jrdecastro
November 2nd, 2008, 10:24 AM
Hi there -new to setting up a full server and remote VPN and need some basic guidance.
The current networks is basically internet -> broadband and wireless router -> switch -> various dektop client machines.
The current Internet connection has a floating IP address which changes every time we reconnect. Internal subnet addresses (192.168.1.x) are static for all nodes except wireless clients which are assigned through DHCP on an address range specified at the wireless router.
I am now geting a single fixed IP address and adding a server to:
- handle file serving to the clients,
- add our own email address and mail access system, and
- create a VPN to a different remote site where we will access the network from and where we will store backups and update them periodically with something bandwith-economical like rsync.
The questions I have are about basic topology - who owns the new fixed IP and how do I ensure data gets to the right place.
Can I keep the existing topology and add the server hanging off the switch together with the clients thus:
A) Internet -> broadband and wireless router -> switch -> server and various dektop client machines (all in parallell out of the switch)
or do I need to have the server (which has two Ethernet interfaces so this is possible) become the interface between the outside world and the network thus:
B) internet -> broadband and wireless router -> server -> switch -> various dektop client machines
or even
C) internet -> server -> broadband and wireless router -> switch -> various dektop client machines (since the wireless clients should also be on the local network...)
If the answer needs to be something like B), how do I set it up and how do I tell the broadband / wireless router that the fixed IP belongs to the server, mail is handled by the server, and all traffic regarding the VPN goes into the server? How do I then get the server to distribute it all correctly to the other clients in the network, including the VPN traffic? Normally I suspect that if the new fixed IP address is a.b.c.d, that address will not make it past the wireless router which will name the server something like 192.168.1.x - how does the overall system then know to send mail to a.b.c.d and its domain name to the server and not the clients for handling? Does the wireless and broadband router need to be configured to do this (and if so, is it just port forwarding (which ports) or something more subtle?)
Similarly, if the answer needs to be something like C), is the server safe enough to expose directly to the Internet like that? (and also all the questions above about how to get it to send all incoming stuff to the right machines)
For VPN, if, say the local subnet is 192.168.1.x, should I make the local subnet at the other end a different number like 192.168.2.x, and if so, should I change the mask from 255.255.255.0 to 255.255.0.0 on both sides so they can see each other, or will the VPN trickery handle that transparently?
Look forward to hearing back - you guys are great!
James
The current networks is basically internet -> broadband and wireless router -> switch -> various dektop client machines.
The current Internet connection has a floating IP address which changes every time we reconnect. Internal subnet addresses (192.168.1.x) are static for all nodes except wireless clients which are assigned through DHCP on an address range specified at the wireless router.
I am now geting a single fixed IP address and adding a server to:
- handle file serving to the clients,
- add our own email address and mail access system, and
- create a VPN to a different remote site where we will access the network from and where we will store backups and update them periodically with something bandwith-economical like rsync.
The questions I have are about basic topology - who owns the new fixed IP and how do I ensure data gets to the right place.
Can I keep the existing topology and add the server hanging off the switch together with the clients thus:
A) Internet -> broadband and wireless router -> switch -> server and various dektop client machines (all in parallell out of the switch)
or do I need to have the server (which has two Ethernet interfaces so this is possible) become the interface between the outside world and the network thus:
B) internet -> broadband and wireless router -> server -> switch -> various dektop client machines
or even
C) internet -> server -> broadband and wireless router -> switch -> various dektop client machines (since the wireless clients should also be on the local network...)
If the answer needs to be something like B), how do I set it up and how do I tell the broadband / wireless router that the fixed IP belongs to the server, mail is handled by the server, and all traffic regarding the VPN goes into the server? How do I then get the server to distribute it all correctly to the other clients in the network, including the VPN traffic? Normally I suspect that if the new fixed IP address is a.b.c.d, that address will not make it past the wireless router which will name the server something like 192.168.1.x - how does the overall system then know to send mail to a.b.c.d and its domain name to the server and not the clients for handling? Does the wireless and broadband router need to be configured to do this (and if so, is it just port forwarding (which ports) or something more subtle?)
Similarly, if the answer needs to be something like C), is the server safe enough to expose directly to the Internet like that? (and also all the questions above about how to get it to send all incoming stuff to the right machines)
For VPN, if, say the local subnet is 192.168.1.x, should I make the local subnet at the other end a different number like 192.168.2.x, and if so, should I change the mask from 255.255.255.0 to 255.255.0.0 on both sides so they can see each other, or will the VPN trickery handle that transparently?
Look forward to hearing back - you guys are great!
James