Network topology

[btsdev]

Hey everyone, I'm wondering if i can get some tips with regards to setting my network topology... putting clients, servers, routers, firewalls in the right places.

I have 4 pc's that i'm dealing with right now, i'll call them a,b,c, and d.
a: AMD Athlon 1.2ghz 512mb for serving stuff running gentoo; going to reformat
b: AMD64 3200+ pc running gentoo
c: thinkpad t40 running gentoo
d: hp laptop running win xp

To help me with my setup, I have a Netgear MR814 4-port router with 802.11b wifi (small router). I'm going to be living a community house with like 20 people connected to big router that's connected to DSL (big router).

Now, I want to be serving http, ftp, games, files, and music from pc A. Here's 3 ideas I've thought about.
1) A connected to big router and small router, 2 eth cards, with firewall software, serving everything. Other 3 pcs behind the small router.
2) PC A connected to big router, 1 eth card. Small router separately connected to big router and small router keeps allocating IPs as an extension of big router in the same subnet (doable?). PC A serves everything, with firewall software, and my 3 other pcs are behind the small router.
3) Put all 4 pcs behind small router, which is behind big router and small router keeps allocating IPs as an extension of big router in the same subnet (doable?).

Required functionality:
Everyone in "community" behind big router needs access to game, file, music serving. Outside world needs access to http, ftp, game servers. I want one harddrive's fileshare to only be accessible by windows laptop (D) behind small router. Need to keep serving secure to the point where I probably can't be hacked easily.

I know this is a lot, thanks for reading this far, and I really appreciate any tips you might have.

 

[btsdev]

well, maybe someone could help me with my smaller question.

if i have my netgear mr814 behind another router, can i change an option that will keep allocating new ips in the same subnet as the bigger router? i want every pc to be in the same subnet.

big router
1---2--3--4--5---6---7--8
pc-pc-pc-pc-pc-pc--pc--router<---------netgear814
---------------------------1---2---3---4
---------------------------pc-pc--pc--pc

I would like them to all to be 192.168.1.1xx (01-11).

 

[Goosemaster]

Originally posted by: btsdev
well, maybe someone could help me with my smaller question.

if i have my netgear mr814 behind another router, can i change an option that will keep allocating new ips in the same subnet as the bigger router? i want every pc to be in the same subnet.

big router
1---2--3--4--5---6---7--8
pc-pc-pc-pc-pc-pc--pc--router<---------netgear814
---------------------------1---2---3---4
---------------------------pc-pc--pc--pc

I would like them to all to be 192.168.1.1xx (01-11).

Probably not. They have simple versions of NAT that cannot be disabled. If you look around their are old Webramp 700s Sonicwall clones that can disable NATs as can many modern home routers.

You need to buy switches for what you need.

Router-core switch(100/1000)---Smaller 10/100 switches where needed.

For such a busy network in terms of specific ports and usch, I wouldrecommend Astaro Security linux@ astaro.com However, you have more clients than the 10 client lsit allows so you might need to put people behind another router which defeats the simplicty.



Look into smoothwall.

 

[Concillian]

My topology is this, and I ahve a very similar setup to you when I have a LAN party:

Computer A) Mandrake linux 10.0 / AthlonMP 1500+ / 512 MB -- fileserver, gameserver, (small) webserver, router, etc...
14 other computers -- configuration doesn't matter at all

I have 2 8 port gigabit switches.
Computer A has (1) Intel server gigabit network card in it and one built in 3com 10/100 interface.
10/100 --> DSL modem
Intel card --> switch #1
switch #1 --> switch #2

14 other computers connected to switch #1 or switch #2

You can basically keep cascading switches to get desired port numbers. Performance penalty of cascading is pretty negligible.

You can set up the Linux box to do all your serving, including DHCP, if you want, though I use static IPs. I use shorewall right now for providing IP masquerading and packet forwarding services so the Linux box acts as a router, but there are any number of free firewall programs available that can provide the same thing.

Works for me anyway.

You don't want routers to do what you're trying to do, that will complicate things to the Nth degree.

 

[Goosemaster]

Originally posted by: Concillian
My topology is this, and I ahve a very similar setup to you when I have a LAN party:

Computer A) Mandrake linux 10.0 / AthlonMP 1500+ / 512 MB -- fileserver, gameserver, (small) webserver, router, etc...
14 other computers -- configuration doesn't matter at all

I have 2 8 port gigabit switches.
Computer A has (1) Intel server gigabit network card in it and one built in 3com 10/100 interface.
10/100 --> DSL modem
Intel card --> switch #1
switch #1 --> switch #2

14 other computers connected to switch #1 or switch #2

You can basically keep cascading switches to get desired port numbers. Performance penalty of cascading is pretty negligible.

You can set up the Linux box to do all your serving, including DHCP, if you want, though I use static IPs. I use shorewall right now for providing IP masquerading and packet forwarding services so the Linux box acts as a router, but there are any number of free firewall programs available that can provide the same thing.

Works for me anyway.

You don't want routers to do what you're trying to do, that will complicate things to the Nth degree.

Exactly...albeit more eloquent than I botherd to post

:thumbsup: