Solved

Home Test Lab: Question #529

Posted on 2014-01-14
5
540 Views
Last Modified: 2016-11-23
I have searched EE for something close to what I am attempting to accomplish, but have not found any decent results matching my exact question.  I do apologize for duplicating this question AGAIN.

Current Hardware acquired (will get more if needed):
Dell PowerEdge 2950 Server, Cisco 1760 Router, Dell PowerConnect 2816 Switch, couple of 5-port desktop switches, Cisco Linksys E3000 Router

Obviously a hodge-podge of hardware.  Here is what I would like to accomplish...

Set up a HTTP/FTP/etc server to be accessed from external while providing internet access to internal clients utilizing DHCP to provide IP addresses.  My problem is that I don't know exactly how this should be set up.

My guess is that the Server should be the edge device?  Or the Cisco 1760 Router?  This is how it looks in my mind:

ISP Cable Modem-->Cisco 1760 Router-->PE2950-->Cisco 2816 Switch-->Internal Clients

I'm looking for a basic, but expandable setup.  Again, I can purchase additional hardware if required to accomplish my goal.  Thank you for your time in answering this and sorry if this is a duplicate question.
0
Comment
Question by:Christopher Reed
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39780876
Most cable ISPs will block those services unless you have a business account.  Have you checked to see if they will allowed on your service?
0
 
LVL 2

Author Comment

by:Christopher Reed
ID: 39780997
I have, yes. As long as the traffic is minimum ( which they monitor) then it is allowed. In addition, my wife is a cable company employee so it is a perk to get higher services as a discounted rate. ;-)

Putting internet provider aside, what do you think is the best way to approach this setup?
0
 
LVL 25

Assisted Solution

by:Cyclops3590
Cyclops3590 earned 250 total points
ID: 39782266
move the server to the switch as well.  All hosts should hang off the switch and the router should go directly into the switch.  So as to not complicate the config, we won't try to do a separate vlan for the server.  that can be another project after this is working, if you want that even.

This is all done via NAT.  It doesn't matter if you have a static IP or DHCP address on the outside interface of the router (its best to put the modem in bridging mode if its not already that way; we want the public IP to be on the outside interface of the router)

on the outside interface, you put "ip nat outside" and on the inside/lan interface you put "ip nat inside".  This just tells the router when nat happens how to treat incoming packets from each interface.

then you need to take care of the clients.  this is done like the following:
access-list 1 permit 192.168.0.0 0.0.0.255
ip nat inside source list 1 interface fa0/0 overload

what this does is create an ACL to identify traffic.  in this case you want to create it to match your internal lan subnet.  The next statement does the translation of your subnet hosts to what IP is assigned to the outside interface (change fa0/0 to whatever that is).  overload just says to do PAT instead of NAT (just means instead of translate only IP, translate port as well so you can get 65K+ connections from one public IP)

The next is to support your server:
ip nat inside source static tcp 192.168.0.5 80 1.2.3.4 80 extendable
you just change the first IP to your server's IP and the second one to the public IP that outside people will use to reach your server.  I thought there was a way to specify the interface but have to check into that further.  I'm not finding a way at the moment. I've normally done it on ASA's which that is no problem
0
 
LVL 11

Accepted Solution

by:
marek1712 earned 250 total points
ID: 39782303
"Most cable ISPs will block those services unless you have a business account. "
Thankfully, here in Poland, we don't have such problems. At least not from the monopolists ;)

Anyway, back to the topic.
ISP Cable Modem-->Cisco 1760 Router-->[b]DELL[/b] 2816 Switch-->Internal Clients
                                                                             -->PE2950

Open in new window

Little guidelines:
- servers serving HTTP/FTP for external users are meant to be placed into DMZ. BECAUSE - once they're hacked they may become gateway to your LAN (and it's very common for these services/daemons to have security flaws);
- protect it with ACLs, limiting access only to necessary services;
- in this case router will have to serve as a DHCP, DNS (otherwise you'll have to get another server) and overall, as a gateway. Routers have ASICs that make the routing faster (i.e. lower latency) and allow for greater control (assuming the PE will be controlled by Windows) of the network traffic.
0
 
LVL 2

Author Closing Comment

by:Christopher Reed
ID: 39783262
Thank you experts for all your assistance.  This is more than enough to get me started on my Test Lab.  I appreciate the time and effort.
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question