Home Test Lab: Question #529

Posted on 2014-01-14
Medium Priority
Last Modified: 2016-11-23
I have searched EE for something close to what I am attempting to accomplish, but have not found any decent results matching my exact question.  I do apologize for duplicating this question AGAIN.

Current Hardware acquired (will get more if needed):
Dell PowerEdge 2950 Server, Cisco 1760 Router, Dell PowerConnect 2816 Switch, couple of 5-port desktop switches, Cisco Linksys E3000 Router

Obviously a hodge-podge of hardware.  Here is what I would like to accomplish...

Set up a HTTP/FTP/etc server to be accessed from external while providing internet access to internal clients utilizing DHCP to provide IP addresses.  My problem is that I don't know exactly how this should be set up.

My guess is that the Server should be the edge device?  Or the Cisco 1760 Router?  This is how it looks in my mind:

ISP Cable Modem-->Cisco 1760 Router-->PE2950-->Cisco 2816 Switch-->Internal Clients

I'm looking for a basic, but expandable setup.  Again, I can purchase additional hardware if required to accomplish my goal.  Thank you for your time in answering this and sorry if this is a duplicate question.
Question by:Christopher Reed
LVL 84

Expert Comment

by:Dave Baldwin
ID: 39780876
Most cable ISPs will block those services unless you have a business account.  Have you checked to see if they will allowed on your service?

Author Comment

by:Christopher Reed
ID: 39780997
I have, yes. As long as the traffic is minimum ( which they monitor) then it is allowed. In addition, my wife is a cable company employee so it is a perk to get higher services as a discounted rate. ;-)

Putting internet provider aside, what do you think is the best way to approach this setup?
LVL 25

Assisted Solution

Cyclops3590 earned 1000 total points
ID: 39782266
move the server to the switch as well.  All hosts should hang off the switch and the router should go directly into the switch.  So as to not complicate the config, we won't try to do a separate vlan for the server.  that can be another project after this is working, if you want that even.

This is all done via NAT.  It doesn't matter if you have a static IP or DHCP address on the outside interface of the router (its best to put the modem in bridging mode if its not already that way; we want the public IP to be on the outside interface of the router)

on the outside interface, you put "ip nat outside" and on the inside/lan interface you put "ip nat inside".  This just tells the router when nat happens how to treat incoming packets from each interface.

then you need to take care of the clients.  this is done like the following:
access-list 1 permit
ip nat inside source list 1 interface fa0/0 overload

what this does is create an ACL to identify traffic.  in this case you want to create it to match your internal lan subnet.  The next statement does the translation of your subnet hosts to what IP is assigned to the outside interface (change fa0/0 to whatever that is).  overload just says to do PAT instead of NAT (just means instead of translate only IP, translate port as well so you can get 65K+ connections from one public IP)

The next is to support your server:
ip nat inside source static tcp 80 80 extendable
you just change the first IP to your server's IP and the second one to the public IP that outside people will use to reach your server.  I thought there was a way to specify the interface but have to check into that further.  I'm not finding a way at the moment. I've normally done it on ASA's which that is no problem
LVL 11

Accepted Solution

marek1712 earned 1000 total points
ID: 39782303
"Most cable ISPs will block those services unless you have a business account. "
Thankfully, here in Poland, we don't have such problems. At least not from the monopolists ;)

Anyway, back to the topic.
ISP Cable Modem-->Cisco 1760 Router-->[b]DELL[/b] 2816 Switch-->Internal Clients

Open in new window

Little guidelines:
- servers serving HTTP/FTP for external users are meant to be placed into DMZ. BECAUSE - once they're hacked they may become gateway to your LAN (and it's very common for these services/daemons to have security flaws);
- protect it with ACLs, limiting access only to necessary services;
- in this case router will have to serve as a DHCP, DNS (otherwise you'll have to get another server) and overall, as a gateway. Routers have ASICs that make the routing faster (i.e. lower latency) and allow for greater control (assuming the PE will be controlled by Windows) of the network traffic.

Author Closing Comment

by:Christopher Reed
ID: 39783262
Thank you experts for all your assistance.  This is more than enough to get me started on my Test Lab.  I appreciate the time and effort.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question