Solved

5 computers in home network, 5 public ip's...

Posted on 2003-11-28
6
2,188 Views
Last Modified: 2013-11-30
Ok, so I've been thinking about what would be the best way to do the following:

I have 5 computers in my home network, each with windows 2000. Through my isp, I have 5 public ip's...  I would like to be able to have each pc keep a separate public ip, but still be on same home network for file sharing.  I could just have each pc with a public ip, and they would see each other (as i've tried already), but then NetBIOS must be active therefore producing a huge security problem...

At the moment, my broadband line is connected to a switch, and each pc is also connected to that switch. One machine runs windows 2000 server, with two nic cards, one with one of the 5 ip's and other with local ip (gateway) and shares internet through it to rest of machines.

is there any way to keep a safe home network, but each pc have a separate public ip?  if so, what would I need to do?
0
Comment
Question by:teinsa
6 Comments
 
LVL 7

Accepted Solution

by:
Robing66066 earned 100 total points
ID: 9839806
Yes, to a point.

You can buy a router/firewall that will allow you to assign public addresses to map to internal addresses..

So, your network would look like this:


Internet-->Router/Firewall-->Switch-->workstation1 workstation2, workstation3, workstation4, workstation5

On the router/firewall, you program in all five public addresses.  

On the workstations, you assign each of them an internal address.  

In the config on the router/firewall, you assign each of the addresses to point to the internal addresses of the workstations.  You open or close whatever ports you want, including the ones for NetBIOS.

Bingo.  Done.

Of course, those devices don't actually have outside addreses, but from the Internet it would appear so.  Also, the router/firewall you buy won't be your average $100 dlink device.  You'll have to get something that can handle that many conduits.  (The PIX 501 comes to mind -- I'm pretty sure it would handle it.)  Of course, that will cost you.

Aside from that, you could potentially set up a software firewall to do it for you. ICA will manage it for you as would checkpoint.

Good luck!

0
 

Author Comment

by:teinsa
ID: 9839901
a clarification regarding my isp.  I have a LMDS (radio) internet line.  The actual "modem" (SAS receiver) can be connected to a pc or to a switch/hub...  not sure if i could even connect a router to the "modem"...

I would prefer to find a solution that doesnt involve any more hardware than the 16port switch i just bought...

0
 
LVL 9

Assisted Solution

by:svenkarlsen
svenkarlsen earned 100 total points
ID: 9840538
Hi teinsa,

With 5 boxes in your net, you should consider a dedicated Firewall/router, - otherwise your security cannot be anything but basic.

You could make a dual-subnet solution by adding extra NICs to all boxes and disabling NetBIOS on the NICs with public IPs, but that would only be an illusion of security.

Setting up a router in your config is not a problem. As Teinsa describes, it is not the worlds greatest challenge, but make sure you describe your needs to the supplier so you get a router capable of meeting your requirements.

Either get a router/firewall (I recommend stuff like Cisco PIX 501, Zyxell or Speadstream), or get an old PII-PIII and mock it up with some Linux like RedHat or S.u.S.E.. Choice depends on what resource is most scarce to you: money or time. I can tell you that money comes very scarce to me, but never the less I've chosen a PIX 501 at appx. 4-500 US$ (this isn't a commercial, - I'm truly independant;-)


Kind regards,
Sven
0
Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

 
LVL 18

Assisted Solution

by:chicagoan
chicagoan earned 100 total points
ID: 9842589
>I would prefer to find a solution that doesnt involve any more hardware than the 16port switch i just bought...
Simply setting each pc to use DHCP (if your ISP provides DHCP) or manually setting their IP address and connecting them to your switch would have each pc keep a separate public ip.
>but still be on same home network for file sharing
as these are world routable addresses, they sould be able to communicate

the concerns voiced above are that this scheme would expose all of your machines to every script kiddie and infected machine on earth

the primary reason to use a public ip address is so that a service running on a machine can be easily located by name, i.e. www.yourmachine.com = xxx.xxx.xxx.xxx

SO for a minimum of fuss, rather than use ICS, use it's big brother Routing and Remote Access.
This will allow you to assign all your public IP addresses to the outside interface and reserve a private IP address on the inside for your other workstations, filter the services you want to pass through, etc.

see http://www.mcpmag.com/columns/article.asp?EditorialsID=15




0
 

Assisted Solution

by:yakcora
yakcora earned 100 total points
ID: 9887141
some of the smc barricade models support multiple external ips (only for forwarding)
your internal networked pcs get 192.168.x.x IPs  but they browse the internet from different ips you can forward ports from those ips to the intended local ip means if you have 5 ips basicly your internet access is done on 5 different ips for different PCs.

0
 

Author Comment

by:teinsa
ID: 9905018
all answers helped, so I split the points 4 ways.

thanks everyone!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Join & Write a Comment

Hi there, This article summarizes what you need if you are going to set up your home or small business Network Attached Storage (NAS) to be accessible from the internet. Of course there are configuration differences based on your NAS or router ma…
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now