

Ask HN: small office network - codilechasseur

We just moved offices and we're thinking of revamping our network setup.<p>We've got an internal server, an external server. A router, wireless router, 24 port switch and 8 workstations.<p>What we're thinking is:<p>Internet into the wireless router. One DMZ hard wired port on the wireless router will be for our external server. Another hard wired port will connect to our switch. From our switch we'll connect all our workstations and our internal server.<p>I'm so novice with network setup it's not even funny so I have no idea how ip's and such will work out. My guess is the wireless router will give 192.168.0.* and the switch will give off something like 192.168.1.*.<p>Will this make our external server in the DMZ unreachable from our workstations? Will the clients connecting via wireless not have access to our network behind the switch?<p>If you guys have any simple enough resources please feel free to post links. Diagrams are my best friend.
======
run4yourlives
There is a lot in this post to digest.

Some questions: What kind of equipment do you have here? Home stuff?
Commercial Grade?

What does your external server do?

To be honest, I'd keep it dead simple, especially if you are using home grade
stuff like linksys. Switches don't do DHCP, but routers can. Think of switches
basically as giant line splitters.

Your front door is the wireless router - firewall on (assuming it's a full
router, not just an AP), DCHP with your DMZ behind that, use 192.168.1.1 or
whatever, and then your internal router is 192.168.1.2 on this network.

Second firewall/router to your internal network, DHCP on. You can actually use
the same addys as the other network, but it may make sense to use different
ranges. Switch behind here if you need it.

Ports open on both firewalls as required. That's how you see your DMZ server.
(Don't use the "DMZ host" crap on the routers if it has such a thing, you're
setting up a real DMZ manually.)

All wireless access should receive a different (untrusted in your DMZ) range
from the first DHCP.

If you can't see the internal server from a laptop with wireless, you're doing
thing right. If you can, you are open.

Under no circumstances should you allow wireless internet access to be granted
access to your internal network without VPN.

>>>>>>>>>>>>>

The really simple way though is just to use the wired router with every port
closed and expose as required. Throw the Wireless router outside of that with
the internet attached to it. It depends though on what that external server is
doing. I wouldn't do this for web, but if it's just mail I might.

------
hs
"192.168.0.* and the switch will give off something like 192.168.1. _."

i think you mean wired-router instead of switch, because afaik switch & hub
don't assign ips

but if u use switch, then the workstations & int_serv are 192.168.0._

