Solved

5 computers in home network, 5 public ip's...

Posted on 2003-11-28
6
2,193 Views
Last Modified: 2013-11-30
Ok, so I've been thinking about what would be the best way to do the following:

I have 5 computers in my home network, each with windows 2000. Through my isp, I have 5 public ip's...  I would like to be able to have each pc keep a separate public ip, but still be on same home network for file sharing.  I could just have each pc with a public ip, and they would see each other (as i've tried already), but then NetBIOS must be active therefore producing a huge security problem...

At the moment, my broadband line is connected to a switch, and each pc is also connected to that switch. One machine runs windows 2000 server, with two nic cards, one with one of the 5 ip's and other with local ip (gateway) and shares internet through it to rest of machines.

is there any way to keep a safe home network, but each pc have a separate public ip?  if so, what would I need to do?
0
Comment
Question by:teinsa
6 Comments
 
LVL 7

Accepted Solution

by:
Robing66066 earned 100 total points
ID: 9839806
Yes, to a point.

You can buy a router/firewall that will allow you to assign public addresses to map to internal addresses..

So, your network would look like this:


Internet-->Router/Firewall-->Switch-->workstation1 workstation2, workstation3, workstation4, workstation5

On the router/firewall, you program in all five public addresses.  

On the workstations, you assign each of them an internal address.  

In the config on the router/firewall, you assign each of the addresses to point to the internal addresses of the workstations.  You open or close whatever ports you want, including the ones for NetBIOS.

Bingo.  Done.

Of course, those devices don't actually have outside addreses, but from the Internet it would appear so.  Also, the router/firewall you buy won't be your average $100 dlink device.  You'll have to get something that can handle that many conduits.  (The PIX 501 comes to mind -- I'm pretty sure it would handle it.)  Of course, that will cost you.

Aside from that, you could potentially set up a software firewall to do it for you. ICA will manage it for you as would checkpoint.

Good luck!

0
 

Author Comment

by:teinsa
ID: 9839901
a clarification regarding my isp.  I have a LMDS (radio) internet line.  The actual "modem" (SAS receiver) can be connected to a pc or to a switch/hub...  not sure if i could even connect a router to the "modem"...

I would prefer to find a solution that doesnt involve any more hardware than the 16port switch i just bought...

0
 
LVL 9

Assisted Solution

by:svenkarlsen
svenkarlsen earned 100 total points
ID: 9840538
Hi teinsa,

With 5 boxes in your net, you should consider a dedicated Firewall/router, - otherwise your security cannot be anything but basic.

You could make a dual-subnet solution by adding extra NICs to all boxes and disabling NetBIOS on the NICs with public IPs, but that would only be an illusion of security.

Setting up a router in your config is not a problem. As Teinsa describes, it is not the worlds greatest challenge, but make sure you describe your needs to the supplier so you get a router capable of meeting your requirements.

Either get a router/firewall (I recommend stuff like Cisco PIX 501, Zyxell or Speadstream), or get an old PII-PIII and mock it up with some Linux like RedHat or S.u.S.E.. Choice depends on what resource is most scarce to you: money or time. I can tell you that money comes very scarce to me, but never the less I've chosen a PIX 501 at appx. 4-500 US$ (this isn't a commercial, - I'm truly independant;-)


Kind regards,
Sven
0
Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 18

Assisted Solution

by:chicagoan
chicagoan earned 100 total points
ID: 9842589
>I would prefer to find a solution that doesnt involve any more hardware than the 16port switch i just bought...
Simply setting each pc to use DHCP (if your ISP provides DHCP) or manually setting their IP address and connecting them to your switch would have each pc keep a separate public ip.
>but still be on same home network for file sharing
as these are world routable addresses, they sould be able to communicate

the concerns voiced above are that this scheme would expose all of your machines to every script kiddie and infected machine on earth

the primary reason to use a public ip address is so that a service running on a machine can be easily located by name, i.e. www.yourmachine.com = xxx.xxx.xxx.xxx

SO for a minimum of fuss, rather than use ICS, use it's big brother Routing and Remote Access.
This will allow you to assign all your public IP addresses to the outside interface and reserve a private IP address on the inside for your other workstations, filter the services you want to pass through, etc.

see http://www.mcpmag.com/columns/article.asp?EditorialsID=15




0
 

Assisted Solution

by:yakcora
yakcora earned 100 total points
ID: 9887141
some of the smc barricade models support multiple external ips (only for forwarding)
your internal networked pcs get 192.168.x.x IPs  but they browse the internet from different ips you can forward ports from those ips to the intended local ip means if you have 5 ips basicly your internet access is done on 5 different ips for different PCs.

0
 

Author Comment

by:teinsa
ID: 9905018
all answers helped, so I split the points 4 ways.

thanks everyone!
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question