A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.comp.home-networking (UK home networking)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.comp.home-networking (UK home networking) (uk.comp.home-networking) Discussion of all aspects of computer networking in the home, regardless of the platforms, software, topologies and protocols used. Examples of topics include recommendations for hardware or suppliers (e.g. NICs and cabling), protocols, servers, and specific network software. Advertising is not allowed.

Network connection with proxy server - further question



 
 
Thread Tools Display Modes
  #1  
Old February 9th 05, 05:52 PM posted to uk.comp.home-networking
Martin Underwood
external usenet poster
 
Posts: 251
Default Network connection with proxy server - further question

A customer has proposed the network configuration

http://fp.martinunderwood.f9.co.uk/n...20original.gif

Rob Morley has confirmed that it should work, but I want to check exactly
how I should configure the equipment.

Let's assume that the "wireless ethernet hub" is a bog-standard ADSL
wireless router - Dlink DSL-G604T, for example.

Normally this would come with NAT and DCHP server turned on. I presume in
this configuration I'd need to turn those off.

The ADSL router will be given an IP address by the ISP - let's say it's
81.1.2.3. What IP address should I give the proxy server - another address
in the same subnet? Or do I give the server the IP address that would
normally be allocated automatically to the ADSL side of router if this was a
conventional NAT router network?

I presume I still give the PCs IP addresses in the 192.168.x.x subnet,
either statically or from DHCP on the server. Do I give the server's NIC an
additional IP address in this subnet and get DCHP to handout the gateway
address set to this server's address?

Presumably I turn on Routing in Win 2K Server on the server and tell it to
route between 192.168.x.x and 81.1.2.x subnets?

Because NAT is turned off on the router, PCs cannot talk directly via the
router to the internet (as would be the case in a normal NAT router
network), but they talk to the server and this routes the traffic to the
81.1.2.3 address and hence to the internet.

All traffic on any of the Ethernet ports or the wireless access point needs
to go to the port that the server is connected to - which is not normally
the case for a switch. Does this require the router to be configured
specially - and how?

What additionally needs to be done to make the server act as a proxy server
as well as a router? I imagine I configure IE on each client to use the
server (by its address in 192.168.x.x) as the proxy. What about the server -
is there a proxy component in W2K Server?


Am I making things unnecessarily complicated for myself by getting the ADSL
router to perform two independent tasks - a) ADSL modem; b) wireless hub?
Would I be better separating them as in

http://fp.martinunderwood.f9.co.uk/n...th%20proxy.gif

That way the ADSL-to-server connection is by a dedicated ADSL modem (which
presumably passes all traffic unhindered) and then I have two completely
separate NICs in the server, one with the public address and the other with
the private address. And then I connect the client PCs to the normal ports
and the server to the uplink port of the switch, such that the PCs don't see
each other's traffic but the server sees all traffic.


Is there anyone who's done this who's prepared to "hold my hand" as I work
out how to set it all up? If so, my email address is
(replace "f666" with "f9" - "666" because
spammers are the spawn of the devil!)


  #2  
Old February 12th 05, 04:02 AM posted to uk.comp.home-networking
Rob Morley
external usenet poster
 
Posts: 1,379
Default Network connection with proxy server - further question

In article [email protected] ews,
"Martin Underwood" says...
A customer has proposed the network configuration

http://fp.martinunderwood.f9.co.uk/n...20original.gif

Rob Morley has confirmed that it should work, but I want to check exactly
how I should configure the equipment.

Let's assume that the "wireless ethernet hub" is a bog-standard ADSL
wireless router - Dlink DSL-G604T, for example.

Normally this would come with NAT and DCHP server turned on. I presume in
this configuration I'd need to turn those off.


Why?

The ADSL router will be given an IP address by the ISP - let's say it's
81.1.2.3. What IP address should I give the proxy server - another address
in the same subnet? Or do I give the server the IP address that would
normally be allocated automatically to the ADSL side of router if this was a
conventional NAT router network?


The router gets its WAN IP address dynamically allocated by the ISP,
and the LAN address will be a default setting in firmware like
192.168.1.1 The proxy and other LAN machines obviously need to be in
the same subnet as the LAN address of the router.

I presume I still give the PCs IP addresses in the 192.168.x.x subnet,
either statically or from DHCP on the server. Do I give the server's NIC an
additional IP address in this subnet and get DCHP to handout the gateway
address set to this server's address?


You could, but why? I thought you were talking about running
everything through a proxy, in which case there is no need for a
gateway.

Presumably I turn on Routing in Win 2K Server on the server and tell it to
route between 192.168.x.x and 81.1.2.x subnets?


Why?

Because NAT is turned off on the router, PCs cannot talk directly via the
router to the internet (as would be the case in a normal NAT router
network), but they talk to the server and this routes the traffic to the
81.1.2.3 address and hence to the internet.


Leave NAT turned on, just disable access from all machines but the
proxy server.

All traffic on any of the Ethernet ports or the wireless access point needs
to go to the port that the server is connected to - which is not normally
the case for a switch. Does this require the router to be configured
specially - and how?


Eh? The proxy server is on the LAN, the client machines are
configured to use the proxy, the switch will treat it just like any
other LAN traffic.

What additionally needs to be done to make the server act as a proxy server
as well as a router? I imagine I configure IE on each client to use the
server (by its address in 192.168.x.x) as the proxy. What about the server -
is there a proxy component in W2K Server?

I expect you're supposed to use something like MS Internet Security
and Acceleration Server 2000. Squid is a popular open source proxy
that has been ported to Win2k.

Am I making things unnecessarily complicated for myself by getting the ADSL
router to perform two independent tasks - a) ADSL modem; b) wireless hub?
Would I be better separating them as in

http://fp.martinunderwood.f9.co.uk/n...th%20proxy.gif

That way the ADSL-to-server connection is by a dedicated ADSL modem (which
presumably passes all traffic unhindered) and then I have two completely
separate NICs in the server, one with the public address and the other with
the private address. And then I connect the client PCs to the normal ports
and the server to the uplink port of the switch, such that the PCs don't see
each other's traffic but the server sees all traffic.

That would be a better way of doing it.

Is there anyone who's done this who's prepared to "hold my hand" as I work
out how to set it all up? If so, my email address is
(replace "f666" with "f9" - "666" because
spammers are the spawn of the devil!)

I've never played with ADSL, VPN, Win2k Server or ISA Server. I'd be
more inclined to use one of the Linux based distros that are designed
to do this job. Take a look at IPCop
http://www.ipcop.org/

  #3  
Old February 12th 05, 09:22 PM posted to uk.comp.home-networking
Martin Underwood
external usenet poster
 
Posts: 251
Default Network connection with proxy server - further question

"Rob Morley" wrote in message
t...
In article [email protected] ews,
"Martin Underwood" says...
A customer has proposed the network configuration

http://fp.martinunderwood.f9.co.uk/n...20original.gif

Rob Morley has confirmed that it should work, but I want to check exactly
how I should configure the equipment.

Let's assume that the "wireless ethernet hub" is a bog-standard ADSL
wireless router - Dlink DSL-G604T, for example.

Normally this would come with NAT and DCHP server turned on. I presume in
this configuration I'd need to turn those off.


Why?

The ADSL router will be given an IP address by the ISP - let's say it's
81.1.2.3. What IP address should I give the proxy server - another
address
in the same subnet? Or do I give the server the IP address that would
normally be allocated automatically to the ADSL side of router if this
was a
conventional NAT router network?


The router gets its WAN IP address dynamically allocated by the ISP,
and the LAN address will be a default setting in firmware like
192.168.1.1 The proxy and other LAN machines obviously need to be in
the same subnet as the LAN address of the router.

I presume I still give the PCs IP addresses in the 192.168.x.x subnet,
either statically or from DHCP on the server. Do I give the server's NIC
an
additional IP address in this subnet and get DCHP to handout the gateway
address set to this server's address?


You could, but why? I thought you were talking about running
everything through a proxy, in which case there is no need for a
gateway.

Presumably I turn on Routing in Win 2K Server on the server and tell it
to
route between 192.168.x.x and 81.1.2.x subnets?


Why?


I think I was thinking of turning NAT off as a way of preventing all the PCs
from accessing the WAN directly without going via the proxy - and hence
using the server to do the routing rather than using the router for this
job.

So you're saying let the router route between WAN and LAN, but make sure
that only the server's IP is routed and block any other IPs in the same
subnet (ie the client PCs' addresses)? Yes, I can see that this would be a
better solution. Do routers usually have the ability to control which
addresses are allowed through and which are blocked? I've never seen this
option - but them I've never really looked, either ;-)

Because NAT is turned off on the router, PCs cannot talk directly via the
router to the internet (as would be the case in a normal NAT router
network), but they talk to the server and this routes the traffic to the
81.1.2.3 address and hence to the internet.


Leave NAT turned on, just disable access from all machines but the
proxy server.

All traffic on any of the Ethernet ports or the wireless access point
needs
to go to the port that the server is connected to - which is not normally
the case for a switch. Does this require the router to be configured
specially - and how?


Eh? The proxy server is on the LAN, the client machines are
configured to use the proxy, the switch will treat it just like any
other LAN traffic.

What additionally needs to be done to make the server act as a proxy
server
as well as a router? I imagine I configure IE on each client to use the
server (by its address in 192.168.x.x) as the proxy. What about the
server -
is there a proxy component in W2K Server?


Er, yes. Temporary brainfade there!

I expect you're supposed to use something like MS Internet Security
and Acceleration Server 2000. Squid is a popular open source proxy
that has been ported to Win2k.

Am I making things unnecessarily complicated for myself by getting the
ADSL
router to perform two independent tasks - a) ADSL modem; b) wireless hub?
Would I be better separating them as in

http://fp.martinunderwood.f9.co.uk/n...th%20proxy.gif

That way the ADSL-to-server connection is by a dedicated ADSL modem
(which
presumably passes all traffic unhindered) and then I have two completely
separate NICs in the server, one with the public address and the other
with
the private address. And then I connect the client PCs to the normal
ports
and the server to the uplink port of the switch, such that the PCs don't
see
each other's traffic but the server sees all traffic.

That would be a better way of doing it.

Is there anyone who's done this who's prepared to "hold my hand" as I
work
out how to set it all up? If so, my email address is
(replace "f666" with "f9" - "666"
because
spammers are the spawn of the devil!)

I've never played with ADSL, VPN, Win2k Server or ISA Server. I'd be
more inclined to use one of the Linux based distros that are designed
to do this job. Take a look at IPCop
http://www.ipcop.org/



The customer is specifically thinking of using W2K server: that was in his
design spec that he asked me to review.


 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Why proxy server set to 127.0.0.1? Charlie Tame uk.telecom.broadband (UK broadband) 3 February 13th 05 07:14 PM
Why proxy server set to 127.0.0.1? It's Me uk.telecom.broadband (UK broadband) 0 February 13th 05 07:22 AM
Why proxy server set to 127.0.0.1? Jan Il uk.telecom.broadband (UK broadband) 0 February 13th 05 01:53 AM
Network configuration with proxy server Martin Underwood uk.comp.home-networking (UK home networking) 3 February 7th 05 10:15 PM
NTL proxy server? Janice uk.telecom.broadband (UK broadband) 0 May 3rd 04 10:17 PM


All times are GMT +1. The time now is 01:06 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2019 BroadbanterBanter.
The comments are property of their posters.