Help with network upgrade

[teemfubu]

Our company is a small office of 15 computers, with a T1 connection. The T1 router is currently configured for DHCP and NAT. We have one public IP address, but we are looking to expand that up to 5 public IP addresses. The problem that we have encountered is that our ISP manages the router, and refuses us access. They will not enable NAT and DHCP with more than 1 public static IP address. I'm new to setting something like this up, so I hope I'm making sense so far.

What we are trying to accomplish is to have our Windows SBS 2008 server(which will be a web server) configured with one public static IP address, our FTP server configured with one public static IP address, and the rest of the nodes on the network should get their addresses through DHCP. My question is what would be the most cost effective solution to making this work, and if possible, do you have implementation instructions?

Any help is much appreciated!

-Aaron

 

[GhislainG]

Are you going to connect the servers directly to the Internet? I probably wouldn't do that if the SBS server is used to store corporate data. I presume that your servers already use a static IP address. If so, you could ask your ISP to reconfigure the router to forward port 21 to your FTP server and ports 80 and 443 to your web server.

 

[teemfubu]

I appreciate the response, GhislainG. Prior to the upgrade, our company was running a DHCP on the router managed by our ISP. It also handled NAT. We had port forwarding enabled, but the idea is that we are evenutally gonig to need a separate server, and therefore multiple public IP addresses for new clients. My boss is obsessed with this concept, so I am looking for a solution that allows us to do this.

 

[GhislainG]

We had port forwarding enabled, but the idea is that we are evenutally gonig to need a separate server, and therefore multiple public IP addresses for new clients.

Then you'll add new servers that have a static Internet IP address and they should be on the router's DMZ; they should not be connected directly to your internal network. If that can't be done, a cheap way would be to use a hub or switch between the modem and the router. Traffic to your router would still be as usual and additional IP addresses would be used for the new web servers. It will work, but make sure those web servers are well protected because there will be no hardware firewall to protect them.

 

[teemfubu]

Currently, our settup looks a like this: Router / T1 Modem w/ dhcp server and NAT ------> 24 port switch -------14 nodes all using DHCP, including server.

Because our ISP will turn off DHCP / NAT in our default gateway / Router / t1 modem when we get multiple public ip addresses, I would like to add another router behind the incoming router. I'm just confused as to how this will effect traffic, connectivity, etc.

 

[GhislainG]

Router / T1 Modem w/ dhcp server and NAT

It should be T1 Modem / Router with DHCP and NAT. How will the router be reconfigured? Will they configure a DMZ? Regardless, you still need NAT for the 14 nodes, but it would be easier if you knew what they will provide. I just don't see why they'd turn off NAT, unless the modem/router is a single unit (I've never seen that in a corporate environment). I can't provide more info until you indicate if you have a modem and a router or a single unit that does both and how the ISP will reconfigure the router.

 

[teemfubu]

Ghislain,

Our router and modem are one unit. I can't get Covad to tell me how they're going to configure it; they simply state that they'll turn off NAT and DHCP. Help!

 

[GhislainG]

I presume that by turning NAT and DHCP off, Covad will allow all traffic through the router, i.e., all Internet IP addresses will be available through it. Then you'll have to buy and configure your own router/firewall to meet your requirements. One IP address will be configured for the Internal network and the rest will be for the DMZ where web servers will be connected. You can use the new router for NAT and DHCP.