Creating a small office network

  1. 26-07-2007  #1
    Rick_Browne
    Rick_Browne is offline Newbie

    Creating a small office network

    I am attempting to create a small office network.

    I have four machines that are networked together with a hub and one machine thats connected to a broadband router- I want to be able to leave that one machine connected directly to the router receiving all internet services but limit the other four to just receiving pop and smtp email and some internet services.

    So far I have setup a file server running just ordinary windows XP and installed two network cards on it, one card is linked directly to the router and the other is linked to the hub, I would like all of the email and internet traffic to go through this computer.
    I am also wondering what program to install on the file server- either firewall software such as zonealarm or proxy software such as apache to log and limit internet traffic.

    Here is a wee diagram of what I am attempting to achieve-



    The trouble at the minute is that the computers connected to the hub can see the file server but cannot see the internet connection, do I have to bridge these connections? If I do am I potentially opening my network up?


    Can anyone help? Is this the easiest way of doing this? (without spending any money)

  3. 29-07-2007  #2
    DJNafey
    DJNafey is offline UK site moderator
    Save 20% on AVG Internet Security 2012 Suite!
    Rick,

    Thanks for this problem - I'm a bit hung over today and this puzzle has really woken my brain up!

    The hardware layout that you have is logical but, as you've determined, Windows XP isn't a server so you need another hardware or software solution to do the routing for the 4 PCs behind the switch. I can think of 3 ways of achieving your goal, although they don't necessarily involve no costs.

    1. Install Windows 2000/2003 Server or Small Business Server on the Windows XP machine. You can then use the Routing and Remote Access Server (RRAS) feature to tell the PC how to route from the "internal" network card to the "external" network card.

    2. Put the XP file "server" behind the switch with the 4 client PCs. Then connect the switch to a new router. Set up port forwarding rules on the new router so that Internet traffic for applications that are not allowed will forward to a non-existent IP address. Any disallowed traffic will therefore reach a dead end. Put the XP file "server" in the DMZ so that it can communicate on all ports and allow all traffic. The XP file "server" only needs one network card for this. The WAN side of the new router connects to a LAN port on the existing router.

    3. Put ZoneAlarm or some other firewall software on the 4 client PCs and set up port forwarding (I haven't used Zone Alarm in a long time so I'm not sure if it has that feature). Forward the ports for the applications / services that the client PCs are allowed to use to go to the existing router. Set up all other ports to forward to an IP address that doesn't exist. Any application trying to use those ports will follow the port forwarding rules and get to a dead end.

    Hope that helps
+ Reply to Thread
« What'll I need to implement wireless dial-up? | internet problems please help »