's not fancy enough to have a managed interface either.