New Network Setup

C

CrazyGeezer

Member
Joined
Nov 18, 2014
Messages
10
Reaction score
0
Hi All

Need some help setting up a network in my class lab.
Received a donation of PC's etc...
- 1 x Windows 2003 Server with Dual Nics
- 30 x PC's with XP & Windows 7
- 2 x 24 port network switches

What is in class now is 2 teachers pc's & 3 printers hooked up to ADSL router.

What would be the best setup to get it connected including current pc's & printers?
Also only the 2 teachers pc's + server should have internet access (maybe a proxy)?
But then the dilema would be how other pc's would update anti-virus.
 
CrazyGeezer said:
Hi All

Need some help setting up a network in my class lab.
Received a donation of PC's etc...
- 1 x Windows 2003 Server with Dual Nics
- 30 x PC's with XP & Windows 7
- 2 x 24 port network switches

What is in class now is 2 teachers pc's & 3 printers hooked up to ADSL router.

What would be the best setup to get it connected including current pc's & printers?
Also only the 2 teachers pc's + server should have internet access (maybe a proxy)?
But then the dilema would be how other pc's would update anti-virus.
Click to expand...

It all depends on how you want to manage the network / PC's.
If you want to restrict internet access, then yes, a proxy on the Server with all the PC's sitting behind that.

I'd recommend using one NIC on the server for the ADSL Router - use NAT and Proxy on it and the second NIC to a switch and cascade the second switch. If the NIC on the server is a GB NIC, maybe spend a few hundred R and get a 5 port GB NIC that you can run both 24 port switches in parallel instead of cascaded, which reduces the load on the one and gives you less dependency on it also.

Thats my 1 minute comment. There's lots of ways and means of doing this easily, especially with Win 2003.
 
Out of the standard network setup:

- your printers should be connected via network. if the printers do not have network port, connected them to the server or another PC and share them. Another option can be to buy a Printer Server, but that will cost you money (they are not expensive anyway).

- for the internet, you can load a firewall in the server (that is also your gateway) and restrict the access to all IP's except the teachers and the server. You can whitelist the internet address of the Antivirus that you are using to give access to the PC without internet access. A firewall can do a lot of things... it all depend of the firewall functionalities. I can recommend Kerio (it runs on windows) but is paid. If somebody else can recommend another firewall that can run on Win server 2003...

- Another option will be to get one of the PCs that you have to create a Linux Firewall. In that case, the firewall will be your gateway and your server your AD/DHCP and any other services that you want. Your ADSL router will be connected to the Firewall Box. Also this "Box" will need another Network Card as one will be the WAN and the other one for LAN.

On the firewall you set your rules on who can access the internet. On the Server on the DHCP you can fix IP for the users that you want to give internet access, so you do not have future problems because the DHCP assigned the IP with internet access to the wrong machine...
 
This was my idea as well.
ADSL > Server > Switch (15 PC's) > Switch (15 PC's)
Doubt the Nic's on Server are gigabit though. Will look into your suggestion, Thanks
 
CrazyGeezer said:
Hi All

Need some help setting up a network in my class lab.
Received a donation of PC's etc...
- 1 x Windows 2003 Server with Dual Nics
- 30 x PC's with XP & Windows 7
- 2 x 24 port network switches

What is in class now is 2 teachers pc's & 3 printers hooked up to ADSL router.

What would be the best setup to get it connected including current pc's & printers?
Also only the 2 teachers pc's + server should have internet access (maybe a proxy)?
But then the dilema would be how other pc's would update anti-virus.
Click to expand...

You could setup untangle (free) on one of the client PCs and use that as a UTM device which also allows authentication on your network so only the teachers have accounts to log in and browse the internet. The untangle box will be in bridged mode sitting between your ADSL router (gateway) and your internal (LAN) network.

You could then make the server 2003 your DHCP& DNS server though these roles can still be left on the ADSL router. In untangle on the login/captive portal setup you then just add bypass rules for the antivirus updates server addresses.

That's another way of going about it
 
For the Antivirus:
use an AV that supports updating from local repository,server can download and store updates and cascade it to the client PCs

For internet: Proxy ftw
 
So many ways of setting this up but cheapest and maybe easiest will be to just use what you have. (Will not be as good as building a proxy server from one of the pc's) Suppose all depends on the capabilities of the router/modem you have. Most modem/routers have some settings which would allow you to at least block all pc's except a few who's IP's you would specify in the firewall to allow them access, like the server and the teacher laptops/pc's.
I would use the Win2003 server as the DHCP and DNS server.
Connect the two switches via their up-link ports (if they have up-link ports, or else just use any other ports to connect them together)
Plug everything else in the switches as well, server, modem and all other pc's and printers
And a idea regarding the IP addressing for the network. (I take it those are not managed switches so will not assign IP's to them )

Using 192.168.0.0/24, but any /24 private IP range will do

Subnet mask will be 255.255.255.0 and gateway will be 192.168.0.1 for everything (If you do not assign the gateway to something it will not have internet access, could also be a way of "disabling" internet access for some of the pc's, but if a user types in the gateway he will then have internet access if it's not blocked somewhere else)
ADSL modem router static IP: 192.168.0.1
Win 2003 Server static IP: 192.168.0.10

DHCP setup on Win2003 server:
Setup to lease 192.168.0.100 - 192.168.0.150 (You can make it more if you want, but you only have 30 pc's so I made it 50 address to lease out, up to you how many, but leave open enough to assign static IP's to stuff you want to assign static IP's to)Add subnet in DHCP settings to lease: 255.255.255.0
Gateway will be 192.168.0.1 (If you leave the gateway out no pc will have internet access.... maybe you can setup the teachers with static IP's and gateway, and all the lab pc's gets DHCP IP without gateway, thereby they have no inet access, but can be added like I mentioned above if you don't lock down the network adapter properties for users... )

Oh, and use 192.168.0.10 as DNS, obviously dns has to be setup on the server.
 
Last edited:
webtailor said:
Out of the standard network setup:

- your printers should be connected via network. if the printers do not have network port, connected them to the server or another PC and share them. Another option can be to buy a Printer Server, but that will cost you money (they are not expensive anyway).

- for the internet, you can load a firewall in the server (that is also your gateway) and restrict the access to all IP's except the teachers and the server. You can whitelist the internet address of the Antivirus that you are using to give access to the PC without internet access. A firewall can do a lot of things... it all depend of the firewall functionalities. I can recommend Kerio (it runs on windows) but is paid. If somebody else can recommend another firewall that can run on Win server 2003...

- Another option will be to get one of the PCs that you have to create a Linux Firewall. In that case, the firewall will be your gateway and your server your AD/DHCP and any other services that you want. Your ADSL router will be connected to the Firewall Box. Also this "Box" will need another Network Card as one will be the WAN and the other one for LAN.

On the firewall you set your rules on who can access the internet. On the Server on the DHCP you can fix IP for the users that you want to give internet access, so you do not have future problems because the DHCP assigned the IP with internet access to the wrong machine...
Click to expand...

It being a school, not much funds available. So must make use of what was received.
Note all PC's came with original software & CD/DVD's.
 
PsyWulf said:
For the Antivirus:
use an AV that supports updating from local repository,server can download and store updates and cascade it to the client PCs

For internet: Proxy ftw
Click to expand...

Like in the previous reply, money is limited.
Was thinking of use MSE as anti virus but doubt it can update from local repository. Will look into which AV can, maybe could justify purchase.
 
PsyWulf said:
For the Antivirus:
use an AV that supports updating from local repository,server can download and store updates and cascade it to the client PCs

For internet: Proxy ftw
Click to expand...

Like in the previous reply, money is limited.
Was thinking of use MSE as anti virus but doubt it can update from local repository. Will look into which AV can, maybe could justify purchase.
 
irBosOtter said:
So many ways of setting this up but cheapest and maybe easiest will be to just use what you have. (Will not be as good as building a proxy server from one of the pc's) Suppose all depends on the capabilities of the router/modem you have. Most modem/routers have some settings which would allow you to at least block all pc's except a few who's IP's you would specify in the firewall to allow them access, like the server and the teacher laptops/pc's.
I would use the Win2003 server as the DHCP and DNS server.
Connect the two switches via their up-link ports (if they have up-link ports, or else just use any other ports to connect them together)
Plug everything else in the switches as well, server, modem and all other pc's and printers
And a idea regarding the IP addressing for the network. (I take it those are not managed switches so will not assign IP's to them )

Using 192.168.0.0/24, but any /24 private IP range will do

Subnet mask will be 255.255.255.0 and gateway will be 192.168.0.1 for everything (If you do not assign the gateway to something it will not have internet access, could also be a way of "disabling" internet access for some of the pc's, but if a user types in the gateway he will then have internet access if it's not blocked somewhere else)
ADSL modem router static IP: 192.168.0.1
Win 2003 Server static IP: 192.168.0.10

DHCP setup on Win2003 server:
Setup to lease 192.168.0.100 - 192.168.0.150 (You can make it more if you want, but you only have 30 pc's so I made it 50 address to lease out, up to you how many, but leave open enough to assign static IP's to stuff you want to assign static IP's to)Add subnet in DHCP settings to lease: 255.255.255.0
Gateway will be 192.168.0.1 (If you leave the gateway out no pc will have internet access.... maybe you can setup the teachers with static IP's and gateway, and all the lab pc's gets DHCP IP without gateway, thereby they have no inet access, but can be added like I mentioned above if you don't lock down the network adapter properties for users... )
Click to expand...

Thanks will look into your suggestions. Much appreciated
 
You could also load the free fortinet client on the pc's. It has built in AV and Web/Application filtering, load that on all pc's, set to block all web categories and the App will still update without them having internet access. (You can lock the App down with a password so they cannot change it at all)
 
Install virtual server 2005 r2 on the win2k3 server. You can then install either smoothwall or pfsense on it and use that to restrict/allow internet access.
 
irBosOtter said:
You could also load the free fortinet client on the pc's. It has built in AV and Web/Application filtering, load that on all pc's, set to block all web categories and the App will still update without them having internet access. (You can lock the App down with a password so they cannot change it at all)
Click to expand...

Thanks this is an option I can look at.
 
The_Librarian said:
Install virtual server 2005 r2 on the win2k3 server. You can then install either smoothwall or pfsense on it and use that to restrict/allow internet access.
Click to expand...

Sounds very interesting, will read up.
Thanks for all the help thus far. Strange no one has made network design type of app giving you all options.
 
If the PC's don't have internet access why do you want AV on them? Rather make a disk image of the Windows install once you have set up the PC, then when you pick up a problem with that PC you just re-image it. At varsity the PC's are set up so that users cannot make any changes to the OS or programs, with every boot it reverts to the default install. They also used disk cloning to put the same disk image on all the PC's.
 
This sounds interesting.
But wont it make boot times longer if it reverts to default install with every boot?
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X