Emulate WAN address on the LAN with DNS?

Similar Messages

• One step at the time with DNS

  Anyone who would be so kind and guide me trough the setup of dns on my LAN?
  on my 5.th install now

  ahh Camelot.. - just the one i hoped would answer.. (I can see you have answered many in here...)
  Heres what i want to do: I want to run mailserver, webserver,dhcp, firewall and router on the leopard server.
  I have a dsl modem (static ip ) connected to the server on ethernet and a lan that is connected trough the server to internet. That works ok. I can also reach my webserver both from inside and outside as of today. Mail seems to work from both sides too. Here comes the trouble:-)
  I have two additional servers that needs to be reached from both lan and web on my lan.
  all my services has correct dns resolves from the net.. They are as follows:
  www.thure-trykk.no ->212.125.243.131 -> (website on the leopard server at 192.168.1.1)
  mail.thure-trykk.no ->212.125.243.132 -> (mailserver on the leopard server at 192.168.1.1)
  www.iway.thure-trykk.no ->212.125.243.134 -> (second webserver at lan 192.168.1.2)
  www.godkjenning.thure-trykk.no -> 212.125.243.135 -> (third webserver at lan 192.168.1.3)
  all of these needs to be reached from lan and wan by hostnames
  Dont know it this was enough to tell you what i want to do ??

• Play Halo on the lan with 1 license

  Hi,
  first sorry if this is the wrong topic, couldn't find a better one...
  I'm thinking of buying the game Halo, but I buy it because of the multiplayer, and we have a few macs here and my question is if I need to buy a version of halo for every mac ($$) or if it will do fine with 1 license.

  When connecting to a network game, Halo compares serials. If two are identical, the second user isn't allowed in. It may be possible to work around this, but generally you'll have to own a license for each computer.
  If you install the Halo update, you'll also be required to have the CD in to launch Halo.
  Don't you love Microsoft?

• Can I have two LANs with the same IP route to each other

  Hi there,
  I have a customer who has a televantage voip network on a private 192.68.0.0/24 network but has two sites connected via a wireless tower that wants to enable QOS over between the two sites by using a 2621XM router at each end. I've enabled QOS on both routers for voice and video but haven't deployed this yet since I'm not sure if I need to change one of the sites networks to a different network number since I'll have the routes in place with a 192.168.1.0 on the WAN side. If both remote networks stay with the same number scheme of 192.168.0.0/24 will they be able to find each other when requesting where a remote 192.168.0.0 host is or do I need to change of the offices networks to a 192.168.2.0 network to make this work? Sounds kind of basic but before deploying I wanted to get some input...thanks.

  Routers cannot route unless the address blocks for each interface are different.
  If you have two sites connected by any kind of link, and you'll use one site as a gateay to the Internet, then you'll need at least four different addresses/ blocks:
  The 'b' site LAN, i.e., fa/0/0:192.168.0.0/24
  The 'b' site WAN (interconnecting link), i.e., fa0/1: 192.168.1.1/30
  The 'a' site WAN (interconnecting link), i.e., fa0/1:192.168.1.2/30
  The 'a' side LAN, i.e., fa0/0:192.168.2.0/24
  (assumes that your wireless link is acting as a bridge or non-routing link) - the fa0/1 device connects to the wireless devices).
  If you use the same router on the 'a' side for the interconnecting link for both the 'a' LAN and the Internet gateway, then the third interface would be your Internet WAN address.
  The 'b' side LAN interface is your 'b' side default gateway for you clients
  The 'a' side LAN interface is the 'a' side default gateway for your clients
  Set a default gateway on the 'a' router to the ISPs Default gateway / next hop address.
  If you're using a third router for an Internet gateway, then the LAN interface address becomes the default gateway for the clients on that LAN, and you'll need to set up a static route pointing to the other LAN in the routers that connect the two LANs..
  A routing protocol may be useful but, depending on your actual bandwidth available, it's probably better to just set up static routes (no routing protocol bandwidth utilization).
  The /30 for the WAN link gives some economy of address usage, but it may also secure the link better, since there are no additional addresses for the intruder to use; they'd have to spoof one of the two valid addresses (.1 & .2) as well as crack your encryption (and / or other security).
  There's an armload of other possible configurations / topologies / address schemes, I believe this one would be reasonably common.
  The bottom line is that a router can only route from one address block to another. In order to pass traffic between two segments with the same address block, you need a bridge / switch, or some other layer one/two device (like a wireless transceiver pair).
  Good Luck
  Scott

• VPN Router to Router with 192.168.1.1 WAN address

  I have two WRVS4400N routers I'd like to create a VPN tunnel for.
  One gets a WAN IPAddress totally external: 75.32.167.xxx from the DSL modem.
  The other one is connected to an ADRAN 676 modem.
  This modem has an external IP address (67.155.29.202), but assigns address 192.168.1.1 to the connection to the router.
  I have the router configured to assign addresses 192.168.0.xxx to all computers on the LAN.
  The VPN setup requires to define the WAN address as the external address, but my router only sees address 192.168.1.1 as the external address (coming from the ADRAN modem)
  I hope this is not too convoluted and someone can help me. Following is an attempt at illustrating my setup:
  10.10.10.1-->Router1--->75.32.167.147 ---->INTERNET--->
  INTERNET-->67.155.29.202--->ADRAN modem--->192.168.1.1-->ROUTER2--->192.168.0.1
  Thanks in advance
  Rodolfo

  You adran modem also operates as NAT router. You have to reconfigure the adran modem for bridge mode. In bridge mode the modem operates like any other simple modem. You then have to configure the router for your internet connection, e.g. use PPPoE with the username and password supplied by your ISP. With that your router will have the public IP address.
  Otherwise, you would have to configure port forwarding and IPSec or GRE forwarding on the adran to pass the VPN traffic to the router. However, this may not work at all if the router is not able to handle VPN traffic through your NAT adran modem/router (my guess is it won't do it but I have not tested this).

• Public LAN and WAN Addresses

  Hi Guys
  I am slightly confused about public lan and wan ips. We have a circuit that was installed a few months ago as a backup failover but we now want to start using it so I phoned my ISP for the public range for that circuit.
  Now our internal IP subnet is a 192.168.150.xx 
  I was expecting the ISP to provide me with one public range maybe a /30 so I can assign an public ip to my routers external interface and PAT to that address.
  The ISP instead gave me a public LAN and WAN address range both of which are public IPs. Can anyone explain what these are where in my type of network will they fit it
  Thanks

  As Peter says it is worth talking to your ISP but LAN addresses are usually simply another public IP block you are free to use however you want.
  You don't have to use them and you certainly don't need to allocate them to physical devices on your LAN. The ISP doesn't really care how you use them either, they will simpy route traffic to those address to your edge device (see below for more details).
  They can be useful if you host a lot of servers/applications accessible from the internet for example.
  It does depend on the devices you have ie.
  LAN -> firewall -> ISP router
  in the above you use the WAN addressing for the link between the firewall and the ISP router and then you can just use the LAN address range for NAT on your firewall. Non of the LAN IPs need to be actually assigned to any interface
  LAN -> firewall -> router -> ISP router
  here you have your own router on the outside of the firewall. The WAN addressing would be used between your router and the ISP router. The LAN addressing would be used for the firewall to your router connection and any spare IPs can be used for NAT (usually done on the firewall).
  Note that usually the LAN addressing is a larger subnet than the WAN addressing and as you say the WAN addressing is usually a /30.  So the ISP uses one of the IPs from the WAN range and you use the other.
  If you have been allocated LAN addresses then the ISP will route traffic to these addresses to the WAN IP you have used so make sure you use the WAN IP on either -
  a) in the first example above the outside interface of your firewall
  or
  b) in the second example above the outside interface of your router, the one connecting to the ISP router.
  Hope that makes sense.
  Jon

• Using the WAN port as a "LAN" port on the Airport Extreme Base Station...

  Hi everyone,
  I'm re-building my home wireless network and I'm doing so in preparation for the Slingbox AV I ordered last week. Here's my current setup:
  I have a DSL modem attached to an Airport Express (802.11n) in my office broadcasting my internet signal. I have an Airport Extreme Base Station (802.11g) set up in my living room as a WDS extender. I currently use the base station in my living room to connect the DishNetwork ViP722 DVR to the internet and allow me to set recordings remotely on my iPhone when I'm away from home. I use the LAN port on the base station to do this, and now with the Slingbox on the way (should be here early next week), I'm wondering what I need to do to make an internet connection available for the Slingbox AV.
  My question: Will I be able to simply use the WAN port as a "LAN" port since the Airport Extreme Base Station is being used as a WDS? It'd be awesome if the WAN port would become, essentially, a LAN port since it isn't being used.
  Thanks in advance for your advice and insight!

  slugoo wrote:
  My question: Will I be able to simply use the WAN port as a "LAN" port since the Airport Extreme Base Station is being used as a WDS? It'd be awesome if the WAN port would become, essentially, a LAN port since it isn't being used.
  I'd be surprised if that worked. The operation of an AirPort base station depends on keeping the WAN port and the LAN port(s) separate, as those normally are on two different networks.
  You might consider buying an Ethernet hub or switch, which would allow your AirPort Extreme's LAN port to be shared. Here's an example of an inexpensive one:
  http://www.bestbuy.com/site/olspage.jsp?skuId=7169244&st=ethernet+switch&type=pr oduct&id=1110266457435

• Frustrating time with DNS - now NO reverse record

  Hi,
  Since we've migrated to Snow Leopard Server, it seemed about time to go back to the beginning and get the basics set up in order to move on to trying new services. But, I keep getting stuck at DNS, which seems to be a prerequisite for everything else.
  After trying various entries (I have not been clear on what to list as the nameserver), and still having errors in the log, I deleted all records in order to start from scratch. But now, no matter what I put in for the primary zone, it does not automatically generate a reverse entry as it used to. I'm not even getting anything under the expansion triangle for the primary zone. I think I killed it.
  How do I get started again, so I can generate new and better errors?

  MrHoffman wrote:
  okay, that's better. Now I'm back to where I started. First thing confusing me, what should the address be of that first machine I'm adding (the server in question.) you say public or private.
  Do you understand the difference between public IP and private IP? If not, then please [read this|http://labs.hoffmanlabs.com/node/275] for a quick introduction to the pieces and parts.
  Having public IP is easier. But you need enough public IP addresses to deal with your hosts, and those may or may not be available or affordable. If you don't have enough addresses or if you're working behind a residential (DHCP-based) IP address assignment, then you will want to use private IP addresses and NAT.
  I tried to make it clear we are behind a router and using NAT. I was reading what you were saying as meaning something else: that I could use our LAN addresses or the real (WAN) address of the router.
  but, of course, the domain names for the added machines don't really exist out there in the real world's dns servers... dns.crossword.tzo.com, NAMEOFSERVER.crossword.tzo.com, ipaddress.crossword.tzo.com etc;
  Do you have a publicly registered domain? tzo.com is registered to some folks here in New England.
  we buy (rent) the domain name from them. Obviously it is a subset of another domain name, and I don't know what that means for my purposes. It started out as 'dynamic' support, but we kept it after getting a static ip because it was easier to remember than the number. In other words, it resolves to our router's address. an inquiry to them got the response "you HAVE a fully qualified domain name". If I need to work with them on something, I'd need to know what to ask them for, because it doesn't seem they are ready to be more helpful than that.
  We do have our own domain name, but it is already busy pointing to someone else's server.
  01-Mar-2010 15:49:39.114 zone crossword.tzo.com/IN/com.apple.ServerAdmin.DNS.public: NS '192.168.0.100.crossword.tzo.com' has no address records (A or AAAA)
  should I care about that?
  That's an error. Probably because tzo.com isn't your domain? If you're working with the tzo folks, then you'll want to have tzo serve your domain, or have the tzo folks delegate to your server. (And I'd tend to avoid being delegated here; I'm guessing that you probably want this domain to be entirely private.)

• WAN Address Unidentifiable

  My Mac [Mac Mini] is connected to a Windows network. The network cable that goes from my computer goes down to a Linksys router. My DSL modem is also directly connectly to the router. The problem is that everytime I use a WAN [Wide Area Network] identifier (MyIP, Network Stat, etc.), it gives me the WAN address for the router, not the computer. If my computer is connected to the router, and so is the dsl modem, shouldn't I be able to get my own internet IP address, if I can, how can I find out what it is? If I can't get my own with this setup, how can do a setup where I can accquire my independent WAN address? Please help me, I'm trying to use this article so I can access my files when I am away from home.
  Any help is greatly appreciated!!!!!!!!!!!! :-D
  - Craig

  Here's how registering a domain name to a dynamic IP address works: You go to a URL like dyndns.org and sign up for a free domain name. It will be something like {insertYourDomainNameHere}.dyndns.org or {insertYourDomainNameHere}.home.net. See http://www.dyndns.com/services/dns/dyndns for more info. You also need to install a piece of software on your computer that, when it senses that your ISP has changed your dynamically assigned WAN IP, it tells dyndns.org to what it has been changed, and they update their DNS database with the new IP address as belonging to your domain name. Such a piece of software can be found at http://www.dyndns.com/support/clients. There are other outfits that do a similar thing, I think noip.com is one of them. But I am not familiar with them. I use dyndns so I know a little bit more about them.
  Anyways, now, from work or on-the-road, you can access your home computer by
  ssh {insertYourDomainNameHere}.dyndns.org
  or
  http://{insertYourDomainNameHere}.dyndns.org
  (the latter assumes you have a website up and running on your Mac). Of course, you need to have port forwarding enabled on your DSL modem so that inbound traffic arriving on certain specified ports (e.g., 22 for ssh, 80 for http) is routed to the appropriate computer hosting these services. I would steer clear of dmz and use port forwarding instead, with NAT.
  Now, what I do, is that I have a free dyndns.org domain, am running DynDNS Updater (that's the software client that tells dyndns when my WAN IP has been changed by my ISP) as a start-up item, and I have port 22 forwarded on my DSL modem to 192.68.0.2 (that's the IP address of my computer inside my residential home network). I had to set up my modem and computer to assign static 192.168.0.x addresses, in order for port forwarding to work. You may or may not have to, it depends on whether your modem ties port forwarding to MAC addresses or LAN 192.168.x.x IP addresses or not. Also, you need to have the right ports open in System Preferences -> Sharing -> Services. You need Remote Login checked for ssh and scp, and you need Personal File Sharing checked for afp, and you need Personal Web Sharing checked if you've got your own web server running.
  At work or on the road, then if I need to copy a file from home, in Terminal.app, I type:
  scp {mydomain}.dyndns.org:{path to file} {local computer path to file}.
  To copy to home, I type:
  scp {local computer path to file} {mydomain}.dyndns.org:{path to file}.
  Or I can use afp services and mount my home computer on the desktop of my on-the-road computer. To do that, in Terminal.app, you type:
  ssh -l {yourHomeComputerShortLoginName} -L 5548:localhost:548 {yourDomain}.dyndns.org
  this sets up an encrypted tunnel for afp traffic so you can now mount your home computer on your desktop of your on-the-road computer, and all your traffic between them is encrypted. Any traffic on your on-the-road machine on port 5548 is delivered to port 548 at home, and vice-versa. Now that the tunnel is in place, click on the Finder, do an apple-k and tell it to connect to localhost:5548. Voila! Your home computer shows up as an icon on your desktop, and you can drag and drop files either direction, or open, edit, save, and close on your home computer directly (working on remotely located fles may be a little slow -- I think drag-and drop, work on it, and drag and drop back is a better practice to follow) using afp.
  2001 Quicksilver G4   Mac OS X (10.4.6)  

• Oracle 10G Non-Network install - OEM will not start when on the LAN.

  Greetings,
  Got through a non-networked 10G Enterprise installation OK; I chose to create the orcl schema, connected to it through various utilities, added new tablespace, and all was well. I also checked my Host Name by pinging it in DOS, it showed me the IP address of the MS loopback adapter which is what I was expecting.
  Once I connected the same machine to the LAN (and internet) and re-booted, for some reason the Host Name was now assigned the dynamic IP address of the LAN and not LAN2 (which is the loopback adapter that is assigned a static local IP address). It did this even though I had already added an entry in the /etc/hosts file that explicitly assigns a static IP address to the Host Name (as recommended in the Oracle 10G pre-installation instructions). I also could not get the OEM to launch a webpage, run and connect to the orcl database after the re-boot; I am wondering if this is related to the IP address assigned to Host Name changing; maybe the Oracle agent can no longer resolve the URL for some reason?
  In the end I find that the only way to insure I can have a working Oracle environment and be on an active network at the same time, is to bring up the Oracle environment on a standalone system first, and once Oracle is running connect the system to the network. Is there no way to automate this process?
  The format of the hosts file entry recommended by the Oracle 10G pre-installation instructions is as follows:
  ===========================================================
  IP_address hostname.domainname hostname
  where:
  IP_address is the non-routable IP address you entered for the loopback adapter.
  hostname is the name of the computer.
  domainname is the name of the domain.
  For example:
  10.10.10.10 mycomputer.mydomain.com mycomputer
  ==========================================================
  In my case since I am not part of a Windows domain (but am part of a Windows Workgroup), I added an entry in the /etc/host file that looks like the following:
  # Copyright (c) 1993-1999 Microsoft Corp.
  # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
  # This file contains the mappings of IP addresses to host names. Each
  # entry should be kept on an individual line. The IP address should
  # be placed in the first column followed by the corresponding host name.
  # The IP address and the host name should be separated by at least one
  # space.
  # Additionally, comments (such as these) may be inserted on individual
  # lines or following the machine name denoted by a '#' symbol.
  # For example:
  # 102.54.94.97 rhino.acme.com # source server
  # 38.25.63.10 x.acme.com # x client host
  127.0.0.1 localhost
  192.168.110.250 IBM-6AB1330E158
  ==> Note that I did not add the domain name to the entry I created since I am not part of a domain, I also used the format I found in the etc/hosts file which is:
  IP_address hostname.domainname
  - not -
  IP_address hostname.domainname hostname
  Which is the format recommended in the Oracle 10G pre-installation instructions; this does leave me wondering which format is correct...
  Thanks in Advance for any help,
  ADG13

  I have not. I am hoping someone (maybe even from Oracle support) will step up and officially tell us we are either right or wrong in the way we are approaching this. From the research I have done on the internet it sounds like this should work, you should be able to have Oracle starting and running fine whether you boot connected to the LAN or not, assuming you have created the MS loopback adapter, assigned it a static IP, and changed the hostname entry in etc/hosts file as part of the 10G WinXP recommended pre-installation instructions.
  And yet I find I have to start Oracle when I am not connected to the LAN or the services will not start correctly. If this is a "feature" then hopefully someone will tell us and maybe give us a workaround or give us an idea if this will be addressed in a future release. Having said that and in fairness to the Oracle product; being a developer I have other products installed on my machine that have special networking setup needs also, and in my case this could be exasperating or even possibly causing this Oracle problem I am having. To be specific I have software for 2 different VPNs installed so I can tunnel into 2 private networks. One of these VPNs require me to make use of a DNS Suffix (as shown below) which might be contributing to my problems, not sure. I also have VMWare installed which uses it own network adapters when it is running, so you can see how things could get a little hairy... at any rate, there is my 2 cents worth (or is that 5 cents? : )
  fwiw,
  ADG13
  C:\Documents and Settings\Administrator>ipconfig/all
  Windows IP Configuration
  Host Name . . . . . . . . . . . . : IBM-6AB1330E158
  Primary Dns Suffix . . . . . . . :
  Node Type . . . . . . . . . . . . : Hybrid
  IP Routing Enabled. . . . . . . . : No
  WINS Proxy Enabled. . . . . . . . : No
  DNS Suffix Search List. . . . . . : ibm.com
  Ethernet adapter Local Area Connection 2:
  Connection-specific DNS Suffix . :
  Description . . . . . . . . . . . : Microsoft Loopback Adapter
  Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
  Dhcp Enabled. . . . . . . . . . . : No
  IP Address. . . . . . . . . . . . : 192.168.110.250
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . :
  Ethernet adapter Local Area Connection:
  Connection-specific DNS Suffix . : ibm.com
  Description . . . . . . . . . . . . . : Intel(R) PRO/1000 MT Mobile Connection
  Physical Address. . . . . . . . . : 00-11-25-13-96-AF
  Dhcp Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes
  IP Address. . . . . . . . . . . . : 192.168.1.102
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 192.168.1.1
  DHCP Server . . . . . . . . . . . : 192.168.1.1
  DNS Servers . . . . . . . . . . . : 65.24.7.3
  Lease Obtained. . . . . . . . . . : Wednesday, January 11, 2006 3:40:08 AM
  Lease Expires . . . . . . . . . . : Thursday, January 12, 2006 3:40:08 AM
  Ethernet adapter AGN Virtual Network Adapter:
  Connection-specific DNS Suffix . : ibm.com
  Description . . . . . . . . . . . : AGN Virtual Network Adapter
  Physical Address. . . . . . . . . : 00-00-00-00-00-01
  Dhcp Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes
  IP Address. . . . . . . . . . . . : 9.49.217.159
  Subnet Mask . . . . . . . . . . . : 255.255.255.255
  Default Gateway . . . . . . . . . :
  DHCP Server . . . . . . . . . . . : 9.49.217.159
  DNS Servers . . . . . . . . . . . : 9.0.2.1
  9.0.3.1
  Lease Obtained. . . . . . . . . . : Wednesday, January 11, 2006 8:06:20 AM
  Lease Expires . . . . . . . . . . : Monday, January 18, 2038 10:14:07 PM

• How to determine the address of the server whence the application through W

  The application is loaded from the server taking place in Intranet networks. How to determine from this application the address of the server with which it it is loaded?
  KSV

  Use could use the javax.jnlp BasicService.getCodeBase(). See http://java.sun.com/j2se/1.5.0/docs/guide/javaws/developersguide/examples.html and http://java.sun.com/j2se/1.5.0/docs/guide/javaws/jnlp/javax/jnlp/BasicService.html

• PO Address for the Partner Order address.

  Hi,
  We have a problem with the address in the PO. We want to complete automatically the address from the partner Order address that has different address than the vendor.
  So Vendor Number 1000 address in Madrid has the Partner Order address 1001 with address in Barcelona. We want to complete the address in the PO with the partner Order address from Barcelona. However the system always gets the address for the vendor in Madrid.
  How can we do this process? The standard should be works like this. Otherwise we have to develop this procedure. But Are there any easy way by program to complete the address in the PO process or after that?
  Thank you and best regards.

  the address from the OA partner is taken for the print out, where and why do you want to maintain it in the PO?

• Connected dynamic VPN wan address change

  I have a hub and spoke VPN. The spoke is dynamic.
  If once the tunnel is established the WAN address changes the router doesn't know to start a new session and the VPN TAKES ages to come up as it still thinks it has an active tunnel.
  Any idea how I can reduce the time for the tunnel to re-establish?

  Hello Martin,
  You got to change the security-association lifetime:
  set security-association lifetime #
  Give it a try and let us know.
  Regards,
  Julio

• Facetime on multiple computers on LAN with NAT?

  This seems that it would be a common question, but I haven't found it by searching the forum.  Please forgive if it was staring me in the face.  Here's the question:
  I have several Macs, all running Lion, on a LAN routed by a NAT (Dlink DIR-655).  I wonder if I can run Facetime on more than one of those Macs.  Apple publishes a list of ports that need to be forwarded, but of course port forwarding only goes to one IP address in the LAN.  Apple Remote Desktop will let you specify different ports to use for different computers, but there's no such preference for Facetime.
  Is Facetime actually clever enough to work around this (the few Apple support documents indicate that it isn't) or am I stuck?
  Thanks for any help.

  No ports need to be forwarded. The gateway merely needs to allow outgoing connections to certain ports. Unless you've blocked outgoing traffic, you don't have to do anything.

• "securely" use one ethernet interface for WAN and other for the LAN

  I am reconfiguring our dual 2.7 Intel Xserve running MacOSXServer 10.5.4, and had a question.
  Is it possible (or advisable) to use en0 to perform LAN services, and then configure en1 to only allow access to very limited service. VPN, FTP, CALDAV and later Mail.
  I imagine that this is possible via a firewall configuration, but first I do not know how to specify interface in addition to ports, and second I don't know how advisable this would be.
  Currently I have a DSL package from ATT with 5 static IP addresses. I have an Airport Extreme set up as one of those addresses providing DHCP and NAT to the LAN. I am using the LAN ports on the back of that to bridge my three switches (2 managed [clients and oce print server 100 base-T] and 1 unmanaged [ laser printers and copier 10 base-T]).
  I have the LAN based on 192.168.0.x, with the Xserve at 192.168.0.5. I have DNS configured and working (Thank you Antonio Rocco)
  I have 20 LAN clients, 18 mac 1 PC and one PC via Parallels. I will have no more than 1 or 2 WAN clients at any one time
  I provide AFP, SMB, Directory Services currently. As part of the reconfigure, I desire to take better advantage of the collaboration tools to provide wikis and CALDAV services. I also want to allow our employees to publish their individual calendars, so that they can subscribe to them at home, or vice versa.
  I would like to configure VPN, one for me to access configurations when I am away using Remote Desktop (I have used command line to some extent, but still feel more comfortable with the GUI tools) and second for limited access to content for certain users.
  It would also be very helpful for us to have a FTP site. It is unnecessary for this the be a FQDN service, sending the IP address is perfectly acceptable as we only use a service like this 10-15 times a year.
  (Related but unimportant in the grand scheme, is there a way to generate a link to the FTP server that you could email that not only is a link, but also a temporary username and password?)
  Thank you in advance,
  Ion Webster

  First, I missed a zero in the network speeds, I have two managed GbE switches that have all of the GbE capable machines connected to them, and an unmanaged GbE switch that has all the 10 or 100Base-T connections. My apologies for the mistake. That was one of the reasons I went with the GbE capable Airport to bridge the switches.
  Ok, I had been leaning towards a separate hardware firewall, but here is also where there is a hole in my knowledge. Do I need to look at something like the Linksys RVS4000 which bills itself as a +"4-Port Gigabit Security Router with VPN. Secure, smart Gigabit networking for growing business"+ I would like easy configuration, as I take care of these systems in addition to my job, rather than full time. This will be the first time I have set up a VPN connection, so even though I have spent a lot of time researching the manuals, and reading Schoun Regan (Apple Training Series) I don't have real world experience here. So if I buy more hardware, I want it to be the product that will provide the protection, and also allow me to configure it so that I can get these services running. All my VPN clients are running Macs, most on an AIrport connection and have their IP ranges in the 10.0.1.x range. all but one is on OS 10.5.x so I have a fairly homogeneous set of machines to make work together.
  I will review the links you provided regarding static routing, but I do believe the hardware solution is a better one, and wish to pursue it, for all the reasons you give, and that in the brief perusal of the links, it is more than I want to tackle.
  As far as FTP vs sFTP, I have no preference. I simply want a way to have online storage for transfer of large files on occasion. Ideally I want a folder, or a series of folders that are accessible for my LAN users to put items in and take them out, and for my (s)FTP users to do the same
  So long story short, the hardware solution I would like to purchase, I need to be able to do the following:
  VPN connections for content access and ARD access ( knew about and will ensure differing IP ranges)
  (s)FTP
  Calendar publishing
  mail(at a later time)
  Thank you for your help thus far.
  Ion Webster