Advanced Network Question

[brogers]

I'm going to be upgrading my works internet connection from ISDN to a T1. Right now we have a class C and every freak'in thing on the network has a public IP. I'm talking printers, workstations, networked storage, etc... we will probably be switching class C's and I want to put all non-public stuff behind a private IP zone using NAT. I'm not sure how I want to segment the public and private networks.

Should I A:
put additional network cards in the public servers so they have both a public and private address with a firewall between the different networks. we are using MS exchange 5.5 for the mail server and in order to use the exchange(not imap or pop) connection you have to be on the same network segment. so in this situation the mail server would have a public address and private in the public zone.

Or B:

Give the firewall a public and private address and use it to bridge the networks together and put the mail server in the private zone.

Or c:
Your input here...

What do you guys/gals think? I'm trying to find the best/secure way to setup our network. Public stuff will be our DNS, web, mail, and ftp. everything else will be stuck in a private zone. what do most people use? 10.0.0.0 addresses for their private or 192.168.0.0?

 

[Shadow07]

Well, you have a couple of options. You could get a firewall with three Interfaces (1 Private, 1 Untrusted, 1 DMZ). You could put all of the "public" servers on the DMZ and put the rest of your machines on the Private side.

OR

You can get a small subnet of IP addresses and use Reverse-NAT (PAT addressing) for your public servers. You would put some public IP addresses on the Public (Untrusted) Interface, and then NAT map them back to your servers.

As far as the private IP ranges, it all depends on how many clients/nodes you have on your network. If you have more than 253, then you can either use the 10.0.0.0 or the 192.168.0.0 subnet with 255.255.0.0 subnet mask.

Let me know if you have any further questions.