Does my network design work?
March 9, 2006 6:29 PM Subscribe
We're a small humanitarian organization, with an HQ of about 15 people. I have little networking experience, and have been tasked with the imminent set-up of our network as we move from within a larger institution (a hospital) to our own offices. I want to make sure the architecture I have in mind will do what I want it to do.
Objectives:
- peer-to-peer and local fileserver transfers within the office (small files, infrequent access, no streaming, etc.)
- light VPN access from outside
Note: The organization's web and email services are off-site, 3rd party-hosted
The topology: Internet --> ADSL Modem --> Cable/DSL Router --> 10/100/1000 Switch --> Macs/PCs.
The catch: The fileserver is a peer along with everything else on the switch. The reason for this is simply that it's a Dual 2GHz PowerMac G5, which we also use for more intensive tasks, away from the server room. It's by far the most powerful machine in the office, and our internal and external server needs are very modest, so we want to do it this way. We don't really want to buy another box just to be a keyboard/monitor/mouse into the G5 down the hall.
As I understand it, I should be able to forward any necessary ports from the router to the G5, and all should be well. Right...??? Or should I have someone run the incoming DSL cable waaaay over to the other end of the office, through the G5, and then waaaaay back to the switch? Or something else?
Objectives:
- peer-to-peer and local fileserver transfers within the office (small files, infrequent access, no streaming, etc.)
- light VPN access from outside
Note: The organization's web and email services are off-site, 3rd party-hosted
The topology: Internet --> ADSL Modem --> Cable/DSL Router --> 10/100/1000 Switch --> Macs/PCs.
The catch: The fileserver is a peer along with everything else on the switch. The reason for this is simply that it's a Dual 2GHz PowerMac G5, which we also use for more intensive tasks, away from the server room. It's by far the most powerful machine in the office, and our internal and external server needs are very modest, so we want to do it this way. We don't really want to buy another box just to be a keyboard/monitor/mouse into the G5 down the hall.
As I understand it, I should be able to forward any necessary ports from the router to the G5, and all should be well. Right...??? Or should I have someone run the incoming DSL cable waaaay over to the other end of the office, through the G5, and then waaaaay back to the switch? Or something else?
Thinking about this I guess I'm still confused about what you are worried will not work with your current architecture, and how whatever it is that would be fixed by having the DSL connection go through the G5.
Could you expand on that a bit?
posted by tkolar at 6:46 PM on March 9, 2006
Could you expand on that a bit?
posted by tkolar at 6:46 PM on March 9, 2006
Best answer: I am going to assume you have one IP address assigned to your DSL router.
What you describe will work fine. For simple stuff, assuming your router does port forwarding, it will be no trouble. If you want better control or something complicated, you can replace the router with a machine (like a Linux PC configured to act as a router), but that probably won't be necessary.
My home office set up is much like yours -- a DSL "modem" and router, a switch with some Mac desktops on it, and a Linux machine with ports forwarded to it that acts as a web server and ssh server, as well as a desktop. My only IP address (static) is assigned to the DSL router, the rest are on a private subnet.
posted by teece at 7:06 PM on March 9, 2006
What you describe will work fine. For simple stuff, assuming your router does port forwarding, it will be no trouble. If you want better control or something complicated, you can replace the router with a machine (like a Linux PC configured to act as a router), but that probably won't be necessary.
My home office set up is much like yours -- a DSL "modem" and router, a switch with some Mac desktops on it, and a Linux machine with ports forwarded to it that acts as a web server and ssh server, as well as a desktop. My only IP address (static) is assigned to the DSL router, the rest are on a private subnet.
posted by teece at 7:06 PM on March 9, 2006
Response by poster: Thanks to both of you. I guess I knew intuitively that it would work - I just needed some affirmation, given that this is the first time people have been depending on me to get this sort of thing right. Cheers!
posted by iconoclastic flow at 7:28 PM on March 9, 2006
posted by iconoclastic flow at 7:28 PM on March 9, 2006
By the way, I helped set up a very similar system (right down to the G5) for some church offices about a month ago. We decided that we didn't want to mess with port forwarding, and we had 5 public IP addresses with our DSL service, so we just put a small hub between the DSL modem and the router, and put the G5 directly up on the internet that way.
Our primary motivation was to keep router configuration as simple as possible, so when we weren't around later someone with minimal experience could fix things.
Anyways, good luck.
posted by tkolar at 7:44 PM on March 9, 2006
Our primary motivation was to keep router configuration as simple as possible, so when we weren't around later someone with minimal experience could fix things.
Anyways, good luck.
posted by tkolar at 7:44 PM on March 9, 2006
Everything you're doing sounds okay...except the idea of usinga G5 as a file server. Why? why not get a cheap used p2 system and use it...you can used Remote desktop...put it in a closet...attach a bunch of storage.
I think the only impediment is that OSX (and maybe windows XP) in their standard Peer file systems, only permit 10 users to connect...
I could be wrong, and I'm sure someone will correct me.
posted by filmgeek at 8:46 PM on March 9, 2006
I think the only impediment is that OSX (and maybe windows XP) in their standard Peer file systems, only permit 10 users to connect...
I could be wrong, and I'm sure someone will correct me.
posted by filmgeek at 8:46 PM on March 9, 2006
The big question here is what sort of router you're going to be using.
You really want one that can act as a VPN server, you don't want to be forwarding ports.
posted by I Love Tacos at 9:17 PM on March 9, 2006
You really want one that can act as a VPN server, you don't want to be forwarding ports.
posted by I Love Tacos at 9:17 PM on March 9, 2006
For what it's worth, my DSL Modem is a Zoom X4. It will do various VPN setups with no extra configuration. But I've never tried more than one.
But, it can be configured to act as a PPP-Half bridge, or send everything to a DMZ machine, both of which could be used to essentially remove the Zoom from the loop. Thus, if it did prove to be a limiting factor, I could just send all internet packets to a Mac or Linux server and let it be the brain of the network I've not had need to try this, but I think it would work OK.
posted by teece at 9:47 PM on March 9, 2006
But, it can be configured to act as a PPP-Half bridge, or send everything to a DMZ machine, both of which could be used to essentially remove the Zoom from the loop. Thus, if it did prove to be a limiting factor, I could just send all internet packets to a Mac or Linux server and let it be the brain of the network I've not had need to try this, but I think it would work OK.
posted by teece at 9:47 PM on March 9, 2006
This thread is closed to new comments.
If you're using NAT in the Cable/DSL Router to give everything private addresses, then whether or not your can set up the G5 to have a visible public IP presence depends on the Cable/DSL Router. Most of the ones I've used will allow you to set that up.
posted by tkolar at 6:41 PM on March 9, 2006