wap/router to wap/switch with server 2003

[SDIAZ911]

Hi everyone,

First post, hope someone can help.

I have a residential high speed DSL account with a dynamic IP. My connection from the wall is a Sprint ADSL Modem (SP 645 ME-A1) bridged with a Linksys Wireless-B Broadband Router (BEFW11S4).

I want to attach a Dell Poweredge SC420 Server running Windows 2003 Small business server (currently server only has one NIC) directly to the wireless router. Then I would like to attach a WAP/Switch hard wired between the gateway server and two other servers (SC 420) one running windows XP Pro the other possibly linux and finally my office desktop (Dimension 8400) running windows XP Pro (all these systems the three servers and desktop as well as the modem WAP/router and WAP/Switch in one room with one Monitor and a KVM switch).

Addidionally in this same room I have a Laserjet printer (brother HL-5140) and a Multi-function Machine (HP officejet G85) both are USB connected to my office desktop)

Then I have a desktop in the kids room running win XP Pro (Dimension 8100) with a wireless Linksys network adapter (WUSB11). A Laptop running XP Pro (VAIO PCG-GRV550) with a Wireless PC card (WPC11) this laptop will roam wherever in the house. And a IPAQ Pocket PC running blue tooth no modem yet but soon I would like to connect this remotely to the network. I want to make sure that these systems connect througn the WAP/Switch and not directly through the WAP/Router.

I want the server running Windows Server 2003 to be the default domain based gateway to the internet for all systems involved and I want it to be a second firewall besides the one already in the WAP/Router. This will be my lab as I study for the MCSE and later CISCO.

Additionally it will be a great way to monitor the network traffic in the house.

Is this a possible setup? If so how and what WAP/Switch would be recommended. When I order the Server 2003 Small business will is it required to have a CAL for all the below?

Two (SC420 Servers)
Two desktops
one laptop
two printers
one pocket PC

I know it is a lot of information but I did not want to leave anything out. Any help will be greatly appreciated.

Steve

 

[fimchick]

Well, first of all, let me try to get something straight -- you want the server to run a firewall, proxy and (I presume) some other features? If so, that is a very, very, VERY bad idea. If your router ever gets compromised the next in line would be the server, which would host the SAM, hash files, DNS entries, you name it. If you want to just use the server as a firewall then do that -- but disable EVERYTHING including NetBIOS, DNS, FileSharing, you name it.

If you want double redundancy then either buy another dedicated firewall or set up another machine and run a firewall ONLY. From there you can jump to the server, switch and your other pc's. Also, don't forget that with every node that you add as a gateway you are adding an extra hop -- and delay -- for internet access. You may not notice it if you run Internet Proxy on the server, but you will definitely notice it if you try to download files or anything else that's not cached.

In the current setup that you propose you would have your computers would just use the server's IP as the default gateway and the server would use the router's IP as its default gateway.

Hope that wasn't too confusing?

 

[SDIAZ911]

OK, I think I see what you are saying.

Leave the current WAP/Router in place as the Firewall. Add another system as just a firewall if I want redundancy such as a system with two NICs one to the WAP/Router going to the Internet and the other NIC going to my 2003 server.

The 2003 server will be my internet proxy which will have two NICs one going to the redundant firewall and one going to a WAP/Switch that all other PC's will connect through.

Is there anything I need to be concerned with with the Notebook, Desktop (in the Kids room) and the Pocket PC as far as trying to connect directly to the WAP/Router instead of the WAP switch.

Will the WAP/Router and WAP/Switch play nice?

Finally, the redundant firewall; will it have to be running on Win XP Pro?

Thanks again,
Steve

 

[fimchick]

OK, I think I see what you are saying.

Leave the current WAP/Router in place as the Firewall. Add another system as just a firewall if I want redundancy such as a system with two NICs one to the WAP/Router going to the Internet and the other NIC going to my 2003 server.

Exactly!

The 2003 server will be my internet proxy which will have two NICs one going to the redundant firewall and one going to a WAP/Switch that all other PC's will connect through.

Is there anything I need to be concerned with with the Notebook, Desktop (in the Kids room) and the Pocket PC as far as trying to connect directly to the WAP/Router instead of the WAP switch.

Will the WAP/Router and WAP/Switch play nice?

Finally, the redundant firewall; will it have to be running on Win XP Pro?

Thanks again,
Steve

You got it! If you are connecting your PDA wirelessly to the router then you'll have no problems because it will be the only wireless access point that the PDA should pick up (or rather, that you will choose to connect to). Same goes for the notebook and/or desktop if they are wireless.

Now, if you want a notebook or desktop to connect through cable instead of wireless, then you won't be able to specify the router as the default gateway because the 2nd firewall (the redundant one) will be the first point of contact for your pc's on the subnet when they try to connect to the internet.

What you can do, of course, is just physically connect a laptop or notebook into one of the ports on the first router itself, but then you are foregoing protection of that computer by the 2nd router/firewall that you installed.

Your second firewall doesn't have to run on XP, but it may make things much easier for compatibility. With that being said, packet filtering is platform independent and shouldn't pose a problem (I'm assuming that you want to make the 2nd firewall a Linux PC? If I'm not mistaken Linux has native support for TCP/IP so your XP machines should be fine).