DUX COMPUTER DIGEST

 

Site Search

Site Info

Home » Forums » Forum Archives » Networking and Internet Sharing » Topic # 1944

I need your help.
Hirakawa Jun-16-02 09:30 PM
Hi, this is my network setting:

192K Leased Line -> Modem -> Router (no switch, no firewall build in) -> Firewall -> Switches (connect to other workstations) -> SMC Barricade™ 8 Port 10/100 Mbps Broadband Router -> workstations & servers.

Due to the Firewall have limited user license, in order to save the license, I have to reduce the IP addresses (behind the Switches) by using a SMC 8 port router to connect the switches, so that the workstations & servers that connected behind the SMC 8 port router will share only one IP address and save more user licenses.

Problem: The LAN formed by all the workstations and servers behind the SMC 8 port Router cannot have the internet access and do file sharing with the LAN before the SMC Router.

What should I do in order to have file sharing & internet sharing between current LAN and LAN behind the SMC Router without creating more IP addresses behind the firewall?

Thank you.


1. RE: I need your help.
DJ Net2Infinity Jun-16-02 09:48 PM
In response to message 0
LAST EDITED ON Jun-16-02 AT 09:52 PM (EDT)
 
What kind of Firewall is it? What are you trying to accomplish I dont understand why you would have a modem then a router then a firewall going to a switch and into that switch you have another router plugged in. Why dont you put your 8 port broadband router in between your firewall and your switch??

2. RE: I need your help.
Hirakawa Jun-16-02 09:59 PM
In response to message 1
Thank you for replying.

The Firewall is from BayWare, it has 50 user license. The reason why I am not doing as what you suggested is because the Firewall only have two ports (one in one out) and there is a lot workstations and servers connected to that firewall through the switches.

Due to the Firewall counting the IP addresses behind itself to determine how many user license had been used, I have to use the SMC router to let my extra workstations and servers to share only one IP address in order to save the licenses.

Also, the original setting is like this:

leased line -> modem -> router -> firewall -> switches -> many workstations and servers.

I wish to make it like this:

leased line -> modem -> router -> firewall -> switches -> many worstations and servers plus SMC router.


4. RE: I need your help.
DJ Net2Infinity Jun-16-02 10:04 PM
In response to message 2
You should have bought a Cisco PIX 515, or 525 any firewall that resticts you to licensing is crap, sounds like they are partners with microsoft. Lemme think about the situation.

5. RE: I need your help.
Hirakawa Jun-16-02 10:06 PM
In response to message 4
I really have no choice, because I was not good in networking at that time the network was setup... the network configuration was done by the technician hired 2 years ago...

3. RE: I need your help.
Hirakawa Jun-16-02 10:02 PM
In response to message 1
Can I have the SMC router I bought to put in between the switches and firewall? Will it cause all the workstations and servers don't have internet access (because there is another router after the modem...)?

6. RE: I need your help.
DJ Net2Infinity Jun-16-02 10:08 PM
In response to message 3
LAST EDITED ON Jun-16-02 AT 10:12 PM (EDT)
 
The SMC router should pass only one IP address to the Lan, if you have all the workstations and server plugged into the switch it should work.

Modem -- Router -- Firewall --- Broadband --- Switch -- Lan


It seems odd to have to use the Broadband router to go out especially to interface between your firewall and switch, the other thing I cant understand is why do you have a router outside your firewall, are you running some kind of web server and passing it back thru?


7. RE: I need your help.
Hirakawa Jun-16-02 10:17 PM
In response to message 6
Yes, I running a lot of servers like test server, application server, file server, mail server.... and a lot.

So that the users in our network can pass through the firewall and access the workstations & servers behind it.


8. RE: I need your help.
DJ Net2Infinity Jun-16-02 10:19 PM
In response to message 7
Well then that wont work either cause that broadband router would stop them in their tracks. I would say either get more licenses for your firewall or replace it.

9. RE: I need your help.
Hirakawa Jun-16-02 11:14 PM
In response to message 8
Don't know what happened, after I change few settings in Windows NT & SMC Router (I change the network TCP/IP, enable routing, pointing the gateway of smc router to the firewall), the network with this configuration can work:

Leased line -> MODEM -> Router -> BayWare firewall -> Switches -> All workstations & Servers + SMC 8P BroadBand Router -> workstations & servers.

Every Workstations & Servers behind the SMC BroadBand Router have the satisfied internet access speed.

Now another problem has occured...

The LAN behind the SMC BroadBand Router cannot communicate with the original LAN I have... also, the original LAN cannot see the LAN behind the SMC BroadBand Router....


10. RE: I need your help.
Hirakawa Jun-16-02 11:29 PM
In response to message 8
Correction... the firewall is not Bayware... it is BorderWare... the Bay Network is the router name.

11. RE: I need your help.
DJ Net2Infinity Jun-16-02 11:53 PM
In response to message 10
The Firewall doesnt restrict you to a certain number of licenses, but I believe you have to run Borderware software and you only have 50 seat licenses.

12. RE: I need your help.
Hirakawa Jun-17-02 00:18 AM
In response to message 11
Yes, I have 50 seat licenses. But I don't run Borderware software.

Also, I was told that the limited seat of licenses slow down the internet access. Therefore, my idea is put all the non important servers and workstations to the SMC router to gain more license. Also, I read some webpage said that router can block the broadcast so that firewall cannot know how many computers behind the network...

I think my idea is quite stupid.


13. RE: I need your help.
DJ Net2Infinity Jun-17-02 00:36 AM
In response to message 12
LOL, you said it not me .... Yeah it does slow things down because it has to check permissions and things of that nature. Broadband routers like the SMC are suppose to be for Homes and small offices, not a network like yours. If your network has grown and most of them do and will ..... I would ditch that Borderware and get a PIX.

14. RE: I need your help.
lbyard Jun-17-02 09:56 AM
In response to message 13
I have a 7-port SMC router. I can load it up and it doesn't slow things down enough that one would even notice it. However, I am loading it with user PCs and low-end servers. Yes, the NAT (http://duxcw.com/faq/ics/diffrout.htm) in router will make computers behind it invisible to a network connected to the WAN port. BTW, although it lacks sophistication as far a tailoring it concerned, an SMC router is also a pretty darn good firewall as well. I don't recall the total number of PCs it will support (see your User Manual), but one can certainly cascade some switches behind it. There is a post with procedure somewhere in this forum made by a reader who did something like what you a trying to do. Believe it was posted within the last two months. Larry

15. RE: I need your help.
Hirakawa Jun-17-02 09:23 PM
In response to message 14
LAST EDITED ON Jun-17-02 AT 09:25 PM (EDT)
 
Thank you for replying.

I assumed that you want to tell me that "NAT in the SMC router make the network behind it invisible to my current network and share one IP address".

Is there any other way like "add route" can help the invisible LAN appear in my current network?

Is it possible to make the invisible LAN behind the SMC router see the original LAN I have?

Thank you.


16. RE: I need your help.
lbyard Jun-18-02 01:05 AM
In response to message 15
That would defeat the reason that you bought the router, wouldn't it? Why not try putting the router immediately after the firewall or replace the firewall with it? Larry

| Home | Guides | How to | Reviews | Online Store | FAQ | Forums | Forum Archives |
| Links | News | Newsletter | About Dux | Advertising | Contact Info | Privacy |