newbie seeks help setting up network

[richard.markiewicz]

Hello everyone.

I need some advice regarding the setup of a small network at my office. Any help that can be given is much appreciated.

I work in a small, serviced office. We have been assigned two static ip addresses for our internet connection. At the moment, I have a wireless router (Linksys WAG354G) plugged in and our two client pc's (both running win xp pro) connect wirelessly. The wireless router has 4 ethernet ports on it, one of which is connected to the internet.

We have purchased a Dell Poweredge server, which only has one network card in it. On the server I want to install either Windows Server 2003 Standard Edition, or Windows Server 2003 Small Business Edition.

Here is what I want to achieve - the internet connection comes through the server and is then shared between the server and our two client pc's. I also want to use the server as a fileshare and a print server, and ultimately maybe an exchange server. If I can do this with one of my static IP's remaining, I will be very happy as I could use this for my development server, which needs to stay seperate from the rest of the network.

Can anyone advise me on the best way to set this up? Will I need another network card for the server, or can I do all this using my wireless router? How can I configure the IP addresses etc for the server and clients?

I admit to being a bit lost here. Any help that can be provided is very, very much appreciated.

Thanks in advance,

Richard

 

[Sazar]

I am not a networking guru so please wait to hear from the other lads

Personally, based on the info provided, it sounds like the single router itself should be able to do the job for you.

For the configuration, wait for the others

I've had very little sleep

 

[Son Goku]

OK, from your description, I've got basically 2 servers (the development being seperate), plus 2 PCs. 4 comps in all and 2 static IPs. However, if you have the linksys router, why setup Internet sharing on the Windows 2003 box?

I don't have as much experience with linksys as Cisco, but assuming that the Linksys router supports NAT/PAT, what you can do depends on whether the development server has it's own seperate connection. Either way, you're going to want a switch/hub which connects both the server (with it's own real IP on your Internet connection). Having a real IP, I'm assuming this is accessible off your Internet connection, aka something that's out in the DMZ? Then there's the connection for the router...

From here, it's trivial, as you have 3 available ports and 3 comps (2 PCs + 1 server). Setup PAT (port address translation, or over-loaded NAT) on the Linksys (I'm assuming it has the capability, same as Cisco routers do), and then share the single IP among the 2 devices. Because the 2 PCs and their server exist on their own internal network, any communication between them can occur directly over your LAN. This is what I'm gathering you're after based on the descrip. Though PC sharing on the Windows box seems a bit akward, when you have a router already...

 

[richard.markiewicz]

Well thanks a lot for the response, I thought that the existing router would suffice but I'm unsure then how to get it to issue IP addresses to the clients, etc. I will await some configuration advice from someone!

Thanks again, and go get some sleep :nervous:

Rich

 

[richard.markiewicz]

OK, from your description, I've got basically 2 servers (the development being seperate), plus 2 PCs. 4 comps in all and 2 static IPs. However, if you have the linksys router, why setup Internet sharing on the Windows 2003 box?

Actually, I think I confused matters here by talking about the dev. server. My dev server is only based here for a couple of weeks while I build it, then I will be moving it to join my server farm in London. I guess having a free IP isn't really an issue if I can share the internet / printers / files etc.

I don't have as much experience with linksys as Cisco, but assuming that the Linksys router supports NAT/PAT, what you can do depends on whether the development server has it's own seperate connection. Either way, you're going to want a switch/hub which connects both the server (with it's own real IP on your Internet connection). Having a real IP, I'm assuming this is accessible off your Internet connection, aka something that's out in the DMZ? Then there's the connection for the router...

From here, it's trivial, as you have 3 available ports and 3 comps (2 PCs + 1 server). Setup PAT (port address translation, or over-loaded NAT) on the Linksys (I'm assuming it has the capability, same as Cisco routers do), and then share the single IP among the 2 devices. Because the 2 PCs and their server exist on their own internal network, any communication between them can occur directly over your LAN. This is what I'm gathering you're after based on the descrip. Though PC sharing on the Windows box seems a bit akward, when you have a router already...

So let me see I have this straight. My wireless router has 4 ethernet ports. I connect, say, port 1 to the plug in the wall that my internet comes through (technical terms I know!), and port 2 to the network interface on the server. Then I need to enable PAT or overloaded NAT on the router.

Then when the client laptops are turned on, they can connect to the wireless network and and will be share the IP address that the server has. So that would mean all three devices exist on one network (so can share files, printers that are plugged into the server, internet and email), but I am only using 1 of the static IP addresses provided in my office?

Is it really that straightforward? Are there any caveats to this kind of network that I should know about? For example, would this be a good basis to start using MS Exchange Server somewhere down the road?

Sorry if I seem a bit slow.... I don't know much about networks as you may have guessed! But I appreciate the help and time you are giving very much.

Rich

 

[Son Goku]

Yes, you only need 1 real IP, because what you setup is an internal network between your devices. In this case, you make sure your server (assuming it does not need to be accessed from the outside) is on your internal network. What you would have is something like (and I don't know your IPs so, I'll just throw some numbers up)

Real IP (66.92.167.25) ---- Linksys Router ----- Internal Network (192.168.15.0/24)

Now, you can say, for instance make the router Interface (it seems your router might have a switch built in, so look at the interfaces carefully, to see what interfaces are external and internal, if it's divided that way) 192.168.15.1, the server can be 192.168.15.2... I'd have to look at the router itself, to confirm my understanding of how those 4 ports are layed out...

Now a server you really don't want to assign a DHCP address too, unless you assign it a static DHCP address. All devices need to know how to get to the server, so that shouldn't change.

The others, you can either assign, or if the router has the capability, setup the DHCP server, with whatever pool, and let it assign those. I know Cisco routers have a DHCP server included, not sure of Linksys...

The only caveat to having a server on the Internal network, is it won't be accessible from the Internet itself. To make it accessible from the Internet, it needs an address which can be reached from the Internet.

In the case of PAT (or port address translation), it will translate the traffic from the internal IP address, to the real IP over a given port. It maintains a table of these associations, so when the router gets a packet back, it can look it up, and find out which box to foward the return packet too...

 

[richard.markiewicz]

OK brilliant. It doesn't sound exactly straighforward but I will give it a go over the next couple of days.

If I have a problem I will be sure to look here for advice - you guys have been brilliant.

Many thanks again

Rich

 

[Son Goku]

BTW, one piece of advise when looking to set networks up in the future, though you might have already done it, and forum text doesn't allow for this to be done easily...

Whatever you're needs are, diagram them... Though such diagram can't necessarily be made for our own use, (albeit we can make our own diagram, be it physical, or metal as I had done); it will help simplify the problem and make it much easier to understand. One is then left with an eye picture of what is needed, and can get an "eye picture" of exactly what the configuration is. With including the networks each set of links represents, and the IP/mask (though CIDR notation might be easier to fit) for each device, peeps can look at it, and know exactly where each thing should be/what it's IP configuration is...

In fact, if you're installing this into an enterprise environment, whoever is receiving this, might appreciate such documentation, which will show them in an instant, how things are setup. Does help to keep the thoughts on the thing organized...

Edit: Actually, I have a mid-term in about an hour, so am sorta running on caffine pills now (which is why I've been on and off, etc). I'll try to get down to the networking lab at the other school, where they have Visio and stuff installed, to diagram out what I was looking at. I should be able to link up an image, that will help convey what I'm envisioning, and also show what a network diagram is...

Edit2: I just looked at the configuration info for your router. The 4 ethernet ports are on the inside, and in addition to the 1 WAN port (aDSL) which goes out to the ISP... Without throwing a switch between the router and the ISP, there is an added complication...

As I said, to get a device to be accessed from the Internet, it needs a public IP address. With a private IP, one can't do this. The easiest way is to put this outside the router, but given your router you can't do this. There is a second way, but it prevents a added complication. Place it outside logically, but not physically. This is done with a static NAT mapping, to the second IP address... People on the outside then address that second IP, and it gets mapped over. A little on this:

http://www.eicon.com/support/helpweb/safepipe/static_nat.htm

A static NAT mapping is a way to make systems that are behind a firewall and configured with private IP addresses appear to have public IP addresses on the Internet. They are therefore a one-to-one mapping of private and public addresses.

The rest are configured to use standard PAT (with this server being an exception). This really will need to be mapped out to make it clearer. Anyhow, I need to go for that test, now...

 

[Admiral Michael]

Goku somewhat mentioned this in hislas tpost.

From reading the topic it sounds like you're using port 1 for your internet connection. But in order to share the single ip you need to use the WAN (also labelled Internet) port, then make sure DHCP is setup on the router (which it is by default).

 

[Son Goku]

OK, I looked at the diagram for his router. What it has is 1 aDSL port comming in, 4 ethernet ports (that I'm sure are on the inside network, with the aDSL port being the WAN link), and an antena... I'm down at the networking lab, so making up the diagrams for him... The IP addresses, I'm going to make up, as a proof of concept. These aren't necessarily his IPs, and would need to be substituted. There will be 2 diagrams, one for his physical network, and one representing what is occuring logically... I'll try to de-mystify this whole issue for him in a moment, brb...

OK, below are the copies of both the logical and physical networks. Though you originally mentioned the network comming in on one ethernet, I gather you're using a aDSL based wireless router, because you have an aDSL Internet connection? In that case, the Internet would come in via the aDSL port, and I'm gathering based on a quick glance at the spec sheet for that piece of hardware that the 4 ethernet ports are all on the same side of the router. Confirming this, without physical access to the device however, would be another matter...

Anyhow, the router itself is doing NAT/PAT as mentioned, and due to the presence of a static route, the development server appears as if it's available on the Internet, aka through a static mapping between the second IP address, and the internal address it's physically attached to. Now, this is not isolated from the internal network, if that's absolutely needed. It will be accessible from the outside however, as if it were physically placed there. When the server moves, the translated address will physically have to be assigned to the computer... Do this before shipping...

A way to think of a static route, is similar to how call forwarding works. Lets say your phone number is 555-9876. However, you don't want to receive your calls at 555-9876. Instead, because you're located at 247-1870, you set call forwarding up on 555-9876. As a result, if I were to dial 555-9876, this phone doesn't ring, but 247-1870 rings instead. This is what the router will do. It treats, in my example 66.92.167.26/29 == 192.168.15.2/24. Therefore, if someone goes to make a connection to 66.92.167.26, the router automatically changes the address on the packet to 192.168.15.2, and then passes it along. 192.168.15.2 sees that this packet is addressed to it, so gets the packet off the network, and then processes the request made to it... (In fact, there are more then 1 packet involved in this, but to simplify, we can pretend there's 1).

The server processes this, comes up with whatever it needs, to fulfill the user's request, and puts that in "another packet" that is sent out with 192.168.15.2 as the source address. The server recognizes this, and the NAT table telling it that 192.168.15.2 is equal to 66.92.167.26, translates the address over (it substitutes this new address in place of the 192 address in the address field in the packet's header), and then sends it out over the Internet. The Internet never sees this private address, so doesn't care. It gets passed along, and the user gets the thing they were requesting.

This can be thought of as being similar to how call forwarding works. You pick up the phone at 247-1870, and dispite the fact that this is the number you are physically located at, the caller doesn't have to be aware of this. From their end, they think you're still at 555-9876, and speak with you as if you were there. But due to call forwarding, you in fact are not. The software on the router handles this translation, much like the switch at the phone company manages the "call forwarding", so the conversation can continue even though the actual address doesn't equal the assumed/visable address; actual phone number dialed, doesn't equal the phone you picked up to receive their call.

Dynamic NAT/PAT works in much the same manner, except that the address translations are setup dynamically by the router. The reason that a computer can't use dynamic NAT and be accessed from the outside, is that no translation exists until the device itself tries to get out. Then the router sets up this translation, writes it to it's own NATing table, which tells the router "some reply comming back on this translated address, really should be forwarded back to this originating device..." Until the device tries to get out, the router simply wouldn't know where to send the packet, so would throw up something similar to when you dial a non-existent phone number, and the telephone system gives a tone followed by some operator's voice saying "We're sorry. Your call can not be completed as dialed. Please hang up and dial again".

The only difference between standard NAT and PAT, is that NAT only translates an internal/non-routable IP address, to the public address which is routable over the Internet. PAT (or port address translation), associates a given IP and port association, to a given connection that a PC on the internal network tries to make. Ports, basically are entry points if you will, that various services on your PC operate on. For instance, when you send a request out to a web server, it goes into the web server on port 80. When you go to send email, that server will be listening on sendmail port 25... Having different ports allows the computer to distinguish different types of traffic, over the same IP, and to keep the given "conversations" between server and client seperate, so it doesn't confuse them one for another...

PAT can put more then 1 PC onto an IP, because it uses the port number, to distinguish each PC, from the other...

Hopefully this helps to clarify things, without confusing you further...

 

[Admiral Michael]

I believe Visio has a save as jpeg option, at least Visio 2003 does.

 

[richard.markiewicz]

This is brilliant stuff guys and I very, very much appreciate all the time and effort you have put into helping me.

I'm hoping to get this network setup today and the diagrams and help provided are going to be amazingly useful.

I have a quick question though - the router in question is being used because I had it lying around spare at home. It will not be connecting to the internet with DSL (it does have one DSL connection and 4 ethernet ports all down one side), our internet connection comes through ethernet ports in the wall. It is provided by the people that run the office space, and we have two ethernet ports on the wall. We have two static IP's and have been provided with subnet, gateway and DNS settings for our laptops.

It looks like I will need to use one of the ethernet ports on the router to connect to the wall, and another to connect to the server itself. Is this going to have a negative effect / stop the setup from working?

Many, many thanks again

Rich

 

[Admiral Michael]

I don't see anything wrong with the two ports on the wall, just remember that the server will be completely exposed to the internet (sounds like a plague ) and to take the appropitate measures to secure it.

Or simply put it behind the router and forward the ports you need.