Network Setup - Pleeeaaaasse Help

C

clock

Member
Joined
Mar 4, 2005
Messages
16
Reaction score
0
Hi all those who are great in knowledge.

Please bear with me since I am relativly new to the networking scene.

I run a small business and need to run software from a server which wil be loaded with Win2k3 server and will be using Terminal services to access software from remote machine using Remote Desktop (managed to understand all that ).

I have a good ol marconi ethernet adsl router for the server side and norml usb adsl modem at my remote location with seperate ADSL connection (Win XP).

Everyone talks of Proxies, firewalls etc.

Can anyone kindly guide me in the right direction since I am concerned over cost - the software and connections already make me nervous as far as costs are concerned and I want to keep them as low as possible.

Obviously, security is the main objective along with keeping the bandwidth down so that I don't reach my cap. I have been assured by the sware vendor that I should not reach my cap if I ensure that each office is blocked from accessing the net - which I most certainly intend doing.

Which will be the right setup (with minimum cost - using GNU software where possible). I intend using no-ip.com to keep the dynamic ip of the server updated.

Any help would be appreciated since already i have learnt much from this forum but some of the stuff is over my head. BTW, I do regard myself as pretty pc savvy and things like local inhouse networks hasn't stumped me yet - this one however has me worried.

Heck - I would be willing to part with a few bob if someone in Cape Town can help. I do want to learn to obviously maintain the network myself

Many thanks in advance
 
If it were me, I wouldn't directly connect the Windoze server to the net, I think I would put a Linux box with a firewall distro inbetween ADSL & Windoze Server, then forward ports for the remote access. That's just paranoid me though.

If you do decide to try that, I recommend a blank HDD in the Windoze box, install a trashable version of Windoze, then try setting up the whole lot without the Linux box, if you get that going, then put the Linux box inbetween & get that working, when it is doing its thing redo the Windoze box (reformat & fresh install). Oh and make sure that while you are testing all this you are disconnected from your lan - you don't want any crackheads sneaking onto your lan while you're testing.
 
I think your easiest option is to buy a router for your other remote connection - the one with the standard USB DSL modem on it.

That would be the cheapest, easiest route to secure both sides.

Seeing as you've already got a marconi router I'm sure you know how to configure it ?
You can just open up the neccessary ports on each router and NAT or PAT to the winXP boxes.
 
Terminal Services

I am currently running a small home network, with USB POTS and Rasppoe on one computer and I can connect via Terminal services to both Win2K and Win2003 servers on different sites. If you want, running on windows 2000 and windows XP cllients. If you need help, contact me through email, leaving your phone no because I think it is far easier to do this via voice or something like remote admin
 
Direction

Many thanks all who have replied.

What I am in fact looking for is the steps I need to follow for a correct setup eg:
1. install server sw
2. instal firewal using ???
2. setup router using ?????
3. etc
4. etc

People have offered linus as a front end box but I want to stay with one machine and preferably in the windoze realm. I know that I might be asking a bit much but this forum has the knowledge and expertise.

The simple thing is that I want to learn but have no prior experience in this field

Again, many thanks to all
 
Last edited:
From your original post "with minimum cost", now that precludes Windoze altogether.

For Firewall & Antivirus software on the W2K3 Server, I would try Computer Associates EZ Armor (have a look at my posts in the sticky Off Topic forum thread). Firstly, no I haven't tried it on W2K3 Server, but I suggest you give it a try, the reason being that it allegedly works on workstation as well as server, regardless of what you use the server for (M$Exchange, etc etc etc). You could also try Zone Alarm for firewall and something else for Antivirus. Other than that you could try one of the F-Secure products specifically for Windoze Server versions, however F-Secure for servers is exceptionally expensive (from an SMME POV), and F-Secure has different products depending on what you need to use the server for.

Based on your previous post it sounds like you need advice that is dependent on the type of things you want to do with the server, clues...?
 
Road ahead

Thansk IC for the reply

I am not so much concerned as to the security using AV and the like, more relating server security from the internet since my branch will be using software located on the server - Pastel to be precise.

I have two local users which will connect to the server from within a lan setup at the main branch and want to connect the remote user via adsl

I hope this throws more light on the subject

Many thanks
 
For any Windoze 2000+ installation (workstations & servers) you need to regularly run Microsoft Baseline Security Analyzer, also http://www.microsoft.com/security/default.mspx. That's like step1, after that there are loads of other things that need to be done - this is why M$ software really is more expensive (IMO) - it is all about TCO (Total Cost of Ownership) and no matter what support prices are being charged for Linux, I feel that there are so many problems with M$' lack of security & bugs that become exploits, that eventually you end up spending more money & especially time trying to patch a sinking ship, that's not even taking into account the expensive licences to start with (again from an SMME POV).

So, my advice is still to make sure that you have as much in the way of non-Windoze firewalling inbetween the server & the internet connection (same goes for remote end as well). bb_matt's suggestion is a good one - ADSL router with built-in firewall capabilities.
 
A bit stuck

Thanks IC

Unfortunately - for the moment - I'm stuck with the Telkomonopoly's ADSL router due to some cost constraints I have imposed upon myself to be able to sleep at night :mad: As a point of interest - which hw firewall/router would you guys recommend?

Is there a dloadable sware firewall I can use - I have McAfee's latest Internet version which includes all the goodies - firewall,spam filter etc

Thanks
 
clock, lets go through this again :-

I have a good ol marconi ethernet adsl router for the server side and norml usb adsl modem at my remote location with seperate ADSL connection (Win XP).
Click to expand...

You already have a firewall on the one side - your marconi router.
So just put another router on the other side, which you can get for under R400 and your good to go !

All you need to do then is to read up on the router configuration to allow for a secure connection between the offices. I think by default, a router blocks the majority of ports - you'll want to configure the minimum amount and bang a hole through the router to allow for your terminal services.

Possibly a good idea is to run them on a port other than the default, for added security. You can also block all IP ranges other than your ISP's range completely. (or at least, I think you can with DSL router modems ?)
 
I only use free software, if I can help it. I use Sygate as the firewall, AVG as the antivirus software (best on market), firefox as the internet browser (stops spyware), 602 lansuite for managing the network (free up to 5 users).

The nice thing about 602 is that you can run a website and its an email server. I haven't used it's firewall, but it has one. I use "dynsite" and "dyndns.org" for the dynamic addresses.

There is some software that I have been trying to use to manage bandwidth usage, but cannot get it to work, yet, and that is "softperfect bandwidth manager". Looks well written.

I have also set up my router/wireless access point between my pc which is linked to the internet and my network, so that no one can access internet without going through the 602 lansuite proxy server.

But then, what I have done is from the perspective of a non IT person, so maybe its wrong, but one thing you have to do is have a firewall and good AV software.
 
Personally, I'd rather have a hardware firewall between me and my network - a router does a good job, but I find the web interfaces inflexible, so I just run in bridged mode through smoothwall.

Software firewalls in my mind are fallible - I don't even want any potential bad packets near my winXP box, so I just use ZoneAlarm to prevent anything from "talking to home" so to speak - I completely switch of it's software firewall functionality.

Smoothwall is just brilliant.

Clock, if you have two spare old PC's and 4 spare NIC's you can also run a Smoothwall box in each office, but I think my previous post is probably more of an elegant solution for your purposes.
 
Getting there

I tend to want to lean towards bb-matt's solution but don't have a spare box available.

What I do intend doing -with everyone's blessing :D is to have two NIC's - one for the internal network and one for "outside" connectivity over adsl. Any advice here would be appreciated

My main concern obviously is the "outside" link for which I will probably have to go the software firewall route as an added feature to the routers's firewall - or am I overkilling here?

I intend using Winxp's Remote desktop (have win2003 server with 5cal and 5cal terminal services licence) for the two "outside" pc's to link to the software on the server - am I heading in the right and easiest solution here??????

Many thanks to all for their advice - its much appreciated and I've learnt more in the past two days than a couple of years tinkering with pc's :)

BTW - I unfortunately DON't know how to setup up the router - help here would be appreciated.

Heck, I'm starting to look like a dunce but at least have acheived more than I would have on my own - love forums - always have a few views and everyone learns from each other - THANKS GUYS
 
Last edited:
clock - I don't even know 10% of what some of the people here do !

Ok, a few questions, is your Marconi router ethernet based ?

If it is, you can simply plug it into your LAN switch - it will have an internal IP address configured and you simply need to set your internal IP range to match (or you can edit the routers existing internal IP address)

They are usually configured to run as 192.168.0.x or 192.168.10.x

You then access your router via a web interface.

The same would apply at the other office, providing you purchased an ethernet DSL router.
 
Getting there

Yep - it is a Ethernet Marconi. Remote site has a USB modem

Managed to figure out that machine must match routers IP's :D

Do I run the server as a workgroup? My feeling is that it should be as a domain to ensure proper authentication.
 
On the subject of a Linux box, I am using an old PC with SmoothWallExpress2 - you don't need much more than a PentiumII with 128MB & a smallish HDD. You could probably get away with using an ancient PentiumI with 64MB.

Anyways you 1st need to get the router(s) configured so you can be afforded some level of NAT & firewalling protection at both ends. Sadly I know bogroll about routers & configuring them (I'm gonna have 2 learn very soon...:rolleyes: ).

On the server side, yes you should use a domain - there are loads of workstation vulnerabilities when a user logson with a non-domain account - inparticular msgina.dll & certificate management for EFS (Encrypting File System i.e. NTFS5), so do not create a workgroup as it will bite your ass.
 
Hi guys,

I want to setup my Router at Home and at the office so that I can work on the office PC from home.

I use VNC viewer/ server to do this, and have also registered a static IP with no-ip.com.

I want to achieve

VNC VIEWER PC - Marconi Router ------------- 5100 Router - PC-VNC SERVER

The only problem now is where and how to set it up!
Any help?

Thanx
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X