[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Internet Connection Sharing

Posted on 2005-04-28
12
Medium Priority
?
1,058 Views
Last Modified: 2013-11-16
I need some advice?

I have a domain running W2k3 server and 7 Clients.

I have the server running DHCP and DNS.

Unfortunately Broadband is not available and I am having to go down the route of ISDN.

I have got an ISDN router a Realtek R338, I can get the router to connect if I connect it to one PC. The problem is I want to share the connection.

How is the best way to do it. I dont want to connect my server directly to the internet for security reasons.

I have other resources available, possibly setting up another computer to connect if that is the best option.

I have purchased an ISDN modem but am also having problems trying to connect them all to the internet.

Any suggestions would be welcome PLEASE?
0
Comment
Question by:alanheaton
  • 3
  • 2
  • 2
  • +3
12 Comments
 
LVL 6

Expert Comment

by:BILJAX
ID: 13889916
Get a cheap Cisco router with an ISDN WIC in it :)


AC
0
 
LVL 6

Expert Comment

by:BILJAX
ID: 13889933
Attach the ROUTER to a SWITCH.


Make sure you put the DNS from your ISP on the Forward Lookup Pointers in DNS on the server.  Make all the client point back to the DNS server and NOT to the Modem/Router.



0
 
LVL 6

Expert Comment

by:magicomminc
ID: 13890741
a PIX 501 is a good choice too, since you alreadu got ISDN router.
10 user-license is a perfect fit for your case.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/ps2031/index.html
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 
LVL 4

Expert Comment

by:rburns50
ID: 13892201
If you are having issues with the ISDN router only working when connected to one PC, the above option of conecting to a switch (or even a hub....shudder) is valid. However, your problem may be that the ISDN router is only set up to do NAT (one-to-one address translation) and not PAT (port address translation, where many hosts share a single "hide" address). Not familiar with that specific router, but see if it supports "many to one" address translation.

One other note- you mention that you don't want the server attached directly to the Internet for security reasons. However, you don't mention a firewall anywhere (as magic suggested), so your server is still exposed (even behind the ISDN router). Hopefully, the ISDN router has built in FW capability? If not, you may want to look at either a real firewall like the PIX above, or go with a cheaper PC-based solution. You could install Zone Alarm (or other freebie firewall) on a single PC (old one that you don't use...can be slow). Attach the ISDN MODEM to it (not the router), and let it be the firewall between your network and the Internet. You would need to make that PC your default gateway for the server and the other PC's. You may also need a PAT solution (see my first comment)- NAT32 works, but it's not free..but low cost.

So many options, so little time to describe them all...
0
 
LVL 24

Expert Comment

by:purplepomegranite
ID: 13893050
NAT = Network Address Translation
This is where one IP address is translated into another.  Multiple NAT allows many computers to share one internet connection (i.e. one public IP address), single NAT is basically used for security (one public IP address is translated into one private IP address).

PAT = Port Address Translation
Purely for translating ports, not addresses. i.e. a connection comes in on port 25 to the router and is changed to port 45 for onward transmission.

A good option for your set-up if you are after an all-in-one box that does everything is the Draytek 2600VGi (http://www.draytek.co.uk/products/vigor2600v.html).

This supports both ISDN and ADSL, and has full VPN, firewall, wireless facilities.  Advantage of this is that if you do ever upgrade to broadband, you should be able to use the same router.

I can't find any information on your router, so it is difficult to advise on what would work with it or what it supports.
0
 
LVL 24

Expert Comment

by:purplepomegranite
ID: 13893074
Sorry, my PAT definition is actually completely wrong, I was thinking of something else...

(takes his foot out of his mouth)

It's another method of single NAT, just assigns a port number per LAN machine for each outgoing connection.
0
 
LVL 1

Expert Comment

by:ian1delap
ID: 13893682
All you need is an 8port HUB with an uplink connected to the ISDN Router/Modem

Everything can go on a Class-C addresses leaving 192.168.1.1 and 192.168.1.2 as reserved addresses. so that Client 1 will be 192.168.1.3 Client 2 192.168.1.4 and so on. The ISDN Router/Modem will be 192.168.1.1 (taking up the reserve) The HUB does not have an IP or Subnet as its a "stupid" node. (in other words it does absolutly nothing apart from connecting all nodes to each other directly)  Im sure you've figured out already the subnet mask 255.255.255.0

You dont need to open any further ports, you dont need VPN/PPP/IP-sec/L2TP/DMZ, if your ISDN does not have an ethernet port, you're in trouble with my suggesstion, you can however buy ISDN Router/Modems, they arn't that  expensive anymore
0
 
LVL 2

Author Comment

by:alanheaton
ID: 13894724
I have just bought a Cisco 803 router this looks like it should do the trick

I will have to read up on it, but the write up's sound good
0
 
LVL 4

Expert Comment

by:rburns50
ID: 13898545
yes, your Cisco 803 should work just fine, and allow you to build an access list (ACL) to give you a little bit of protection. I've never used one, so I'm hoping it runs IOS, as here are the commands for a VERY simple ACL assuming you use 192.168.1.x as your LAN range (with 255.255.255.0 as the mask):

access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit tcp any 192.168.1.0 0.0.0.255 established

If your ISDN port on the 803 is BRI0, then you would apply the ACL like this:

int bri0
ip access-group 101 in

That simle ACL will allow internal PC's to go out to teh Internet, but won't let any TCP connections back in from the Internet unless they were originated within your network.

If you need help with the NAT setup, let us know and we can help with that too- a "show run" on the Cisco 803 would help.
0
 
LVL 2

Author Comment

by:alanheaton
ID: 13908622
I have just had a different idea.

I have got ISA Server 2004.

If I set up a machine at the front end running ISA Server and configure the NIC for the Internal and use a Dial up ISDN modem, when I configure the dial up connection on ISA Server I should be able to configure a shared connection

Am I correct here. If so I am assuming that I would assign My ISA Server and Internal Static IP and then configure my AD controller to point to this as it Default gateway.

IS THIS CORRECT

Or am I barking up the wrong tree, and just stick with installing the router?
0
 
LVL 6

Accepted Solution

by:
magicomminc earned 750 total points
ID: 13910381
>"If I set up a machine at the front end running ISA Server and configure the NIC for the Internal and use a Dial up ISDN modem, when I configure the dial up connection on ISA Server I should be able to configure a shared connection"
--Yes, in that case, ISA server will be functioning as NAT/PAT device, of course a firewall function.
>"Am I correct here. If so I am assuming that I would assign My ISA Server and Internal Static IP and then configure my AD controller to point to this as it Default gateway."
--Correct, you need to let your AD controller (all your internal PCs) to point to ISA server's internal IP as Default Gateway. Also, you need to configure your internal DNS server to point to your ISP's DNS server as its forwarder.


0
 
LVL 4

Assisted Solution

by:rburns50
rburns50 earned 750 total points
ID: 13910392
Just my opinion, but if you already have the Cisco router, it is your best option. Relying on servers to do routing is okay, but only in the absence of a true router. A Cisco router gives you so much more flexibility and options, both from a routing and from a security point of view.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question