wifi router suggestions to service web server

Hi I've wired up my home with decent cat5e which should accept gigabit
ethernet (perhaps not at full speed)

i've got lots of spare machines and want to set up a (linux/apache) web
and mail servers, and a seperate file/print server for my "internal"
network so I'd like a decent router that I would allow me to set up
complex rules to keep the web/mail servers away from my home network
for security's sake. i'd also like wifi for my laptop.

so anyone know of a decent wifi (802.11b/g) router that has gigabit
support? strangely enough it seems they all only offer 10/100mbps
whereas I need the full whack for heavy video transfer.

(i'd also like to connect using ADSL (I get 512k upstream which i
figure is ok for my web server - it's nothing fancy) but i'd like
something that supports ADSL2+ for futureproofing though i suppose this
isn't vital as I could just buy an ADSL2+ modem later.)

(oh yeah - and i'd like to make VOIP calls! so anything with a SIP box
built in would be great but that's too much to ask!)

thanks,
Ash

Soni tempori elseu romani yeof helsforo nisson ol sefini ill des 20 Dec 2005
04:52:07 -0800, sefini jorgo geanyet des mani yeof do uk.comp.home-networking,
yawatina tan reek esk "Ashirus" <(E-Mail Removed)> fornis do
marikano es bono tan el:

>so anyone know of a decent wifi (802.11b/g) router that has gigabit
>support? strangely enough it seems they all only offer 10/100mbps
>whereas I need the full whack for heavy video transfer.

Why not buy a 1 port wireless router, and plug it into a 4/8 port gigabit
switch?

deKay
--
+ Lofi Gaming - www.lofi-gaming.org.uk
|- ugvm Magazine - www.ugvm.org.uk
|- My computer runs at 3.5MHz and I'm proud of that
|- "CLART - YOU KNOWS IT"

"Ashirus" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Hi I've wired up my home with decent cat5e which should accept gigabit
> ethernet (perhaps not at full speed)
>
> i've got lots of spare machines and want to set up a (linux/apache) web
> and mail servers, and a seperate file/print server for my "internal"
> network so I'd like a decent router that I would allow me to set up
> complex rules to keep the web/mail servers away from my home network
> for security's sake. i'd also like wifi for my laptop.
>
> so anyone know of a decent wifi (802.11b/g) router that has gigabit
> support? strangely enough it seems they all only offer 10/100mbps
> whereas I need the full whack for heavy video transfer.

How about a configuration like this?

"Home 1G 100M 100M
network" <---> Switch <---> (Linux) <---> Wired router <---> Internet
machines <---> ^ router ^ ^
| 100M | | 100M
WiFi v v v
Laptop(s) <....> AP Web/mail
servers

Since routers with built-in gigabit switch are rather thin on the ground (I
don't know of any at all) I think you're going to need a seperate gigabit
switch whatever you do, but you might be able to combine the functionality
of the Linux router, wired router and AP above by using the VLAN
capabilities of a DrayTek Vigor router (I don't know of any others with VLAN
support). This would be neater, but it might be more expensive than using
bits you may already have (eg spare machine as a router, any old wireless
router as an AP) to get the above configuration.

Alex

yikes! what VLAN support? i don't know what that means and I didn't
know it had it? care to explain for the uninitiated?

also, I don't realy get the setup you suggested. are you suggesting 3
seperate boxes - a gigabit router, a 100mbps switch and a wifi access
point? with a linux box with daul ethernet interfaces to seperate them?

why shouldn't one decent 8-port router should keep the web servers away
from the home network* - if set up corectly - without the need for two
networks?

[*i.e. by forwarding all incoming ports (80, 25, etc.) to servers and
treating all traffic coming off the web server as untrusted and
external so if it gets compromised they don't get to my home
network/wifi access point]

--
thanks,
Ash

Ashirus wrote:
> yikes! what VLAN support? i don't know what that means and I didn't
> know it had it? care to explain for the uninitiated?

Two separate IP address ranges. Traffic will not pass between them unless
there is a router connecting them.
You can then also set up firewall rules between them to control what traffic
is allowed between them , or indeed keep them entirely separate.
>
> why shouldn't one decent 8-port router should keep the web servers
> away from the home network* - if set up corectly - without the need
> for two networks?

Without VLAN support all 8 ports of the router are effectively connected by
a switch and you can't control what traffic goes between them.
You can forward traffic to the router ok , but couldn't prevent a server
talking to your PC.

What you are proposing is what's known as a DMZ or demilitarized zone for
your servers which is very sensible , but needs the right hardware.


--
Alex

Hermes: "We can't afford that! Especially not Zoidberg!"
Zoidberg: "They took away my credit cards!"

www.drzoidberg.co.uk
www.ebayfaq.co.uk

On Tue, 20 Dec 2005 15:13:45 -0000, "Alex Fraser" <(E-Mail Removed)>
wrote:

>"Home 1G 100M 100M
>network" <---> Switch <---> (Linux) <---> Wired router <---> Internet
>machines <---> ^ router ^ ^
> | 100M | | 100M
> WiFi v v v
>Laptop(s) <....> AP Web/mail
> servers
>
>Since routers with built-in gigabit switch are rather thin on the ground (I
>don't know of any at all) I think you're going to need a seperate gigabit
>switch whatever you do, but you might be able to combine the functionality
>of the Linux router, wired router and AP above by using the VLAN
>capabilities of a DrayTek Vigor router (I don't know of any others with VLAN
>support). This would be neater, but it might be more expensive than using

Yes, you should be able to. However, as with all Draytek kit (I use
it!) make sure you follow the firmware upgrades ;-)

You could also do it with the Intertex IX66 range as they have two LAN
ports - by default these are separate LANS that can't see each other
unless you manually change the routing. The newer ones (IX66 ADSL
AirSIP) also have an (optional) SIP server and WiFi. The firewall
control (in text/advanced mode) is the best I've seen on anything
approaching SOHO kit, far better than any GUI.

The newer IX67 range have a higher spec for SIP and VPN capabilities,
but have moved to a more traditional 4 port LAN switch and I can't,
immediately, see if they support VLAN's.

The downside with Intertex is the price, they used to be a little more
expensive than the top-end Draytek kit. The only reason I retired my
IX66 to a 2600VG was that it was a very old one that could not be
upgraded to VPN & SIP server.


--
------------------------------------------------------------------
- Stuart Millington ALL HTML e-mail rejected -
- mailto(E-Mail Removed) http://w3.z-add.co.uk/ -

On Tue, 2005-12-20 at 04:52 -0800, Ashirus wrote:
> Hi I've wired up my home with decent cat5e which should accept gigabit
> ethernet (perhaps not at full speed)
>
> i've got lots of spare machines and want to set up a (linux/apache) web
> and mail servers, and a seperate file/print server for my "internal"
> network so I'd like a decent router that I would allow me to set up
> complex rules to keep the web/mail servers away from my home network
> for security's sake. i'd also like wifi for my laptop.
>
> so anyone know of a decent wifi (802.11b/g) router that has gigabit
> support? strangely enough it seems they all only offer 10/100mbps
> whereas I need the full whack for heavy video transfer.
>
> (i'd also like to connect using ADSL (I get 512k upstream which i
> figure is ok for my web server - it's nothing fancy) but i'd like
> something that supports ADSL2+ for futureproofing though i suppose this
> isn't vital as I could just buy an ADSL2+ modem later.)
>
> (oh yeah - and i'd like to make VOIP calls! so anything with a SIP box
> built in would be great but that's too much to ask!)
>
> thanks,
> Ash

I'd use an old PC with Smoothwall (free from
http://www.smoothwall.org/get/) installed as a firewall between your
network and the internet. You can also set up a DMZ for access to your
web server. For the internal network, use a gigabit switch and plug a
wireless access point into it. Alternatively use Clark Connect (home
version free from http://www.clarkconnect.com/downloads/) which will
handle the internet connection, web & mail server all in one.

In article <(E-Mail Removed)>, (E-Mail Removed)
says...
> The only reason I retired my
> IX66 to a 2600VG was that it was a very old one that could not be
> upgraded to VPN & SIP server.
>
>

Are you sure about this? My IX66 (also old but on the latest firmware)
can certainly do VPN and a SIP switch is available at a price.

--
Alan LeHun

On Sat, 24 Dec 2005 17:00:49 -0000, Alan LeHun <(E-Mail Removed)> wrote:
>In article <(E-Mail Removed)>, (E-Mail Removed)
>says...
>> The only reason I retired my
>> IX66 to a 2600VG was that it was a very old one that could not be
>> upgraded to VPN & SIP server.

>Are you sure about this? My IX66 (also old but on the latest firmware)
>can certainly do VPN and a SIP switch is available at a price.

Yep, it was the old EDFLC (or something like that) - support (via the
forums) told owners of such versions their CPU's could not handle VPN
termination, so, pass-through only or upgrade. I would guess SIP
server would be the same.

--
------------------------------------------------------------------
- Stuart Millington ALL HTML e-mail rejected -
- mailto(E-Mail Removed) http://w3.z-add.co.uk/ -