please tell me if this set up will work

ok, so this is a dumb question... i have lots of experience setting up home
networks (less than 10 machines) but I'm a bit stumped now. I have a
situation with a workgroup of 16 XP machines that are wide open on the net,
each with a static ip. it's bad bad bad.

internet -> firewall/gateway -> switch -> pdc/dhcpd and 16 xp clients

i want to build a box with 2 nics as a firewall/gateway to sit on the T-1,
the switch will connect internal trusted network nic to the 16 xp boxes and
to a Samba box acting as a primary domain controller and nat. I would also
add a backup domain controller I suppose.

Please feel free to rip into me. I'd like to get the topology right the
first time around. thanks.

On 2004-04-22, <(E-Mail Removed)> <(E-Mail Removed)> wrote:

> internet -> firewall/gateway -> switch -> pdc/dhcpd and 16 xp clients
>
> i want to build a box with 2 nics as a firewall/gateway to sit
> on the T-1, the switch will connect internal trusted network
> nic to the 16 xp boxes and to a Samba box acting as a primary
> domain controller and nat.

Do NAT on the firewall/gateway. What's the second NIC on the
firewall for? You've got the T1 WAN card on the "internet
side" and one NIC on the "safe" side. Are you using the second
NIC for a DMZ?

> I would also add a backup domain controller I suppose.

Can't help you with windows stuff...

--
Grant Edwards grante Yow! I just had a NOSE
at JOB!!
visi.com

"Grant Edwards" <(E-Mail Removed)> wrote in message
news:4087da72$0$17258$(E-Mail Removed) ...
> > internet -> firewall/gateway -> switch -> pdc/dhcpd and 16 xp clients
> >
> > i want to build a box with 2 nics as a firewall/gateway to sit
> > on the T-1, the switch will connect internal trusted network
> > nic to the 16 xp boxes and to a Samba box acting as a primary
> > domain controller and nat.
>
> Do NAT on the firewall/gateway. What's the second NIC on the
> firewall for? You've got the T1 WAN card on the "internet
> side" and one NIC on the "safe" side. Are you using the second
> NIC for a DMZ?
>
> > I would also add a backup domain controller I suppose.
>
> Can't help you with windows stuff...

Grant, thanks for the reply... the 2 nics in the firewall/gateway/nat box
are standard 10/100, we have standard ethernet coming off the csu/dsu setup
in the basement. I figured 2 nics go in this box, one for the external
network (read internet) and one for the internal trusted lan. And as for the
PDC and BDC, these are samba3 running on freebsd.

I appreciate the help, I wasn't which part of the network NAT was smartest
on. Any hint as to the power of this box? I have some older Duron's I can
put together (800mhz and 1300mhz) and also a dual xeon 3ghz.

> the 2 nics in the firewall/gateway/nat box are standard
> 10/100, we have standard ethernet coming off the csu/dsu setup
> in the basement. I figured 2 nics go in this box, one for the
> external network (read internet) and one for the internal
> trusted lan.

Yup. That sounds right.

> I appreciate the help, I wasn't which part of the network NAT
> was smartest on.

I think NAT works the best on the firewall/gateway. There are
plenty of example Linux firewall/NAT/gateway distros like the
one from coyotelinux.com that combine them all quite nicely. I
also like running a caching DNS server on the fireall box, but
that works just as well on any other box. Besides coyote, you
might want to take a look at ww.smoothwall.org.

> Any hint as to the power of this box?

The firewall box should probably be at least a 50MHz 486DX with
16M of RAM and a floppy drive. A P100 will work great.
[Something with floating point HW helps encryption algorithms
run a lot faster. You might want to do VPN stuff someday, and
you'll almost certain want the ability administer it via ssh.]

> I have some older Duron's I can put together (800mhz and
> 1300mhz) and also a dual xeon 3ghz.

Being a firewall/NAT/gateway doesn't really take much
horsepower, so any of those will work fine.

--
Grant Edwards grante Yow! I feel like a wet
at parking meter on Darvon!
visi.com