"Rob Morley" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) t...
> In article <4207886c$0$7948$(E-Mail Removed)>,
> "Martin Underwood" (E-Mail Removed) says...
>> A customer has asked me to set up a home network for him, to use a proxy
>> server (he has the PC that will act as the server and the W2K server
>> software). Some of the PCs will need to access his work network via VPN,
>> authenticated by SecureID (using the little keyfob devices that generate
>> a
>> unique time-varying authentication ID).
>>
>> Can I check the configuration that he's proposed:
>> http://fp.martinunderwood.f9.co.uk/n...20original.gif
>
> I don't see why that wouldn't work - local machine talks to proxy,
> proxy talks to router, local machine can't connect directly through
> router because it's blocked by IP or MAC address. That is of course
> assuming the his "wireless ethernet hub" is a wireless ADSL router
> (as suggested by the fact that the diagram shows it connected to "The
> Internet") and not just an access point. If it is an AP then he'll
> need a router, and as you suggest the easiest way to do that is to
> use the proxy server with two NICs.
Clever: using the same box for the two different purposes that I've shown in
http://fp.martinunderwood.f9.co.uk/n...th%20proxy.gif, relying
on the fact that when NAt is turned off, the private traffic will not be
able to get out of the router onto the internet, except when routed by the
server.
If the "wireless ethernet hub" is a conventional wireless router but with
NAT turned off, I can see how it can be configured only to pass traffic to
ADSL if its source IP is in the subnet of the IP address that the ISP has
provided - traffic that will have come from the proxy server. Traffic from
the private LAN will be in a different subnet (probably 192.168.x.x) and
computers can be allocated IP addresses in this subnet by DHCP on the
server. This traffic will not get out to the public side of the router
because it's in the wrong subnet. The LAN card on the server has two IP
addresses - one in the private subnet and one in the public subnet. All the
PCs have their browsers configured to use the server as proxy. So traffic
goes from the PC, either by wireless or Ethernet, to the server; the server
then rebroadcasts the traffic on the public IP address and so it goes onto
the internet. Incoming traffic takes the reverse route.
How exactly should the the router be configured? NAT will be turned off,
obviously, since the server is doing the routing. The router's public side
will (presumably) be allocated an IP by the ISP (as is normally the case
when NAT is enabled on a router) and the server will be given a static IP
address in the same subnet. Does this mean that traffic will cross the
router between public and private side? I presume the same NIC should also
be given a static IP in the private range 192.168.x.x.
How straightforward is it to configure routing in W2000 server? I've got a
book that describes it in detail for W2003 server; is it similar for W2000?
One thing: I can see how a browser can be configured to use a proxy server,
but can an email client such as Outlook (in POP rather than Exchange mode)
or Outlook Express be configured to use a proxy server?
Hang on a second... the switch in the router will need to be configured to
pass all traffic on any of its ports (including traffic via wireless) to the
port that the server is attached to. Normally a switch woudln't do this:
it's specifically designed to prevent traffic on one port from coming out of
the other ports. How do you configure the router to do this? I presume the
fan-out in a router is* in the form of a switch rather than a hub (which
*would* replicate all traffic to all ports).
This all sounds rather complicated. I feel a bit like Daniel going into the
lion's den!
Similar Threads
Linear Mode
