Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2197
  • Last Modified:

5 computers in home network, 5 public ip's...

Ok, so I've been thinking about what would be the best way to do the following:

I have 5 computers in my home network, each with windows 2000. Through my isp, I have 5 public ip's...  I would like to be able to have each pc keep a separate public ip, but still be on same home network for file sharing.  I could just have each pc with a public ip, and they would see each other (as i've tried already), but then NetBIOS must be active therefore producing a huge security problem...

At the moment, my broadband line is connected to a switch, and each pc is also connected to that switch. One machine runs windows 2000 server, with two nic cards, one with one of the 5 ip's and other with local ip (gateway) and shares internet through it to rest of machines.

is there any way to keep a safe home network, but each pc have a separate public ip?  if so, what would I need to do?
0
teinsa
Asked:
teinsa
4 Solutions
 
Robing66066Commented:
Yes, to a point.

You can buy a router/firewall that will allow you to assign public addresses to map to internal addresses..

So, your network would look like this:


Internet-->Router/Firewall-->Switch-->workstation1 workstation2, workstation3, workstation4, workstation5

On the router/firewall, you program in all five public addresses.  

On the workstations, you assign each of them an internal address.  

In the config on the router/firewall, you assign each of the addresses to point to the internal addresses of the workstations.  You open or close whatever ports you want, including the ones for NetBIOS.

Bingo.  Done.

Of course, those devices don't actually have outside addreses, but from the Internet it would appear so.  Also, the router/firewall you buy won't be your average $100 dlink device.  You'll have to get something that can handle that many conduits.  (The PIX 501 comes to mind -- I'm pretty sure it would handle it.)  Of course, that will cost you.

Aside from that, you could potentially set up a software firewall to do it for you. ICA will manage it for you as would checkpoint.

Good luck!

0
 
teinsaAuthor Commented:
a clarification regarding my isp.  I have a LMDS (radio) internet line.  The actual "modem" (SAS receiver) can be connected to a pc or to a switch/hub...  not sure if i could even connect a router to the "modem"...

I would prefer to find a solution that doesnt involve any more hardware than the 16port switch i just bought...

0
 
svenkarlsenCommented:
Hi teinsa,

With 5 boxes in your net, you should consider a dedicated Firewall/router, - otherwise your security cannot be anything but basic.

You could make a dual-subnet solution by adding extra NICs to all boxes and disabling NetBIOS on the NICs with public IPs, but that would only be an illusion of security.

Setting up a router in your config is not a problem. As Teinsa describes, it is not the worlds greatest challenge, but make sure you describe your needs to the supplier so you get a router capable of meeting your requirements.

Either get a router/firewall (I recommend stuff like Cisco PIX 501, Zyxell or Speadstream), or get an old PII-PIII and mock it up with some Linux like RedHat or S.u.S.E.. Choice depends on what resource is most scarce to you: money or time. I can tell you that money comes very scarce to me, but never the less I've chosen a PIX 501 at appx. 4-500 US$ (this isn't a commercial, - I'm truly independant;-)


Kind regards,
Sven
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
chicagoanCommented:
>I would prefer to find a solution that doesnt involve any more hardware than the 16port switch i just bought...
Simply setting each pc to use DHCP (if your ISP provides DHCP) or manually setting their IP address and connecting them to your switch would have each pc keep a separate public ip.
>but still be on same home network for file sharing
as these are world routable addresses, they sould be able to communicate

the concerns voiced above are that this scheme would expose all of your machines to every script kiddie and infected machine on earth

the primary reason to use a public ip address is so that a service running on a machine can be easily located by name, i.e. www.yourmachine.com = xxx.xxx.xxx.xxx

SO for a minimum of fuss, rather than use ICS, use it's big brother Routing and Remote Access.
This will allow you to assign all your public IP addresses to the outside interface and reserve a private IP address on the inside for your other workstations, filter the services you want to pass through, etc.

see http://www.mcpmag.com/columns/article.asp?EditorialsID=15




0
 
yakcoraCommented:
some of the smc barricade models support multiple external ips (only for forwarding)
your internal networked pcs get 192.168.x.x IPs  but they browse the internet from different ips you can forward ports from those ips to the intended local ip means if you have 5 ips basicly your internet access is done on 5 different ips for different PCs.

0
 
teinsaAuthor Commented:
all answers helped, so I split the points 4 ways.

thanks everyone!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now