5 computers in home network, 5 public ip's...

Ok, so I've been thinking about what would be the best way to do the following:

I have 5 computers in my home network, each with windows 2000. Through my isp, I have 5 public ip's...  I would like to be able to have each pc keep a separate public ip, but still be on same home network for file sharing.  I could just have each pc with a public ip, and they would see each other (as i've tried already), but then NetBIOS must be active therefore producing a huge security problem...

At the moment, my broadband line is connected to a switch, and each pc is also connected to that switch. One machine runs windows 2000 server, with two nic cards, one with one of the 5 ip's and other with local ip (gateway) and shares internet through it to rest of machines.

is there any way to keep a safe home network, but each pc have a separate public ip?  if so, what would I need to do?
teinsaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Robing66066Commented:
Yes, to a point.

You can buy a router/firewall that will allow you to assign public addresses to map to internal addresses..

So, your network would look like this:


Internet-->Router/Firewall-->Switch-->workstation1 workstation2, workstation3, workstation4, workstation5

On the router/firewall, you program in all five public addresses.  

On the workstations, you assign each of them an internal address.  

In the config on the router/firewall, you assign each of the addresses to point to the internal addresses of the workstations.  You open or close whatever ports you want, including the ones for NetBIOS.

Bingo.  Done.

Of course, those devices don't actually have outside addreses, but from the Internet it would appear so.  Also, the router/firewall you buy won't be your average $100 dlink device.  You'll have to get something that can handle that many conduits.  (The PIX 501 comes to mind -- I'm pretty sure it would handle it.)  Of course, that will cost you.

Aside from that, you could potentially set up a software firewall to do it for you. ICA will manage it for you as would checkpoint.

Good luck!

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
teinsaAuthor Commented:
a clarification regarding my isp.  I have a LMDS (radio) internet line.  The actual "modem" (SAS receiver) can be connected to a pc or to a switch/hub...  not sure if i could even connect a router to the "modem"...

I would prefer to find a solution that doesnt involve any more hardware than the 16port switch i just bought...

0
svenkarlsenCommented:
Hi teinsa,

With 5 boxes in your net, you should consider a dedicated Firewall/router, - otherwise your security cannot be anything but basic.

You could make a dual-subnet solution by adding extra NICs to all boxes and disabling NetBIOS on the NICs with public IPs, but that would only be an illusion of security.

Setting up a router in your config is not a problem. As Teinsa describes, it is not the worlds greatest challenge, but make sure you describe your needs to the supplier so you get a router capable of meeting your requirements.

Either get a router/firewall (I recommend stuff like Cisco PIX 501, Zyxell or Speadstream), or get an old PII-PIII and mock it up with some Linux like RedHat or S.u.S.E.. Choice depends on what resource is most scarce to you: money or time. I can tell you that money comes very scarce to me, but never the less I've chosen a PIX 501 at appx. 4-500 US$ (this isn't a commercial, - I'm truly independant;-)


Kind regards,
Sven
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

chicagoanCommented:
>I would prefer to find a solution that doesnt involve any more hardware than the 16port switch i just bought...
Simply setting each pc to use DHCP (if your ISP provides DHCP) or manually setting their IP address and connecting them to your switch would have each pc keep a separate public ip.
>but still be on same home network for file sharing
as these are world routable addresses, they sould be able to communicate

the concerns voiced above are that this scheme would expose all of your machines to every script kiddie and infected machine on earth

the primary reason to use a public ip address is so that a service running on a machine can be easily located by name, i.e. www.yourmachine.com = xxx.xxx.xxx.xxx

SO for a minimum of fuss, rather than use ICS, use it's big brother Routing and Remote Access.
This will allow you to assign all your public IP addresses to the outside interface and reserve a private IP address on the inside for your other workstations, filter the services you want to pass through, etc.

see http://www.mcpmag.com/columns/article.asp?EditorialsID=15




0
yakcoraCommented:
some of the smc barricade models support multiple external ips (only for forwarding)
your internal networked pcs get 192.168.x.x IPs  but they browse the internet from different ips you can forward ports from those ips to the intended local ip means if you have 5 ips basicly your internet access is done on 5 different ips for different PCs.

0
teinsaAuthor Commented:
all answers helped, so I split the points 4 ways.

thanks everyone!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.