Network Advice

[denali]

I'm contemplating a rebuild of my network and I would like some advice. I currently lease 4 static IP's from my ISP. Once I rebuild my network, I expect I'll be able to release three of the addresses back to the ISP.

In this network, I will have 8 clients systems (3 desktops, 1 laptop, 2 PDAs, 2 game consoles). I will also have two servers. One server will be available to the general public (small web/mail server), the other server will only be available to those on my network (file server). I guess my first question is, "does this count as a small network?"

So here is where things get fuzzy for me. I plan on setting up two wireless connections (One for b/g traffic, one for 5Ghz N traffic). I'm not worried about my wireless clients hitting the web server, as they should be able to do that with no problem. My concern is the file server. Is there a way to set this network up so that any client on the network (wired or wireless) can use this server, but also prevents anyone coming in from the internet (even via my web server) from using/abusing it?

EDIT: After some thought, I may have not provided enough information. My thought on how I would set this up looks something like this:

Cable Modem -> Switch -> Web Server / Wireless B&G / Wireless N (Each on a separate port off of the Switch)

My question is basically, where would I put the file server? Is there a better way to do this?

 

[Rhyled]

I'd call it a small network

Then again, my definition of a small network is anything that doesn't take a full-time IT person to manage.

I would suggest a router/gateway with a DMZ (DeMilitarized Zone) port for your external webserver. Reconfiguring the b/g and n wireless devices to be access points rather than routers will simplify your life.

Within the limits of my ASCII art, the network I would suggest would look like:

Router/Gateway -> cable modem
+ (DMZ port) Internet webserver
+ wireless b/g ACCESS point
+ wireless n ACCESS point
+ internal file server
+ any number of interal wired connections

Essentially this gives you a pretty straightforward small network with one single router/gateway at its hear.

Using the gateway gives you NAT (Network Address Translation) protection, which is the first line of defense for protecting internal computers from internet attacks. Unsolicited network packets can only make it to the DMZ port (your webserver), which is the only legitimate place for traffic that one of your internal PCs didn't request.

Access points give you the wireless ability without adding another gateway to your network. Most existing wireless gateways can be turned into access points - see this article How To Convert a Wireless Router into an Access Point Trust me, having multiple NATs daisy chained can be a troubleshooting nightmare. Sometimes they work, sometimes they don't.

As always, good firewalls and virus protection are needed on all PCs. You can spend more on the internet facing gateway and get more sophisticated firewalls in hardware if you wish. I'm always on the budget approach, and try to do the protection with software. I also believe in full, automated backups in case everything else fails.

 

[denali]

Hi Rhyled,

Thanks for replying! So if I'm reading your response correctly, you're suggesting I forego the switch and use something like a Cisco RVS 4000? (I looked at the DLink DGL-4100, but I couldn't wrap my head around why a router would have 10/100/1000 Lan ports and a 10/100 Wan port...)

EDIT: Ya know, it helps to look at this site, huh? I read the review of the RVS4000. Now I'm thinking of the Netgear FVS336G instead. (Which is fine... Netgear was my first choice anyway...)