Re: Newbie network setup question

From: Allan Bruce (allanmb_at_TAKEAWAYf2s.com)
Date: 10/16/03 

Date: Thu, 16 Oct 2003 11:22:02 +0100

"Christopher ***" <newsreply@cadmed.net> wrote in message
news:zRkjb.58028$mQ2.55560@newsread1.news.atl.earthlink.net...
> Hello.
>
> Any assistance that someone might be able to provide would be greatly
> appreciated.
>
> Here is the situation:
>
> I have a small business with DSL having 5 static IPs. I have a LAN with
> eight workstations. I have a domain name, and want to run my own web
> and mail servers, since thats what the static IP is for.
>
> How should I set up the systems, so that the workstations are behind a
> firewall or proxy or whatever, but still can access the web and mail,
> which would also need to be accessible from the outside?
>
> Who gets the static IPs? I assume the router gets one, but does a
> static IP go to both the WAN and LAN sides of the router? And then, of
> course, one goes to both the mail and web servers, and another to the
> firewall/proxy machine. I assume that from behind the firewall, I could
> use a 192.168.X.X scheme for the workstations...
>
> Internet<--->router<------>web
> |
> --->mail
> |
> --->proxy<--->LAN
>
> Would this be the proper way to do it? Or should the mail and web also
> be behind the firewall/proxy machine?
>
> Any help is appreciated...
>

Is your router a dedicated router, e.g. a cisco box or is it another linux
box with routing capabilities?
If it is the letter then you can set it up to do all of these on the one
machine. I have this setup with a P2-333 w 192MB and it works perfectly
well. In this setup, you would only need one static IP address for the
external interface, and could use the 192.168.x.x on the internal interface
and other workstations.
If you have a router which isnt a computer (if you know what I mean), then
you will need one static IP for the external interface, and one for the
internal interface. You will then need one for the web/email
server/servers.
In both setups you can have one machine which will act as a web server and
email server or you can have separate machines. If you do have separate
machines then you will need multiple DNS entries which will cost you more
from your ISP, or you can use NAT on the router.
We could help a little more, if you tell us your intented load for the
web/mail servers.
As for the workstations, they can connect directly to the router (each would
need their own firewall), or go through another machine which can setup a
firewall.
HTH
Allan