Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hi Everyone,
I was just wondering if anyone had suggestions on a network that I am going to have to be re-setting up. I haven't done the review yet which I will be doing later today so I don't have the models of any of the equipment.Basically there is two networks in the office. One router does the intranet which includes server and some workstations. The other router has access to the internet which has a few clients connected as well as a wireless access point. The two routers currently are not connected.
What they want to happen is have the server have access to the internet to do online backups. They don't want any other machine on that network to have internet access. Another catch is that they want the wireless clients from the other network to be able to connect to the server from the other network. My plan of attack would probably be to have the two networks of course be on a different subnet with both routers connected. Configure the intranet router to use the other router as the gateway. Then have the Server handle the DHCP and have the server as the gateway but not do any dns forwarding.
Anyways, this is what I have thought up of solving these issues and I am just wondering if anyone has any suggestions on what else could work or make this setup better.
Thanks all for the help!!
Jesse
Your plan would open the internet to everyone now connected to the intranet router.
I would suggest an additional nic in the server connected to the internet router. Let the router provide the ip to the server nic. This will put the server and wireless stations on the same subnet and provide internet to the server for online backups while still maintaining the intranet security. Do configure the firewall software on the server. It would also be better if the online backup could be port forwarded instead of just a full open pipe to the server.
Give a person a fish, they eat for a day. Suggest they internet search and they learn a skill for a lifetime.
0 
Thanks for the post wanderer. Yea I do think the additional nic method would work a lot nicer. I was almost thinking of juts putting a wireless nic card in the server but was not sure if the throughput through the wireless would be affected and then security reasons as well. Thanks again!
0
both good reasons not to do wireless to the server.
Give a person a fish, they eat for a day. Suggest they internet search and they learn a skill for a lifetime.
0
Wanderer,
Not being a wise guy, but trying to learn about this combined wireless,wired networking situation.
Wouldn't the wireless router being connected to the server which has internet access also give the wireless clients access to the internet? Or am I missing something.
I've never run a setup like this so I'm curious as how that would work.
Larry
Sometimes I think I understand everything, then I regain consciousness
0
Hi Lary,
The wireless clients are allowed to access the internet. They are in a different location of the building. I believe there is even a couple wired clients connected to the router that has internet access. They all have internet access but have never been able to connect to the server.
0
Group your server / hosts / wirless clients into different subnets, connect both routers together and setup your routing protocol to forward traffic between routers and subnets as necessary. Ensure all subnets that need to communicate can, and perhaps place a static route for the sever to access the router with the internet interface.
Then setup an Access Control List on the router interface that is connected to your internet to only allow the Server IP inbound/outbound access. By using extended ACL's you can only allow the subnet of the server and determine what type of traffic is allowed and on what port. The last line of an ACL will explicitly deny every other kind of traffic from all other subnets crossing that interface.
This way you can modify the setup later to allow other hosts internet access by only modifying the ACL to include the relevant subnets. The rest of the network would function as normal once you have nailed the routing protocols so the routers know where all the subnets are. These could be a mixture of static / dynamic routes.
0
Thanks to both ePod69 and d85kennedy. Becoming clearer. I thought the wireless units were not connecting to the internet.
And d85kennedy's explanation helped even more to clarify the situation.
Larry
Sometimes I think I understand everything, then I regain consciousness
0
d85kennedy writes:
"connect both routers together"OK crossover between lan ports of the two routers since you certainly can't connect the two wan ports :-)
"and setup your routing protocol to forward traffic between routers and subnets as necessary"
Say what? What router protocol on the lan? There is no routing since there is no router between the two routers connecting their lan segments. Do you mean put persistant routes at each PC? Whew that sounds like more work then a nic in the server and a crossover.
"Ensure all subnets that need to communicate can"
Again what subnets? If you connect the routers lan ports you need both routers lans in the same subnet. Unless you are going to do ip reservations and have both doing dhcp. Yikes! Again a ton of work and for what!
I am always happy to explain Seawatch so always feel free to ask.
Are you ready for where Microsoft wants you to go today?
0
Thanks Wanderer.
Would a bridge work in this situation?
Sometimes I think I understand everything, then I regain consciousness
0
Wanderer, perhaps I should clarify this a bit further.
Yes both LAN ports on the router have to be in the same subnet or this whole thing wil not work.
"setup your routing protocol to forward traffic between routers and subnets as necessary"
My personal experience is with connecting 2 cisco routers with the serial link. As I am unaware what hardware is in use, i was trying to point out to epod69 to check the routers are forwarding traffic between them properly as to be honest I have not connected 2 routers with a LAN port, might try this in the lab next week."Ensure all subnets that need to communicate can"
If you place different hosts (wired or wireless) in different subnets you can logically group them and this will allow easy contol of hosts access to the server and internet / intranet as required.
This could be contoled by subinterfaces on the router and using VLAN's on any switches if you wishThis way you can limit access to the internet/intranet as required by setting up an ACL on the router to only allow the subnet of the internet hosts access to the internet, you can block/allow a logical group using your ACL and the correct wildcard masks. As long as the DHCP is setup to give out the correct range of address to the hosts the ACL will be fine. Some routers / switches allow the forwarding of DHCP requests to the server.
In my opinion, i would not place a NIC in the server. I would let the router's deal with all the network traffic and i presum epod69 already has a firewall running for internet access - might as well utilise this instead of loading a firewall onto the server. Why burden the server with internet traffic when the routers can perform this for you, the server will be busy with other tasks/requests? Routers are designed to route network traffic and do not have the overhead of an OS or anything else to run.
However, this is just my personal opinion and it depends on what epod69 finds easier to impliment and administer. At least he has 2 strategies for this now.
Epod69 - please post back with whatever solution works for you and why.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
