General discussion

Locked

Network setup

By byteside ·
I am setting up a network and need a little help. First off- I am installing server 2003 and will be adding three users. I also have two more computers I do not want to add as users or even allow acess to the server but I do want them to access the internet over high speed broadband. I need to know how do I set this up? I bought a SOHO switch and already have a Linksys router. I need to finish setting up server 2003. I am at the point where it asks me to connect the server to my Internet connection, but before I do that I am wondering how do I connect things. The server has one nic and I am not sure If I connect the server to the switch and the Internet connection device to the switch and than a router to the switch to route the internet to the two computers I do not want on the server or what???? Any help would be usefull. Thanks.

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by BudTheGrey In reply to Network setup

BroadBand --> Router --> Switch

Switch --> server & all PC's

Most broadband routers will also act as a DHCP server and will do DNS proxy for the network. From the internet point of view, the server is just the same as the workstations going out to the internet. The only significant difference is that the server should have a STATIC IP address, that agrees with the address range the LinkSys router is putting out on the internal network, and doesn't interfere with the routers DHCP. A quick look at the documentation for the router should shed light on those issues.

Collapse -

by razz2 In reply to Network setup

The internet and LAN access are two seperate things. Hook up
the LAN as:

Internet-->modem-->router-->switch-->All Machines

When you install 2003 you did not say if you are going to use
AD, But make the server static and have the workstations get ip's
from DHCP. Where you put DHCP depends on the design. If the
users on the PC's will be joining an AD domain then have DHCP
on the server, NOT the router, along with DNS. if not then DHCP
on the router is ok. On the server use NTFS and set permissions
on any files/ folders, or shares as needed. Without a login the 2
PC's will be denied access.

Good Luck,

razz

Collapse -

by byteside In reply to

Poster rated this answer.
Thanks for the reply Razz. I am planning to use Active Directory and planned on making user computer DHCP. The computers I don't want to access the server do not need any data from the server, they just need Internet and they will be changing frequently with differant physical pc's so I did not want to have to create accounts for them every time I changed pc's. I did not know I needed to make the server static so I am glad I asked about this. The server is only for storing data it wont be a web server. My website is hosted somewhere else. Does that matter at all when I set this up?

Collapse -

by razz2 In reply to Network setup

You have a file server that will be an AD domain.
The only clients you mentioned will not access the server.
I am guessing that there are some machines to access the server
data or it is just for looks.
The server and all pc's share 1 internet connection and 'some' of
the pc's should not be able to access the server.

Good so far?

First, all machines should be behind the router. If you do:

Internet-->switch-->server and router into switch-->
pc's into router

Then server is NOT behind the firwall features of the router.

So, It should be:

Internet Modem-->Router-->switch-->Server and PC's

Server is a static ip and the workstations get ip from DHCP.

All machines will be on the same subnet, but only those joined
to the AD domain, meaning those with computer accounts and
user accounts will be able to access the server. I should note
that is with any NT based OS, NT, 2000, and XP. Win98 boxes
will be able to get to it.

That is where the permissions on the drive come in. Using NTFS
on the server drive users must be validated to access the files
and directories set with apropriate permissions.

The machines not joined could change all day and the server
won't care. The users still will have no access because they did
not login and get any access tokens, or they have no
permissions

The DHCP server that would give ip's to the workstations could
be from the 'server' or the router. The pc's you do NOT want to
access the server, router is OK, but you are using AD and I must
guess there are computers that WILL be accessing the data on
the server. Those clients should get DHCP from the DHCP server
installed on 2003. That way they will use the server DNS instead
of using the router DNS settings. This allows domain member
computers to find domain controllers.

In AD make sure you DO NOT name the domain the same as
your external hosted web domain name. If the web site that is
external is domain.com then in

Collapse -

by razz2 In reply to

I always choose a hardware firewal over a software one. The
router in this case. Why let them get all the way to the machine
before trying to stop them? People that can afford it put a gate
around their house to stop people before they make it to the
house. If the make it to the PC before being stopped, then the
firewall better be good and configured properly. Plus the router
does NAT which is an added bonus.

razz

Collapse -

by byteside In reply to Network setup

Dosen't Server have a software version of a firewall? If so, which is better the router firewall or the software firewall? By the way I appreciate all your help.

Collapse -

by CG IT In reply to Network setup

I would recommend the following:

Hardware:
Symantec VPN200 firewall appliance or Cisco PIX 515 Firewall

Cisco Catalyst managed 24 port switch.
Software: Symantec Corporate Antivirus 9.1
Firewall Appliance Alternative: Microsofts ISA server 2000/2004 Firewall/Proxy server.

Topology:
There are a couple of ways in which to setup the topology.
With the catalyst managed switch, you can segment [VLAN] a series of ports for your domain network to seperate out those on the domain LAN from those not on the domain LAN. The firewall appliance [symantec or PIX] you can setup routing for various traffic services on your domain network and deny LAN traffic behind the firewall to the domain network [effectively cutting off users on a different lan segment from connecting to your domain lan segment from behind the router].

Another option is ISA server 2004. ISA 2004 [not 2000] allows you the flexibility to have multiple segments being managed by ISA server [3+ nics depending upon need]. ISA server then acts as a proxy for all computers behind it regardless of LAN segment assignment. ISA server will manage all traffic between the Internet and your LAN segments [much like a PIX firewall].

Collapse -

by byteside In reply to Network setup

This question was closed by the author

Back to Networks Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums