DSL, LAN, hubs, segments....
Kool Moe Jul-19-00 04:43 PM
Kinda complex question here;
I run a small office- about 10 computers.
The office is divided into 3 groups- management, production, sales.
Sales has 2 computers running into the Sales' hub.
Sales hub uplinks to Production's hub with 6 computers.
Production's hub uplinks to Management's hub with 2 computers.
Management's hub uplinks to the DSL modem for net access.
This all works fine. Security is handled only by unbinding 'File/Print Sharing' and 'MS Client' from TCP/IP.

Plus, we're hiring more people and need more than the 10 IP's we've leased from the DSL provider.
SO I wanna build a NAT box- probably using MS ICS since we have a copy of Win98se free to use.

Hassle is, we want 2 computers with static IP's live on the net. The rest, we want behind the NAT.
I figure all is good up to the Managment hub.
Then I connect the Management hub to the NAT, and feed the uplink from the secondary NIC on the NAT to another hub- which is uplinked to the DSL modem. Also connected to that DSL hub would be the 2 computers we need static.
Will we be able to see those two static computers from the rest of the LAN behind the NAT?

I assume 'MS Client' and 'File/Print Sharing' will have to be bound on all computers for this to happen, if it will happen. That's pretty insecure, but I can live with that if I gotta.
If NetBEUI is set as the default protocol on all machines, will ICS show the computers behind it? Will it pass any NetBEUI packets, or should we ditch NetBEUI and go with TCP/IP for the LAN as well as net connections?

Or any other thoughts on such a setup would be much appreciated as well! Routers? DSL routers? Switches? Proxies?

Just keep in mind this is a low-budget office- I can't buy a fancy HP server which may allow this from the get-go...dammit
Any thoughts? THanks!
Annapolis, MD

1. RE: DSL, LAN, hubs, segments....
lbyard Jul-19-00 05:25 PM
In response to message 0
No doubt about it… You should have a dedicated server. I don’t see how your office can afford not to have one. So, stop pinching pennies and buy/build one. You do not need a “fancy HP server.” A lot of people think you need an almighty powerhouse for a file server. The truth is a measly computer with a 500 Mhz K6-2 or a 600 Mhz Duron will work just fine. My accountant has a network about the same size as yours. He is running a Windows NT server on a 300 Mhz K6-2 with 128 Mbytes (you’ll probably need 256 Mbytes for Win 2000). And why don’t you save some money and get rid of those 10 IPs. You only need one! You are still sharing the available bandwidth with 10 IPs and you will still share it with one IP—perhaps better, depending on the software. Forget Windows 98 ICS for a network with as many workstations as you have. It is not a satisfactory solution for a network the size of yours. Look at SyGate (http://duxcw.com/digest/Reviews/Network/sygate/sygate.htm) and other Sybergen products. You may want to consider a higher-end Proxy server… One does not have to associate network topology with Windows workgroups. True, all members of a workgroup have to be networked together, but the topology (hub arrangement) does not have to match the workgroup/administrative structure unless it is convenient. Yes, one can mix dynamic and static IP addresses on a LAN as along as the DHCP server(s) are configured not to use the static IPs. You have to have TCP/IP running on the all computers behind a NAT to use the Internet. There is not enough information in the NetBEUI protocol packets to efficiently convert them to TCP/IP and I know of no NAT, etc. software that will do it. Please come back if this didn’t answer all of your questions. Larry

2. RE: DSL, LAN, hubs, segments....
Kool Moe Jul-19-00 06:49 PM
In response to message 1
I appreciate the quick and thorough reply- thanks!
Well, we just don't have the money to build out a server as you recommend. I agree it would be optimal, but we're a small operation and...ah...blah blah blah

A couple of us want live/static net connections cause we work from home. For instance, me: I run PCanywhere over the weekends in case I need to get to my entire computer from home. I run an FTP server all the time for such reasons as well.

Others do many of the same things which require static IP's.
For security, some of us are running ZoneAlarm. Others just rely on wise dload/exe installs, virus checkers, and File Sharing/MS Client being unbound. We don't have secret files or anything, and all important files are backed up overnight to tape (to a non NetBEUI machine).

Then there are those, like sales and admin, who could care less. So them, I want to put behind the NAT to free up IP's as we need them for more technical people. SO what I've done:
Simply made the NAT box with ICS and put it inline at the Production hub. Has two NIC's, one with TCP/IP and a static IP and one with TCP/IP, NetBEUI, and a DHCP IP (from it's own ICS).

So the NIC with the static IP feeds to/from the net. The ICS NIC is the one the other client machines look to for an IP if they're set to obtain their IP's from a DHCP server.
Security-wise, it only helps those behind it- which are Sales and Management. Production is still connected live- but I just hope their 'wisdom' negates any cracking attempts!

I love Sybergen products- good stuff. I use Sygate at home. Before I did, I tried many others (Wingate and such) with such hassles! Sygate was clean and easy- love it (though I need to upgrade my license from 3 user, which sucks cause the next level is expensive! .

Oh, and we do have a dedicated NT server for backups, file storage, and LAN logins, but I didn't want to use that as the ICS server as well. That one really should be behind the NAT...

Anyway, all works well so far. I was worried about a loopback effect, but nothing like it yet! Thanks again for your reply, and hey, nice website
Annapolis, MD

3. RE: DSL, LAN, hubs, segments....
lbyard Jul-19-00 07:31 PM
In response to message 2
Eric, Take a look at http://www.dlink.com/products/broadband/di701/. It may be just what you are looking for. I have not played with one yet. Larry

4. RE: DSL, LAN, hubs, segments....
Kool Moe Jul-19-00 07:41 PM
In response to message 3
Ya, I've looked at such things (I like the Linksys product better) and while they're neat- the only real benefit I see with them is less power-consumption.
We have access to tons of old computer parts- both the NAT box I just built and the one I use at home are both discarded P133's! Plenty of horsepower for basic NAT, FTP, and web serving and all for free (well, not the OS . With the Windows cost in mind, perhaps these little proxies are good deals. But with all the old computers lying around, I'd rather rebuild and service those as opposed to buying something new.
Again, I do appreciate your interest and inputs. Thanks!

