I am setting up a small business in Costa Rica.  The details are
unimportant, but in broad strokes I will be hiring people to play
online games and selling the usernames/points online.  These employees
will be in one room with up to 30 computers.  I would prefer that the
game site not know that my employees are in a single location -- I
want privacy. I believe the game site will know if 30 people are
playing from the same or sequential IP addresses.

From my (limited) understanding a proxy server will not work because
we will be downloading game software which will allow the site to see
the initial IP address prior to routing through the proxy.  If this is
not true or there is a solid way around this, then explain and you
will have answered my question.

I know that in Costa Rica I can get a set of 8 sequential IP addresses
and can apply for another 8.  So I doubt I can make this work.

Costa Rica has a DSL provider called Grupo ICE, which I have been
unable to reach.  If DSL can provide reliable high speed internet and
solve my IP address/location privacy issue, then explain and you will
have satisfied my question.

Satellite won't work for us.

The solution could be something very different from my idea of non
sequential IP addresses.  I am a novice in this area (so please craft
your response accordingly).  If you can give me a relatively practical
solution to my dilemma I will be pleased.

Thanks!

---

Request for Question Clarification by sublime1-ga on 09 Jan 2006 23:11 PST

sharpshooter...

You said:

"From my (limited) understanding a proxy server will not work because
 we will be downloading game software which will allow the site to see
 the initial IP address prior to routing through the proxy.  If this is
 not true or there is a solid way around this, then explain and you
 will have answered my question."

I don't see why you can't download the software from a computer
at some completely different location, and then install it onto
your site computers from a CD. Then connect those PCs via proxy
and no one's the wiser. As far as I know, the download and the
installation of the software doesn't need to have anything to
do with the subsequent connecting and playing of the game.

Let me know where this takes you...

sublime1-ga

---

Clarification of Question by sharpshooter2006-ga on 10 Jan 2006 00:25 PST

The games are interactive and take place real time.  While we are
playing the  game site will be interacting with our computers, and I
think they will be able to "read" the IP address and various other
information on our computers.  Does that clarify?

---

Request for Question Clarification by pafalafa-ga on 10 Jan 2006 05:51 PST

sharpshooter2006-ga,

The way around this would seem fairly simple (to a simple fella like
me) -- just get multiple phone lines at your business.

If each DSL phone line was supporting a small network of 5 PCs, then
you'd need 6 DSL lines for the 30 stations.


Although the 5 units on a single DSL network would have very similar
IP addresses, each separate phone line would have a very different
cluster of addresses.

Does that work for you?


pafalafa-ga

---

Request for Question Clarification by sublime1-ga on 10 Jan 2006 11:16 PST

sharpshooter...

Yes - once you've installed the software for the games,
the computers will be engaged in live interaction while
playing the games, and normally, this would mean that
the gamesite could read your IP addresses and make some
deductions. However, as commentors have noted, using a
proxy server (a different one for each machine, if you
like) hides your IP address from the game site, and 
only allows them to see the address of the proxy server.

A search on Google for "proxy server" will give you lots
of results. This page from PublicProxyServers.com will
tell you more about the process of using a proxy, and 
gives you a list of some public proxies you can use.

If you need more information about this topic, let me know.

sublime1-ga

---

Clarification of Question by sharpshooter2006-ga on 10 Jan 2006 11:39 PST

The 6 groups of 5 similar IP addresses using DSL is not a fully
satisfactory solution because each grouping will have identifiably
related addresses.

---

Clarification of Question by sharpshooter2006-ga on 10 Jan 2006 11:54 PST

Based on initial coversations with proxy server provider the fact that
the game software is physically downloaded on our computer (with
rights to access our computer) allows them to see my "initial or
original" IP Address similar to the way in which I can see my own
"inital or original" IP Address.

---

Request for Question Clarification by sublime1-ga on 10 Jan 2006 12:48 PST

sharpshooter...

In response to your last clarification, perhaps the answer
is to set up a hardware firewall, using a physical router.
This will mask your IP address even from yourself. If you
run ipconfig, you will only be able to see the address
assigned to the computer by the router, using DHCP. 

In order to see your actual IP address, you'd need to log
in to the router's configuration page in your browser, and
this can be passworded so that it can't be accessed by 
anyone without the password.

sublime1-ga

---

Clarification of Question by sharpshooter2006-ga on 11 Jan 2006 11:10 PST

Sublime...

That's an exciting opportunity.  Please read the comment that Mitade
made below.  I don't fully understand his suggestion, but it sounds
like something similar to your suggestion.  Could you please (a)
explain his answer to me and how it compares to yours (if you
understand it) and (b) further expand upon how I achieve the hardware
firewall/router solution you suggest (please specify if it matters if
the game is using TCP/IP or HTTP/S).  If this isn't too expensive then
this could be an elegant solution to my problem.  A solid answer to
this clarification would satisfy the quesiton.  Many thanks!

---

Request for Question Clarification by sublime1-ga on 11 Jan 2006 14:14 PST

sharpshooter...

To be honest, I don't fully understand mitade-ga's comment,
but I can elaborate on it to some degree. He's talking about
using a software firewall named Winroute in conjunction with
open proxy servers.

Winroute is available here, for a 30 user price of $349, and
a subscription fee of $99:
http://www.kerio.com/kwf_home.html

Open proxy servers, and the risks involved in using them,
can be better understood by reading this Wikipedia article:
http://en.wikipedia.org/wiki/Proxy_server#Open_proxies.2C_abuse.2C_and_detection

Another excellent article on open proxies, which includes
links to sites that list active servers at the bottom is
this one from the LURHQ Threat Intelligence Group:
http://www.lurhq.com/proxies.html

The network packet sniffer he mentioned, called Ethereal:
http://www.ethereal.com/


When he says:

"Sharpshooter2006, you are right: true IPs can only be
 detected if the Online Gambling software uses Java (and
 I am sure that you are refering to this kind of software)."

...I'm not sure what he means, nor am I certain that the
use of a software firewall and open proxy servers would
be any more effective than a hardware firewall (router).
The makers of Winroute might be able to help you decide.

When he says:

"Winroute acts as layer over the NIC (Network Interface Card)
 of each computer: before any packet is physically sent on the
 wire, it passes through Winroute (even if your software doesn't
 support proxy). You can configure Winroute to connect to a parent
 proxy"

...this sounds to me about the same as what a router would do.
It sits between your internet connection and can assign a unique
IP address to each computer from a pool of addresses created and
managed by the router, much as he describes in the use of a Linux
server as a hardware firewall:

"in the local network, the computer 1 have IP 192.168.0.1, computer
 2 IP 192.168.0.2, etc..."

A router does the same thing with both TCP/IP and HTTP/S, as
far as I know. Let's say you use a cable modem (DSL would be 
similar). You modem connects to your real IP address, the 
Wide Area Network (WAN) IP address from your ISP. The address
of your cable modem is 192.168.0.1, and the router's address
is, say, 192.168.123.254 (you can  change it). It communicates
with the modem and gets a working address of, say, 192.168.0.3.
It then uses DHCP to assign addresses to all the computers in
the Local Area Network (LAN) from the range of 192.168.123.1 to
192.168.123.253. So each PC gets a unique local address, such 
as 192.168.123.165. This address is what shows up when you run
ipconfig /all, even from your own PC.

If you use DSL, rather than a cable modem, you will need a
router capable of working with the DSL modem. This one by
Draytek, reviewed on PracticallyNetworked.com, seems like
your best, if not only choice:
http://practicallynetworked.com/review.asp?pid=427

As for whether Java-based game software (is it?) can 
somehow bypass this type of security, I honestly don't 
know.

If I manage to assist you in finding a direction here,
without actually nailing a solid answer, perhaps you'd
consider lowering the question price to a value that
would make the information I've provided worth 5 stars.
I've avoided posting a formal answer up to this point,
since, once I've done so, you can't change the price.

sublime1-ga

---

Clarification of Question by sharpshooter2006-ga on 11 Jan 2006 15:05 PST

Sublime,

I think you may have a solid answer if (a) you can tell us generally
how to use "a hardware firewall [with] a physical router" and (b) you
are are confident this will work for us.

Are you sure that if we do this it will "mask [our] IP address even
from ouselves (i.e., If we run ipconfig, [we] will only be able to see
the address
assigned to the computer by the router, using DHCP."?  If so, what IP
Address will we see if we don't see our real IP Address?

If you are sure this works and can give us direction regarding how to
accomplish this (e.g., what to buy, how the router gets the IP address
it assigns (i.e., is a proxy server involved here), then this will be
worth five points and $200.  I need clarification on where the
assigned IP addresses come from because if the assigned IP Addresses
are related and/or sequential, then I don't think this will solve my
problem.  If you're sure this will solve our privacy concerns,  but
can't give us much direction how to do it, then we can lower the price
to say $125 and give you 5 points. Thanks!!

---

Request for Question Clarification by sublime1-ga on 11 Jan 2006 20:43 PST

sharpshooter...

Let me take your points one by one:

"I think you may have a solid answer if 
 (a) you can tell us generally how to use 'a hardware
 firewall [with] a physical router'"

I would suggest using a wireless router, which connects
between your DSL or cable modem and a primary PC. By
installing wireless NICs (Network Interface Cards) in
your other computers, you can create your own WiFi
network. A good page which illustrates this is on
TigerDirect.com:
http://www.tigerdirect.com/static/html/homewifi2.html


"(b) you are are confident this will work for us."

As I said, I'm used to working with a hardware firewall
in connection with browser use, and playing a game over
a browser connection. mitade-ga's comment about a java
based game software installed on your machine, and 
potentially having access to your system in a way that
the browser does not, is new to me, and I'm not certain
of the implications.


"Are you sure that if we do this it will 'mask [our] IP
 address even from ouselves (i.e., If we run ipconfig, 
 [we] will only be able to see the address assigned to 
 the computer by the router, using DHCP.'?  If so, what
 IP Address will we see if we don't see our real IP 
 Address?"

Yes. As I said, your router will draw from a pool of
addresses, say between 192.168.123.1 and 192.168.123.253.
So each PC gets a unique local address, such as 
192.168.123.165. This address is what shows up when you
run ipconfig /all, even from your own PC.

This discussion of NAT routing by Steve Gibson, a noted
security expert, should give you an idea of how it works:


But this is what Steve Gibson, a security expert has
to say about it:

"Any cable modem or DSL user with a single IP address
 can use NAT technology to "multiplex" their single IP
 across as many machines as they like! So, rather than
 paying your connection provider for additional IP's,
 you can be running all the machines you want for no
 additional money!"

"Secondly, NAT very effectively HIDES all of your machines
 from the prying eyes of the Internet! Anyone scanning
 across your IP address will ONLY be able to 'see' the
 NAT router! (Which is generally much more secure than
 the average PC.) So, they won't actually be touching
 any of your machines located BEHIND the router! Moreover,
 none of the software running inside your PC can 'give out'
 your network's public IP address because it is completely
 unknown to your machines! Only the NAT router knows the
 public IP of your network, your machines only know their
 private "behind the router" IP's. So Internet client
 programs, like your web browser which send out the
 machine's IP address with every request, will be completely
 fooled and foiled when they're running behind a NAT router."
http://grc.com/faq-shieldsup.htm#NAT

Here's a tutorial on how to set up, e.g., a Cisco 800 series
xDSL router for NAT, from the TechRecipes website:
http://www.tech-recipes.com/cisco_router_tips713.html

And here's a quick-start guide from Cisco:
http://www.cisco.com/en/US/products/hw/routers/ps380/prod_quick_installation_guide09186a00800c82b8.html


"If you are sure this works and can give us direction
 regarding how to accomplish this (e.g., what to buy,
 how the router gets the IP address it assigns (i.e.,
 is a proxy server involved here)"

A good idea of what you'll need is in the page above
from TigerDirect, and will depend on whether you use
cable or DSL. You'll need either a cable modem or a
DSL modem to connect to the ISP. Then, if you go with
a wireless router, you'll need wireless NICs for each
computer. The router gets its addresses from a pool
surrounding its own home address. If the home address
is 192.168.123.254, it will draw from the pool of
addresses between 192.168.123.1 and 192.168.123.253
and, using DHCP, will assign a unique address, such 
as 192.168.123.65, to each computer in the network.
If you're using wireless NICs in each computer, it
will assign these based on the unique MAC addresses
for each wireless adapter you installed.


"I need clarification on where the assigned IP addresses
 come from because if the assigned IP Addresses are related
 and/or sequential, then I don't think this will solve my
 problem. If you're sure this will solve our privacy concerns,
 but can't give us much direction how to do it, then we can
 lower the price to say $125 and give you 5 points."

The 30 addresses will come from a pool of around 250 addresses,
which are all associated with the home address of the router.
It's very unlikely that they will be sequential.

This is typical for home networks, so if the software find
these sorts of addresses, rather than your actual IP address,
it will only know that there's a hardware firewall on the
other end.

And, again, I'm not absolutely postive that this will keep
installed software from sniffing your system and sending
back information other than what is shown via ipconfig.

You might obtain a more concrete answer from a forum on 
networking, such as this one at the Whirlpool Broadband
forum:
http://forums.whirlpool.net.au/forum-threads.cfm?f=9

This previous Question and Answer on GA might also help.
It discusses hooking up 30 computers with hard connections
instead of wirelessly:
http://answers.google.com/answers/threadview?id=91570

sublime1-ga

---

Clarification of Question by sharpshooter2006-ga on 12 Jan 2006 00:41 PST

Sublime...

Unfortunateoy, we get little benfit from the game site knowing we are
all playing from "a pool of IP addresses, between 192.168.123.1 and
192.168.123.253."  I think they would know we are all at the same or
similar place (and we are related or working together in some manner).
 This is what I'm trying to avoid.

---

Request for Question Clarification by bookface-ga on 19 Jan 2006 08:37 PST

I think your concern that this program will access your internal IP
information provided to the computer is unfounded.

The most accurate method (and therefore, most commonly used) of
getting an IP address is simply obtaining it from the actual
connection to the server.

For instance, see http://www.whatismyip.com for a readout of your IP address.

Your IP address needs to be part of the communication with a server
computer -- they have to know where to send their response to. For
instance, 100.123.199.33 accesses google.com with a web browser, and
Google has to send the contents of the Google! home page as data to
100.123.199.33. It is these IP addresses that will be assigned by your
ISP.

A router acts as one computer connected to a single IP address on the
Internet end, and acts as an ISP provider on the local end. The
purpose of a router is to provide access to multiple computers from
fewer internet connections, and their quantity is essentially hidden
to outside computers.

Using a proxy without anything else is a good solution if and only if
the software program you wish to use accepts a proxy server, and the
program also does not use your internal IP information. To be even
safer, you may wish to use both a router and an anonymizing proxy.
This will block the program from having access to an identifying
external IP, and also will block the server from being able to
identify your computers' external IP addresses via their connections.

You said: "Unfortunateoy, we get little benfit from the game site knowing we are
all playing from "a pool of IP addresses, between 192.168.123.1 and
192.168.123.253."  I think they would know we are all at the same or
similar place (and we are related or working together in some manner)."

IP addresses in the range 192.168.0.0 - 192.168.254.254 are reserved
for internal networks, and therefore provide no real identifying
information -- they are only used in local networks, and behind
routers. For instance, 192.168.0.5 is my internal IP on this computer,
but my neighbor may also have an internal network that uses
192.168.0.5, and this doesn't conflict because the number is only
applicable locally in each of our networks. An somewhat analogous
situation would be to say that the IP address 192.168.0.5 identifies
me as "5 Plum Street" -- but without giving the city, state, or
country I'm in, which means it could be any one of a million locations
that are 5 Plum Street.

At this point, I would suggest using a router and the Tor Anonymizing
Network, which is similar to a proxy but provides some extra security
and anonyimization, and also spreads your requests to the server out
so they appear to be arriving from a wide variety of locations. The
router is probably an unnecessary precaution, but it shouldn't hurt.

http://tor.eff.org/doc/tor-doc-win32.html  - Tor setup guide for Windows
http://tor.eff.org/overview.html           - Tor information

However, for this to work it is crucial that the program you are using
should be able to accept a proxy server to connection. If it does not
(or even if it does, to be SURE that all traffic is being anonymized),
you can use FreeCap, software that provides transparent access of a
SOCKS [proxy] server to programs.

http://www.freecap.ru/eng/?p=whatis        - FreeCap information

I have been interested in anonymization for some time now for personal
reasons and I believe Tor is currently by far the safest method of
anonymous internet access.

Although I am fairly confident that this solution should provide
anonymization regardless of the software you are using, depending on
the program there may be specifics or extra precautions you could take
that I'm not thinking of... and I am interested to know if you have
any comments or questions on my method, which I understand can be a
bit confusing, which is why I have posted this as a clarification
request rather than an answer.

If you are willing to divulge the name of the program you wish to use,
I can test myself to make sure the anonymization is complete before
submitting as an answer. I can also walk you through monitoring your
internet traffic yourself, but this is a little more complicated.

In any case, you _should_ be 100% protected if you use the combination
of router, the Tor network, and FreeCap. Let me know your thoughts.

- bookface-ga

i think you need dynamic ip addresses that changes. i feel there is
one option but not sure as i heard about it.will check it and let you
know

The way you want to do this is to use anonymous proxies.

1. search for proxies on google, i recommend going to a paid one as
their services are better and reliable.
2. either get more than one proxy , different on each computer OR I
think you can use the same one on all the computers.  I need to do
further research to give you exact details.

make sure you run few tests after configuring you connections.
1. goto http://www.whatsmyip.org/ and check if you are getting
differnet ip addresses for all your machines.
2. run the latency tests etc for figure out wether the proxy you are
using to is good enough.

I have used free anonymous proxies for web-surfing...which are easier
to setup. you want to look for something which would support online
game play and latency is less.

Let me know if you want me to add anything to this.

cheers
sushil

I understand your privacy needs and I am glad to give you the relevant
information for your business.

Sharpshooter2006, you are right: true IPs can only be detected if the
Online Gambling software uses Java (and I am sure that you are
refering to this kind of software).

What I am going to explain now is the way to gain different IP
addresses as much as you want (not located in Costa Rica, but
worldwide), but you will need to search OPEN PROXIES.

Principle: each computer is set to use a different proxy. Anonymity
over Java is gain with forced connectivity through the choosen proxy.

A- Your online gambling software is using HTTP/S protocol:
The only low-cost software I know that can do this is WINROUTE
FIREWALL from KERIO. Winroute acts as layer over the NIC (Network
Interface Card) of each computer: before any packet is physically sent
on the wire, it passes through Winroute (even if your software doesn't
support proxy). You can configure Winroute to connect to a parent
proxy (please see the User's Manual at the 64-66, be sure to check the
"Enable/Allow connection to any TCP port"). Just give to computer 1,
let's say, a proxy in Hong Kong to use an IP from Hong Kong. If your
gambling software uses SSL, you will have to find a proxy that
supports SSL. Computer 2 can use a proxy in the UK, etc...


B- Your online gambling software is not using HTTP/S protocol (it will be TCP):
I am sure that it uses standards HTTP/S protocol. If, unluckily it
uses TCP, you will need to set-up a Linux-based server. There are 2
principles for this:
- in the local network, the computer 1 have IP 192.168.0.1, computer 2
IP 192.168.0.2, etc... The Linux server is able to assign different
proxy to each computer at the same time as doing NAT.
- all choosen proxies have to support HTTP CONNECT command.

I forgot: to know if your online gambling software uses HTTP/S or
another TCP protocol, you will have to sniff it: use a software like
ETHEREAL, and look at the packets.

I have a solution. In all cases stated previously, the online game
site will still "see" the packets coming from the same "public ip
address" unless you proxy each different user through a different
proxy AND the game software does not "see" the local ip address and
doesnt phone home to backtrace it.

mitade-ga had the best suggestion so far. Use ethereal and go play the
game, and disable all other net aware programs. Find what ports the
game uses. Go and get a couple web hosting accounts at different
webhosting companies who allow SSH access. You then can redirect your
local ports of your network connection through local host (127.0.0.1)
through your web hosting account. The ip address of the web hosting
account would be the only address that could be seen if you redirect
all ports that were found when playing the game were tunneled through
the other machine.

SSH tunneling will allow you to direct ports back and forth from the
ip address of the web hosting account, as long as your web host doesnt
block the ports needed.

You could redirect the port traffic for your game over the ssh tunnel,
then to the game site. And then have your web host listen to any
inbound ports and then redirect that back to you. The hard part is if
they use dynamic port numbers rather then static.

google: tunneling with ssh

The first place to start though is eatheal like mitade-ga said.

i have one solution. don't know it will suite you or not. i have been
used proxy server. which can give you 56kbs band wide free. if you
want more there is a charge. there is a software to used proxy server.
when you used it every one will see your ip address as 127.0.0.1. that
mean you have got the ip that will never exit. as this mean it from
the viewer computer. if you want to try you can sign up free and used
it free from
www.your-freedom.net
Regards

There are some fundamental components of Ip routing and address
assignment that you need to understand in order to find a solution.

1: Ip Addresses are managed by a central authority (IANA) and handed
out by them to the service providers in blocks. When this is done
there are network/geographic information that is taken into
consideration at the time of assignment. Your ISP in chile was given
an address block (probably a class c) that identifies what "greater
network (your serivice providers's provider)" it belongs to, and where
it is phyiscally (and thus allow you to be identified geographically
via a database lookup against your ip).

2: Most Isp's will then hand you a IP from the block that they control
is some sequential fashion. They many even preform a NAT them selves
(NAT = network address translation). Usually if they do, it's a 1:1
Nat, that is you're non-routable 192.x.x.x address gets directly
mapped to some internet routable address.  When an ISP hands out
addresses via DHCP, it will do so on a first come first served basis. 
However What ever IP you get will only be out of the block that they
control. Ff it's a big ISP, then you can get a pretty wide range of
IP's. However they will all be tracable to the same provider, in the
same Geographic location.  Note that we've made no mention of what
happens on your end. All this happens before you get connectivity.

3: When they use DHCP (Dynamic Address Allication), you are assigned
an address from a pool. With this address come a lease. When the DHCP
server hands you an address it notes what address it gave you and how
long your lease is. This is done to prevent it from giving the same
address to two diffrent people. Assumeing your client stays connected,
It will consistently renew the lease and in turn maintian the same IP
address. If you leave your client link dead for a couple of days (3 I
think is a safe number), and then reconnect you may get shuffled down
the pool. Most ISP's that use dynamic addressing will still give you
the same fixed address (correlated to the hardware address of your
modem) even if you're link dead for a couple days. This is a security
measure on their part. If you do something to get your self (your IP)
black listed, this will prevent some one else from connecting up,
getting your used IP, and then being black listed for no reason. 
However they don't gaurentee it, unless of course you purchase a
seprate static option (usually used for hosting). Then they will
gaurentee you get the same address.

If you want some "non-sequential" IP's, Your best bet is to lease a
couple of single lines from a diffrent service providers. Each
provider has their own pool. So you are gaurenteed to get a
non-sequential addresses. Now this means you'll have to maintain 1
contract per IP, as well as 1 piece of hardware (modem).

One alternative might be to order a single line from your service
provider, and then order another one a month or so later. Assumeing
their "relatively busy" some one else will put in requests between
yours and the ip's won't be sequential. They will however be
identifiable as coming form the same service provider.

For the address translation question: Nat/Pat is a pretty complex tool
that can work simply or behave very complexly.  The crux of the
operation is "address translation", if you want a good description
check out how stuff works, or the wikipedia, both have really good
blurbps on the innner workings of NAT. The quick version is, using
port numbers as a method of identification, NAT's take the request
from the "inside" of the fire wall, removes the source address, and
replaces it with an address that it has on the "outside" of the
firewall. This makes the packet look like it's coming from the NAT
box, instead of the requesting comptuer.

Coupleing this knowledge with the multiple ISP's, you can have an
"outside" pool, and inside pool. The NAT hardware/software will map
between the two. From the outside, if all you're depending on is
TCP/IP, you can't tell if there is 1 machine there or a hundred. For
instance, a Cisco Pix 515E can have multiple out side interfaces
(usually for redundency, or hosting), and multiple inside interfaces
(for traffice shaping, and network segmentation). It can manuvere
packets pretty much any way you want it too. Catch is it has a 2000$
price tag.  On the cheaper side you could get a hawking Techonology
H2BR4 for about 65-80$

http://www.hawkingtech.com/products/productlist.php?CatID=36&FamID=43&ProdID=20

It'll do similar things, but is not as "configurable".

I should point out however, that you are running their (whom so ever)
software. Although I cann't identify you "directly" via IP address, I
have some of your CPU cycles and could do something at an applictaion
level to detemine if you're doing something you're not supposed to be
doing.  I may not realise that you're homed in the same place because
you come from diffrent IPs, but nothing stops me from port scanning on
the inside of your firewall for ports I know I use and checking to see
if another instance of the client is running on the inside.  You let
me in by running my software. So even acheieveing the IP distinciton
you want, in no way shape or form garuntees that your activities won't
be identified. This is probably what the java applet comment was
refering to. I'm pretty sure the TOS of most online games I've seen
have specific legal stipulations about selling acounts for actual
currencey.

One additional comment is that in order to purchase service from an
ISP you have to give personal information. This serves two purposes,
the first is billing. The second is liability for illegal acitivitiy.
Reguardless of how many IP's you "come from" all of them are traceable
back to the purchaser. As a content provider, I have the ability to
contact the service provider that is in charge of the offending IP,
and complain to them. They will at their discretion correlate the IP
they have, with the hardware address, and then with the account
holders information. (All this stuff is logged).

For an interesting read check out the recent articles on Piracey and
ISP's giving up thier users.

http://p2pnet.net/story/7446

Account info is subponeable apparently. In either Case you should
probably carefully review the TOS of both your service providers and
the gameing company in question. More than likely your bussiness model
is frowned upon, if not in direct violation of of their TOS, and maybe
subject to legal action.

In response to Sharpshooters clarification:

   "Sublime...

   Unfortunateoy, we get little benfit from the game site knowing we are
   all playing from "a pool of IP addresses, between 192.168.123.1 and
   192.168.123.253."  I think they would know we are all at the same or
   similar place (and we are related or working together in some manner).
   This is what I'm trying to avoid."

Admitidly, I am by no means a subject matter expert, but from what
sublime posted, I do think the NAT router would work.  Although it
could create problems communicating with the game sever.  One thing
that you may not understand is that 192.168.---.--- is the common base
ip given out to networked computers by consumer routers.  What I guess
I'm trying to get at is that regardless of what IP addresses the
router assigns to your computers, if the NAT truely hides your actual
IP address (this is where I'm not too knowlegable) then the game
server could assume nothing, you could be 30 people from anywhere in
the world.  I have delt with Westell, D-link and Linksys routers and
all have assigned my computers addresses in the 192.168.1.--- range
and these are in completely different locations mind you, Wisconsin
and Virginia, with completely diffenrent IP addresses.  Granted these
are routers for you home but I can't see there being much difference
with an enterprise level router.

I have a Linksys WCG200, a wireless combination cable modem/router.
While configuring it, I did notice a tab for configuring the router in
regards to gaming.

Here's a page that discusses port range forwarding for online gaming with a router:

Other NAT and Network Games
http://www.u.arizona.edu/~trw/games/nat2.htm

Here's the box I have:

Linksys WCG200
http://www.linksys.com/servlet/Satellite?childpagename=US%2FLayout&packedargs=c%3DL_Product_C2%26cid%3D1115416822341&pagename=Linksys%2FCommon%2FVisitorWrapper

On the right, under "More Information" click USER GUIDE, and scroll
down to page 44:

..."When you click the Applications & Gaming tab, you will see the Port Range
Forwarding screen (see Figure 5-17). Port Range Forwarding sets up public
services on your network, such as web servers, ftp servers, e-mail servers, or
other specialized Internet applications. (Specialized Internet applications are
any applications that use Internet access to perform functions such as
videoconferencing or online gaming. Some Internet applications may not
require any forwarding.) When users send this type of request to your
network via the
Internet, the Router will forward those requests to the appropriate PC.

Before using Forwarding, you should assign a static IP address [an
internal DHCP LAN address, as Sublime noted] to the designated PC..."

Not sure if this helps, but I thought it might.

~~Cynthia

Listen to Mitade.  I have not attempted anything like your scenario,
but most of the comments won't help your situation.  You can forget
the 192.168.x.x stuff.  Natting does hide you to an extent, but the
site will see your live addy regardless.  Behind any firewall go to
www.whatismyip.com and it will tell you your gateway addy (the current
"real" ip address assigned by your ISP.  Even if you get a different
dsl connection for each workstation, your isp's list of live addy's is
going to be in a range, be it class B or C, and thus geographically
identifiable.   I don't know if anyone is going to notice 30 Costa
Rican ip addresses playing at the same time, just depends on how
serious you are about all this.

Hello sharpshooter2006-ga,there is an easy solution:
contact an asp (application service provider), let them host your application,
and thatīs all!
The application-vendor can findout the asp,and how many people are
being provided by this asp, but not who is using the applications.
Neither where they are located.
wkr, Roland Sassen sassen@thinsia.com

Ask the ISP to assign you non-sequential IPs.

A gateway, firewall, or proxy will not work.

?muahhahaha
HAHAHA Sharpshooter ! You wanna play TO ?
You wanna cheat ?
You don't want to be kicked and/or banned of the server with your gang ?
ONE piece of advice : 

LEARN TO PLAY FAIRLY !!!

MUAAHAHAHAA !!!!

No kidding I think you play TO or am I wrong ??

Ciao