• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 255
  • Last Modified:

Can I put a W2K server machine between modem and wireless access point which is a DHCP and NAT server

I currently have the following home network configuration:

Broadband line into broadband modem-> into wireless access point (3 COM 3CRWE51196 - acting as a DHCP server and providing NAT has 3 "wired" ports)
Clients access internet/filesharing through wireless PCI cards.

Now I wish to change things for a specific reason and put a machine running Windows 2000 Server between the Modem and the access point so that it is not hidden by the NAT.

This machine has 2 network cards, one will be for the modem to go into and the other will be for the private LAN.
Now this is where I get confused.

The wireless Access Point has a specific port for the broadband (a DSL port) which i assume i will no longer use instead connecting the W2K machine into one of the standard Ethernet ports?

Also should I have the W2Kserver with a static private LAN IP and exclude this from the range the wireless access point gives out?

Will the LAN pcs be able to access the internet properly through this configuration - any special settings/software on the W2K server(I was going to use Microsofts ISA server as a firewall?
Will any of this be affected by the NAT on the access point which cannot be turned off? - the clients will therefore have to access the internet via the wireless gateway into the W2K server through the broadband modem......

Sorry for the questions...I just want to understand this and be sure of what will happen when i do this...thanks...

0
mistajjj
Asked:
mistajjj
1 Solution
 
GrindCrusherCommented:
There should be a problem as long as you have ICS running on the 2K machine.

 Here would ba an example ip layout:
( Keep in mind that this is based on the access point  doing NAT with the 192.168.0.0 network)

Win 2k
Nic 1 -> Going to ISP
IP:  66.12.34.5
Mask: 255.255.255.192
Gateway: 66.12.34.1

Nic 2 -> Going to Access Point
IP:  172.16.10.1
Mask: 255.240.0.0


Access Point
Port going to win 2k
IP:  172.16.10.1
Mask: 255.240.0.0
Gateway: 172.16.10.1



Client 1
IP:  192.168.1.2
Mask: 255.255.255.0
Gateway: 192.168.1.1

Client 2
IP:  192.168.1.3
Mask: 255.255.255.0
Gateway: 192.168.1.1

0
 
GrindCrusherCommented:
oops there is a typo in the access point. It should be:

Access Point
Port going to win 2k
IP:  172.16.10.2
Mask: 255.240.0.0
Gateway: 172.16.10.1


0
 
mistajjjAuthor Commented:
Cool thats great...how do I install/setup Internet Connection Sharing on the W2K box?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
GrindCrusherCommented:
Navigate to the control panel and click on the Network and Dial-up Connections icon

Double click on the network connection you will be using for your Internet access and click on the sharing tab

Place a check in the 'share this connection' box

Here is a link with a little more detail:

http://www.annoyances.org/exec/show/ics_2000

0
 
joeyxiongCommented:
I hope that the two of you are aware of the vulnerabilities of both ISA Server and ICS.  Why wouldn't you just put ISA Server on the server to protect it and sit it behind the wireless gateway.  That specific gateway router has DMZ capabilities.  Set up the server as a DMZ host and you should be able to do most if not all you need to do with your server.
0
 
GrindCrusherCommented:
I am aware of the issues with ISA and ICS. If you want a "more" secure server then I would go with what joey says about putting it behind the router.

The only problem with putting your server behind your firewall is now your allowing external networks into your private network.

 The issue comes down to how much you want to protect your server and how much you wanna protect your intranet.
0
 
jslingerlandCommented:
yo - seting your computer as the dmz host allows no protection at all -

windows 2000 server - dont use ic sharing - dhcp
0
 
joeyxiongCommented:
That's why I specified to install ISA Server and set it as a DMZ host.  This definitely is more secure than sitting the server between the ISP and the router.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now