i've been charged with setting up a small network for the office here and need some suggestions. i want to have a server and 3 or 4 clients. the server needs to share files and the cable internet connection. i guess i'm gonna go with nt4 for the server and win98 for the clients. i'm thinking i need 2 nic's in the server - one to receive cable modem love, and another to send out to a hub. right? ok, do what do i need to do (if anything) to split the net access to the clients? i think i have a basic understanding of how printer and file sharing works, but is it possible to share one file between 2 computers and still retain read/write access for both?<P>i've also read some things about cable net access security, or basically, the lack thereof. would you guys recommend a firewall, and if so, what's the easiest way to go about setting that up?<P>sorry if this seems kinda stupid, i've never had to delve into the world of networking until now. thanks.
network newbie seeks guidance
- Thread starter elevate
- Start date
- Status
<BLOCKQUOTE><font size="-1">quote:</font><HR>i'm thinking i need 2 nic's in the server - one to receive cable modem love, and another to send out to a hub. right?<HR></BLOCKQUOTE><P>It would be dependent upon the cable modem hardware, but odds are you'll have to use a NIC for the cable modem, and another NIC for the rest of the network.<P> <BLOCKQUOTE><font size="-1">quote:</font><HR>ok, do what do i need to do (if anything) to split the net access to the clients?<HR></BLOCKQUOTE><P>My understanding is that you'd have to use some Network Address Translation (NAT) software like Sygate or another similar product. You could also use MS's Proxy Server, but I don't think you wanna spend that kind of dough. View image: /infopop/emoticons/icon_smile.gif<P> <BLOCKQUOTE><font size="-1">quote:</font><HR>i think i have a basic understanding of how printer and file sharing works, but is it possible to share one file between 2 computers and still retain read/write access for both?<HR></BLOCKQUOTE><P>This is in some respects related to the application you're running across the network (like a database). If the program is network-aware/enabled/optimized, then the app handles access. If you're talking about basic things like, for example, a word processor, then you can mess up the data file by having two computers access it at the same time. I guess I should ask you to give more details about what you have in mind...<P> <BLOCKQUOTE><font size="-1">quote:</font><HR>i've also read some things about cable net access security, or basically, the lack thereof. would you guys recommend a firewall, and if so, what's the easiest way to go about setting that up?<HR></BLOCKQUOTE><P>It would be well worth it to get some kind of firewall, particularly if it's to protect a company's office environment. There is a large number of firewalls available; I've only looked at big expensive ones like Axent and Checkpoint for my company. I'm sure that there are others here who could jump in and suggest lower-cost alternatives... (now waiting for these replies to roll in View image: /infopop/emoticons/icon_smile.gif)
<P>I realize that this will draw a bunch of fire but...<P>Is it possible to run this on Macs for you? NT is a more powerful server solution, but you don't seem to need that much power. The Mac will alleviate some of the complexity and security issues. Is easy to set up and manage, and will do all that you are trying to do. OSX will allow remote admin, but will bring in security issues again. Running OS9 will remove the security issues but not allow remote admin. <P>
heh...damn you resteves!! View image: /infopop/emoticons\icon_wink.gif <P>actually, mac won't work, what will be the server will also be handling some other meager duties that are windows-centric. thanks for the thought though.<P>abg, thanks for the info. that sygate stuff looks great.<P>
Depending on what you have to spend, you could also just use 98 SE for all the machines and use ICS to share the cable connection. If it's a small office sort of setup this would be easiest.<BR>If possible use only TCP/IP protocol and assign each computer an IP. This makes for a quick little network.
pardon the ignorance, but what is ICS? and how exactly do you go about assigning an ip address for a machine? is that part of ICS?
It's unfortunate that you're not too familiar with networking, because I really believe that using Linux as your server (Samba for file sharing services) would be best. It has IP Masquerading for free, and if you ever wanted something like, say, a web server for your office then Apache is there at no charge.<BR>I don't know how much experience you have with computers, but Red Hat linux and a couple of good books might be the ticket.<P><BR>
I agree with qbert. That's exactly how we're set up at my work. We have 5 PC's and 1 Mac.<P>We bought a cheap $400 Celeron PC (64MB RAM, no monitor, no modem, no CD-ROM- just borrowed another CD-Rom drive & monitor for the install), installed Linux for use as a cross-platform file server (Samba & Netatalk for Windows & Apple file serving). Hooked it up to a UPS and and it's been on for 3 months without a hitch.<P>I also dusted off a Pentium-90 to do IP-Masqurading for the DSL line.<P>Of course, I had to read 3 books and countless HOWTO's to get it done, but once it's set it's a zero maintainance solution. <BR>
i'd be completely down with doing the linux thing (i have no linux experience, but i'd be happy learning). but alas, the server will also be doing part # look-ups for the shop guys with some proprietary windows program.<P>i've pretty much decided on the hardware and stuff. i just need to know if that sygate stuff will let a mac play on the network too. those sybergen guys aren't being very expedient about responding.
There's the problem, elevate. I can tell already that powers in your company have decided "the server can handle it." Well, here's something to think about, bud - and the reason y'all should really bite the bullet and pop another $500 for "redundant" hardware:<P>You're obviously talking about using NT server to proxy everyone. Doesn't matter how you do it - Sygate, WinGate, whatever - the fact is you're considering using your <I>primary domain controller</I> - the box that'll probably end up with virtually all your company's data - to "isolate" you from the internet.<P>I did it for awhile. I can tell you no matter what proxy system you use, you're gonna be pulling your hair out from time to time because all the services running on that box are gonna make it brittle, and you're gonna have the boss PO'd because his internet connection is down. And god only knows what could happen first time some script kiddy happens by and finds one of those myriad NT default configuration holes.<P>Delegate. Let each do what it's best at. Don't even worry about all those services; if you <I>need</I> mac services on your three person network, you can easily install them on NT. But don't stick that NT box bare-ass naked out there on the net. Buy a piece-a-crap PC, stick a freesco disc in the floppy, and let it do what it does best. Then you can have your workstations <I>and</I> your PDC tucked away all snuggly and (sorta) safe.<BR>
OK, the easiest way to do it with 98 SE, set up TCP/IP and NETBEUI protocols in Networking. Install ICS (Internet Connection Sharing) to the machine connected to the Web. (To install, go to Add/Remove, pick the Windows Setup tab, pick Internet Tools, Check the box next to ICS. Restart.<BR>Voila! <BR>What these other guys are describing is more powerful solutions. It sounds like a pretty small operation though? Oh well, whatever. Nothing against Linux. Or NT. Or 2000. Or Mac...Ooops, forget it.
Do you really need a NT server. You can get a router to share the cable modem. It'll run you a couple of hundred but, it's small and easier to set up than Linux. I'm using the xRouter from Macsense to handle NAT on my Macs, Windows, and Linux box. No problems and has never crashed. and it has a 4-port hub built in. Linksys now has one with a 10/100 4-port hub. It also keeps your server and clients from being seen from outside your own network. Unless you set up virtual ports and start serving up FTP or HTTP.
ok, question. topologically, how would i include a router in the network? does the router share network communications as it does the internet connection? i don't know how clear i made it in my original post, but i do need a computer acting as a file server, and it needs to be a microsoft os.<P>poptones, i guess i don't really have any knowledge in this area, but it seems like the server would not be taxed very hard. it would be spewing forth internet connectivity, sharing approximately the same 20-30 [small] files day to day, and printing stuff occassionally. it just sounds pretty menial compared to me jumping between rendering some 3d studio max stuff, workin some photoshop, or bouncing around in 8 ie windows.
No, elevate, it's not just those things. I've tried literally <I>dozens</I> of different methods and software add-ons to do NAT/proxy/routing on NT, and, for a beginner as you seem to be (no offense, I was one too) they are all a b-i-t-c-h to get up and running properly. The easy ones like WinGate and the ilk are pieces of crap commonly plagued by memory leaks or just plain bugs that bring the server to it's knees every other day, and the "real" Microsoft options are typically Microsoft-complicated. The other HUGE problem here is NT comes out of the box ready for any script kiddy on the block to walk right in.<P>It's NOT difficult to setup a "linux box." I'd never even heard of freesco until someone here (PeterB, I think) mentioned it a month or so ago and I now think it's the greatest thing since.. well, I dunno. It's easy, 'tho, and the learning curve is about the time it takes you to read the readme file and boot from the floppy. It's extremely UN-feature laden, hence it's simplicity and relative security.<P>The reason you do this is NOT just to prevent overloading your PDC - it's because if you have your PDC on a NIC on the internet then your PDC - all your user account info, your passwords, and likely a good bit of your company's information is hung right out there with it. And once someone cracks that and sets themselves up an account, that proxy ain't much protection at all. Who cares what the IP addresses are if I have a list of all your NETBIOS machine names and an account on the server?<P>The linux box is a firewall. It's protection, and it also handles the routing with ease and doesn't add yet another service to possibly break your server. Freesco boots and runs right off the floppy - you don't even need a box with a hard drive and, unlike all those "router appliances" I've seen you can actually use TWO NICS, which makes it all the more secure. If you just plug your router into a hub with your DSL modem and all your clients then they are ALL hung out there on the 'net. The clients may not have routable IPs, but once someone gets past your gateway they can still just scan all the NIC ID numbers. <P>It's not JUST about making your PDC more robust, 'tho that's a big part of it. The biggest asset is security, and the few hundred bucks it'd cost for a cheap "router" is alot cheaper than finding another job when you get hacked.<P>Look into it; it's really good stuff. <a href=http://www.freesco.org/>www.freesco.org/</a>
"Is it possible to run this on Macs for you?"<P>The Mac is the answer. Now, what's the question?
Okay you need a server. But after reading what a bitch it is to set up the NT server as a router, I'd still think about the hardware router. It'll sit on the LAN just like a hub. One port going to the WAN and one going to your LAN. Most of them will support NAT, DHCP, Virtual Ports, etc. <P>It's not as cool as using Linux. But it doesn't have a fan and makes no noise. Also most of them are configured via a browser. And if you need the server to handle Win apps, then you'll have another box sitting there taking up space.<P>Ignore the name, but Macsense has a decent product in the xRouter. You can check out sample set-ups at:<P><http://www.macsensetech.com/Product/mih120.html><P>BTW, this box will support up to 252 users, so you got some room to grow.<P>Like I said before there are a couple folks making similar products. <BR>Umax, Linksys, Sonic and the big boys of course but those are big bucks.<BR>
Stephen, you gotta learn to not paste mac shortcuts into documents...<BR> www.macsensetech.com <P>Well, I'm willing to bet an old 486 box can be picked up for much less than $299.<P>The blue translucent thingy is prettier, 'tho.<P>BTW, have you met PeterB?
poptones - i hear what you're sayin, but really cost is the biggest consideration being made, then functionality. i was asked to put together a small network to perform particular functions, and all at a ridiculously low cost. there is no budget for an extra linux box. i'm working on getting an extra hundred or so dollars allocated for a router instead of just a hub, but that looks doubtful too. i have made it clear that they are making compromises by limiting the cost of this project, but they don't understand. it took me 5 minutes to explain what the progress meter on an ie download window meant to one of the guys that work here. i'm talkin complete ignorance of all things computer.<P>so with that in mind, i guess suggestions for maximizing security with nt and something like sygate would be much appreciated. i'm almost at my wit's end with these people. at this point i would almost want the server to get hacked just so i could say 'i told ya so.'
There are two critical things you need to consider:<BR>1) Security<BR>2) Security<P>I know that technically that's one thing, but it's such a big one I thought I'd mention it twice.<P>As others have said, the default NT installation is hideously insecure. Anyone can stroll in and trample over your network. Don't say "It'll never happen to me" because it will. There are some 'differently talented' little script kiddies out there who go to insane lengths to identify insecure hosts on the net. They'll find you eventually.<P>It looks like you're on a bit of a budget, so I'll try and make some low-cost suggestions:<P>1) Accept that your web-facing host is going to be attacked, and lock it down tight. Don't use it for anything except web-facing (Internet access, email, web serving perhaps).<BR>2) Have a good backup strategy<BR>3) Consider using a cheap old PC running a UNIX for your web-facing host. Consider Linux, which is easy and has lots of free support available. Consider OpenBSD, which is a bit harder to configure, but is easily the most secure OS available for x86. If you must consider NT, get a professional to lock it down. This is not a job for an amateur.<BR>4) One more time, have a good backup strategy.<BR>5) Consider getting another box as an internal fileserver. You can run NT on this if you insist. I'd run a UNIX, but there you go.<BR>6) Back everything up again.<BR>7) Check your restore capability. Backups are no good if you can't restore.<BR>8) Get a hub. Thin ethernet will cost you more (in terms of heartache at least) in the long run<BR>9) Very boring. Have a written security policy. Your job depends on it.<BR>10) Bet you guessed it - BACKUPS.<P>Setting this sort of thing up is fun. Don't be afraid to ask people, and you should end up with a network you can be proud of.<P>Enjoy.<BR>
Sorry, about not including the link, I don't do much HTML, so I need some catching up. <P>As for the name, they picked it not me. I guess they're going after a Mac market. <P>I'm sure you could pick up a 486 for under $299, but would that include 2 NICs, a big enough drive and enough RAM? What about Linux and the time to download or buy? What about the time spent to configure the box? The xRouter takes about 20 minutes tops to set up. That alone is worth the cost. BTW, I think the linksys rolls in at about $199, and it's got the 4-port 10/100 hub built in. That's another cost saved.<P>This is a really good deal. I honestly don't believe you can set up either NT or Linux for this price and the security is excellent especially if you close all incoming ports, because all your computers will have their own IP addresses. Remember, time is money. And I have a feeling elevate isn't going to be willing to donate 200 hours to get this network up and running.<P> View image: /infopop/emoticons/icon_smile.gif
Excession is right here, backups are extremely critical. I've seen people backing up to the same tape week after week only to discover it's been bad for (probably) months....<BR>Also, security shouldn't mean just attacks from outside. it's the jerk who brings in that nasty, old smelly DOS program that hoses your system or some fool brings a virus in on a disk.<BR>Yeah, don't forget to address virus protection, and it has to run automatically. How about power back up? If they suddenly lose power they could also lose data?<BR>Are you adequately insured? View image: /infopop/emoticons\icon_wink.gif
stephenb, did you even click the link above?<P><I>I'm sure you could pick up a 486 for under $299, but would that include 2 NICs, a big enough drive and enough RAM?</I><P>Not really relevant, as all the box needs is a CPU, a floppy, a power supply and 6 (that's right: six) Megs of RAM. If the bios requires a keyboard and video card to boot then it'd need those, too, but most any old machine is going to have some sort of display card already in it.<P>So far as NICs, last time I was at Fry's you could pick'em up for about $9.<P><I>What about Linux and the time to download or buy?</I><P>Took me about three minutes. Wouldn't take much longer on a dialup; don't take long to download 2 megabytes.<P><I>What about the time spent to configure the box?</I><P>Again, as I said: you make a boot disc using the included utility, stick it in the floppy drive of your "router" and turn the power on.<P>That's it. Connect to the web interface from your server and set it up. No complicated settings to configure, no kernel compiling, nothing - it's as close to plug-n-play as you can get in a router.<P><I>The xRouter takes about 20 minutes tops to set up. That alone is worth the cost.</I><P>Then this should <I>really</I> be worth the cost. Hard to beat "free."<P><I>BTW, I think the linksys rolls in at about $199, and it's got the 4-port 10/100 hub built in. That's another cost saved.</I><P>In reading his comments, 'tho, it would appear this is a <I>very</I> small operation, where even $200 is significant. A four port hub will be needed anyway, for sure - but they're certainly not $200. The solution I'm proposing would cost little more than a hub alone. Again, it's really hard to beat "free."<P>elevate: this ain't hard. I honestly believe if you look around you will <I>find</I> a machine you can use to secure your network. Think about it: does your uncle or someone have an old dinosaur of a box sitting around the garage? 486 machines are so antiquated they've become virtually worthless here in the US - even computer recyclers won't buy them. Find one and "lease" it to the company. <P>Hell, go to the weekend flea market. I'm willing to wager you can find one somewhere between free and $25. You might even find one with an old tape drive in it... just thing for those backups (which I'm willing to bet your boss also doesn't want to pay for... correct?) Use it to barter in a longer lunch hour, or an extra day off every month - you'll come out the winner on any exchange like that.<BR>
ARG.<P>NT4 Server (w2k when available if you can)<BR>Something like SyGate for internet sharing<BR>NT4WS clients (again > w2k) or win9x if $ a big problem.<P>what's so confusing about this?
try running Sygate 24/7 for a few months and let me know how much sleep you get...
Poptones,<P>Yes I clicked, and I apologized for the name in my previous post, but I use it on a Mac, Win98, Linux network and it works great. <P>I understand Elevate to be a network newbie, so simpler is better. <P>Not everyone has your knowledge or experience and might not be able to set up IP Masquerading in that short amout of time. Plus if he has to set up an NT server, he's gonna have his hands full. <P>I say push for the router. It's worth the cash, cause it's less of a headache. I just put one in for a client after the previous tech wanted $400 for the Linux box and then $5000 for a year of support.
- Status