Need firewall/ router / nat / vpn recommendation
As the title states, I'm looking for an all-in-one hardware solution (not software) that will work seemlessly with our xserve. Right now we are using a consumer grade Linksys vpn/router as a temporary solution. We also have a business series linksys 24-port switch, so I don't need the router to handle any of that.
We have about 15 users in the office. The vpn will need to support about 3-5 users at any one time, both Mac and Windows clients. We would like to utilize PPTP since it is easier to setup. The internet is provided via Cox cable and sits around 5MB of bandwidth.
Any recommendations would be greatly appreciated. I would prefer to base this purchase on those who use a solution in a production environment as opposed to hearsay.
Thanks in advance.
We use a SonicWALL TZ 170 for that, and it works fine. The current product is the TZ 180, its replacement, which is a bit faster. The TZ 180 can handle 5 MB bandwidth with Intrusion Prevention Services on (signature watching on packet inspection); about 6 MB is the real limit for the TZ 170 with IPS (don't believe the marketing sheets that say faster). With 15 users in your office, you might want the PRO 2040 rather than the TZ 180 for increased processor power. Avoid the 1260, which is essentially just a TZ 170 with a switch on the back end.
Supports the major VPN protocols. If you want to use IKE, you will need the Equinux VPN Tracker client for the Macs (SonicWALL doesn't have a Mac VPN client). Note that their Vista VPN client is now in beta, people are having mixed results with it. No Vista 64 bit VPN client is even announced.
We have used it for several years with Mac VPN (VPN Tracker) from iMacs at our homes to our Xserve G5 and LAN, works fine. SonicWALL support is Mac hostile, they claim it doesn't work with Macs. Hogwash. Be prepared for Bob from Bangalor for the Level 1 and Level 2 support people, who seem untrained on the product line. The Level 3 support people are good, except when you get the anti-Macintosh bigots.
If you need to do NAPT (NAT with port translation), you will have to get the SonicOS Enhanced OS. SonicOS Standard can do NAT but not port translation. The learning curve on SonicOS Standard is not that bad; SonicOS Enhanced is a very different animal - more powerful and featured but more difficult to set up.
Sonic's business model is to pretty much give the hardware away and make it up on support contracts/licenses for firmware/hardware support, IPS, Anti-Spyware, Anti-Virus licensing, etc. The hardware is reliable.
Hope that helps,
Russ
Xserve G5 2.0 GHz 2 GB RAM Mac OS X (10.4.8) Apple Hardware RAID, ATTO UL4D, Exabyte VXA-2 1x10 1u
Similar Messages
-
I´m doing a design for presale, where I will need a router what support PAT for 500 or a little more of users, it not need any more features only static routing and dhcp pool for 500 users, can you help me for know what router recommend?
What is your WAN speed currently and projected WAN speed in the next 3 years?
-
Hello folks,
I still messing about with my GSN3 lab here. My topolgy is like this : (cloud)-----(router)-----(ASA FW)----(SW)------LAN.
I can ping out from the router and from the ASA firewall, but I cant figure it out how to make my LAN to ping outside. I searched too.
I greatly appreciated!!!
Here are my basic config on the FW and Router:
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface GigabitEthernet0
nameif outside
security-level 0
ip address 10.10.10.1 255.255.255.0
interface GigabitEthernet1
nameif inside
security-level 100
ip address 172.168.1.1 255.255.255.0
interface GigabitEthernet2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet5
shutdown
no nameif
no security-level
no ip address
ftp mode passive
object network inside_mapped
subnet 172.168.1.0 255.255.255.0
object network internal_lan
subnet 172.168.1.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
route outside 0.0.0.0 0.0.0.0 10.10.10.2 1
route outside 0.0.0.0 0.0.0.0 192.168.137.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect icmp
inspect icmp error
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
crashinfo save disable
Cryptochecksum:d751984bd942d8b192f58d6b2e8afe8a
Router1:
Current configuration : 1108 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R1
boot-start-marker
boot-end-marker
no aaa new-model
memory-size iomem 5
ip cef
no ip domain lookup
ip domain name lab.local
multilink bundle-name authenticated
interface FastEthernet0/0
description To Internet
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface FastEthernet0/1
description inside edge router
ip address 10.10.10.2 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
ip route 0.0.0.0 0.0.0.0 192.168.137.1
no ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/0 overload
access-list 1 permit 172.168.0.0 0.0.255.255
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 172.168.1.0 0.0.0.255
control-plane
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
loginHi,
Your router doesnt have a route for your LAN network behind the ASA. Since the ASA is not doing Dynamic PAT or similiar at the moment the LAN will show with its original IP address to the Router so it needs a route pointing back towards the ASA to be able to return the ICMP Echo reply messages back to LAN users.
Try adding
ip route 172.168.1.0 255.255.255.0 10.10.10.1
On the router
Also the ASA seems to have some route that is not needed
no route outside 0.0.0.0 0.0.0.0 192.168.137.1 1
Hope this helps
Remember to mark the reply as the correct answer if it answered your question.
Ask more if needed
- Jouni -
WRT300N: Class C routing & NAT
Hi,
I've just been brought in to as a network admin to manage the network of small 'net cafe. The network the admin before had setup really turned out to be a disaster.
Okay, here's the breakdown of the equipment I have available:
30 hosts
3 switches (10 hosts each)
1 WRT300N broadband router
Note: Wireless services are not being used
The ISP over here has assigned us five IP addresses, but since we have 30 hosts we obviously need to use NAT.
What I would like to do is implement some sort of Class C subnetting for the three groups of hosts connected into the switches.
I'd like to use subnets of either 192.168.1.0-192.168.3.0 (255.255.255.0) or even a mask of 255.255.255.240 since a block size of 16 on each subnet will be sufficient. (Each switch is connected into a port of the WRT300N).
My questions are: Can I accomplish this using just the WRT300N and still be able to use NAT to enable my hosts to access the 'net through ADSL? And if so, how? And if this is not possible, then do I need to get another Linksys router so that I can get my network up and running smoothly by connecting the WRT300N to the new router and then connecting the switches to the new router as well? If this is the case, which wireless router would all of you recommend I get?
The name of the game here is to optimize speed, so I'd really like to break down the broadcast domains by subnetting.
Thanks in advance.
- T.Yes you can use the router WRT350N for using the NAT settings on the router ....
You can connect the router in between Modem & Switch ... -
Linksys WRT600N vs CISCO PIX 506E.... Firewall / Routing Performance
Hi:
I am new to the forum and was hoping to tap into some of your expertise. I have a Linksys WRT600N version 1.1 and I recently acquired a CISCO PIX 506E firewall. My question is what should I use as a firewall? Both have SPI etc. Should I:
a) Use the 506E as a firewall and use the 600 as a wireless access point, or
b) Use the 600 as a firewall and wireless access point.
Do both routers have the same firewall routing performance? I want to use the storage feautre on the 600N, but if I do that and use it as a wireless access point the 600 can't get the proper time from the Internet, so my time for newly created folders and files shows they are 10 years old.
Anyway, just thought I would post and find out what some of the experts thought and maybe someone from Linksys or CISCO. I know the 506E is discontinued and was manufactured around 2001 and the 600N is a new model.
(Edited subject to keep threads from stretching. Thanks!)
Message Edited by JOHNDOE_06 on 05-06-2008 10:41 AMThe PIX is a real firewall. The WRT has a firewall which mostly protects the router itself. People prefer to buy a "SPI firewall router" instead of a simple "router" even though the router firewall does nothing or little to protect the LAN. The only firewall configurations on the WRTs you can usually do is on the Access Restrictions tab. But that's usually all. The LAN itself is not protected by the firewall. You would notice this if you had a public IP subnet and ran it through the WRT: the LAN would be fully exposed to the internet. Some routers have a few functions like protection against denial of service attacks or similar. But even then this often filters only the traffic targeted at the router and not the LAN.
The common protection of your LAN you have on the WRT is because you use private IP addresses inside your LAN and the router does NAT. However, NAT is not a security mechanism but a mechanism to solve the problem that you can only have a single public IP address but want to use multiple computers, which is why you have to use private IP addresses. Current NAT implementations usually drop unsolicited incoming traffic because they don't know to which IP address in the LAN to send it to. But the notion of NAT is to deliver and to allow connectivity. This has nothing to do with security or a firewall.
Thus, if you want to use a real firewall use the PIX. On the PIX you can configure the traffic which is allowed to enter the LAN and which not. It is far superior in this respect to the WRT. However, as it is a older model, I cannot tell how fast the PIX is. You should be able to find the old data sheets of the PIX somewhere on the cisco website. They should mention the possible throughput. I guess it won't be an issue.
To me another point for the PIX are the VPN capabilities which allow you to securely access your LAN while you are on the road.
Of course, you must know how to configure the PIX correctly. It is a complex device and can be configured pretty much for anything you like. This means of course if you do it wrong you may end up with little or no security.
BTW, there are no people from linksys in this forums except the moderators (which may be from lithium). To hear from Linksys you have to contact Linksys support. -
ACE: as firewall and NAT. inbound and outbound originals
Hi Team,
This time no load balancing is required.
Two servers inside (with private IP) need to communicate with clients and servers on the internet. ie, internet client originate inbound traffic to our servers, and also our servers originate connections to some internet servers.
Both of our servers will work indipendently for this purpose.
I have a few ideas to mix and match configs in the ACE. (This was originally working with FWSM setup). I would like to hear some sound ideas to acheive this using ACE only as firewall/router. No plan to load balance at present.
Regards to all
SSGilles,
Inbound traffic and the related reply traffic can be handled with normal class-map by defining a VIP with public IP.
The above real server with private IP is now going to make a different connection to the internet. ie,
outbound traffic and related reply traffic need handling. (no load balancing planned).
Detination NAT, Static NAT sounds interesting
Source NAT, Static NAT sounds interesting. Mixing these sound very interesting!! I'm looking for sample configs please.
SS -
Problem with Cisco 831 router NAT translation or routing
Hello,
I’ve reviewed several post on this forum, very useful, and I think this 831 router config should allow for NAT'ng port 8080 to the ‘inside’ ip address, per this statement below. but my efforts have not been successful, no responses get back to outside client (xx.24.40). clients on inside can communicate outbound fine. The iis server at .10.3 is definitely up and running on port 8080. I know this is probably a duplicate of other posts but if anyone can pinpoint my error I would really appreciate it!!
ip nat inside source static tcp 10.10.10.3 8080 interface Ethernet1 8080
Here is some debug ip nat output when attemping to connect on port 8080, do not get response back from server to external client (xx.24.40)….
Feb 03 13:22:49 10.10.10.1 297472: *Mar 2 00:09:31.894: NAT: o: tcp (xx.xx.254.40, 44123) -> (xx.xx.254.128, 8080) [21674]
Feb 03 13:22:49 10.10.10.1 297473: *Mar 2 00:09:31.894: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21674]
Feb 03 13:22:52 10.10.10.1 297474: *Mar 2 00:09:34.906: NAT: o: tcp (xx.xx.254.40, 44122) -> (xx.xx.254.128, 8080) [21678]
Feb 03 13:22:52 10.10.10.1 297475: *Mar 2 00:09:34.906: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21678]
Feb 03 13:22:52 10.10.10.1 297476: *Mar 2 00:09:34.906: NAT: o: tcp (xx.xx.254.40, 44123) -> (xx.xx.254.128, 8080) [21679]
Feb 03 13:22:52 10.10.10.1 297477: *Mar 2 00:09:34.906: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21679]
Feb 03 13:22:58 10.10.10.1 297478: *Mar 2 00:09:40.906: NAT: o: tcp (xx.xx.254.40, 44122) -> (xx.xx.254.128, 8080) [21684]
Feb 03 13:22:58 10.10.10.1 297479: *Mar 2 00:09:40.906: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21684]
Feb 03 13:22:58 10.10.10.1 297480: *Mar 2 00:09:40.906: NAT: o: tcp (xx.xx.254.40, 44123) -> (xx.xx.254.128, 8080) [21685]
Feb 03 13:22:58 10.10.10.1 297481: *Mar 2 00:09:40.910: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21685]
Feb 03 13:23:10 10.10.10.1 297482: *Mar 2 00:09:52.922: NAT: o: tcp (xx.xx.254.40, 44124) -> (xx.xx.254.128, 8080) [21698]
Feb 03 13:23:10 10.10.10.1 297483: *Mar 2 00:09:52.922: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21698]
Feb 03 13:23:13 10.10.10.1 297484: *Mar 2 00:09:55.930: NAT: o: tcp (xx.xx.254.40, 44124) -> (xx.xx.254.128, 8080) [21702]
Feb 03 13:23:13 10.10.10.1 297485: *Mar 2 00:09:55.930: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21702]
Feb 03 13:23:19 10.10.10.1 297486: *Mar 2 00:10:01.934: NAT: o: tcp (xx.xx.254.40, 44124) -> (xx.xx.254.128, 8080) [21709]
Feb 03 13:23:19 10.10.10.1 297487: *Mar 2 00:10:01.934: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21709]
Feb 03 13:23:58 10.10.10.1 297489: *Mar 2 00:10:41.306: NAT: expiring xx.xx.254.128 (10.10.10.3) tcp 8080 (8080)
538-R1023-C830#sh running-config full
Building configuration...
Current configuration : 4329 bytes
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname 538-R1023-C830
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
no logging console
no aaa new-model
resource policy
ip subnet-zero
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 10.1.18.152
lease 0 2
ip cef
ip domain list sd.cox.net
ip domain name sd.cox.net
no ip ips deny-action ips-interface
no ftp-server write-enable
crypto pki trustpoint TP-self-signed-75609932
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-75609932
revocation-check none
rsakeypair TP-self-signed-75609932
crypto pki certificate chain TP-self-signed-75609932
certificate self-signed 01
<snip>
interface Ethernet0
description inside
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Ethernet1
description outside
ip address dhcp
ip access-group 101 in
ip nat outside
ip virtual-reassembly
duplex auto
interface Ethernet2
no ip address
shutdown
interface FastEthernet1
no ip address
duplex auto
speed auto
interface FastEthernet2
no ip address
duplex auto
speed auto
interface FastEthernet3
no ip address
duplex auto
speed auto
interface FastEthernet4
no ip address
duplex auto
speed auto
no ip classless
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 1 interface Ethernet1 overload
ip nat inside source static tcp 10.10.10.3 8080 interface Ethernet1 8080
logging trap debugging
logging 10.10.10.3
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 101 permit ip any any
control-plane
banner login ^C
^C
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
scheduler max-task-time 5000
endHi Alain,
yes, the client i was testing with is on the same subnet as public router ip. Good thought on the firewall, I will disable any firewall on iis machine (my laptop) and re-test. will reply with those results on Monday. ultimately i'm needing to test nat for port 9100 to a printer, I'll add that and test as well, firewall shouldn't be a factor with printer.
thank you.
Grant -
Replacing BM on NW with the ISP firewall and NAT
Replacing BM on NW with the ISP firewall and NAT
Hi!
LAN is a tree with 3 servers:
1. NW 6.5 sp8 + BorderManager 3.9 sp 2
2. NOWS SBE 2.5 (Suse) - DNS\DHCP
3. NOWS SBE 2.0 (Suse)
Since I'm connected to the internet through my ISP router (XBOX- Checkpoint), I am considering to remove the first server (firewall) and ask my ISP ro configure the router as a firewall and NAT too.
What are the steps needed to do it without any demages?
TIA
Nanunanu,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://forums.novell.com/ -
Do I need a router or access point / bridge?
Hi. We have a MS small bus server with a software firewall. It does dhcp and routes traffic so we don't need the router part of the router.
Wireless N access is needed. Will a DAP 1522 (Wireless N access point / switch) offer the same wireless performance as a Linksys wireless N router?
I just bought the DAP access point and am getting 100-130 mb/s with a strong signal. Would the router work better with its giant antennae?
NickDAP 1522 is a good acess point. It lets you connect up to 4 Ethernet-enabled devices such as set top boxes, game consoles, or computers to an existing Wi-Fi network for on-demand broadcast, online gaming, or media streaming throughout the home.
With dual-band wireless capabilities, the DAP-1522 is ideal for wireless HD video streaming and gaming applications because entertainment content can be sent over the less crowded 5GHz band.
The DAP-1522 can also be used to create a new 802.11n wireless network using its Access Point feature. Simply connect it to an existing wired or wireless router, and you'll enjoy greater range and data speeds in seconds. -
What IOS do I need for SSH and VPN
Greetings,
I am not a Cisco expert but can muddle my way thru configurations. I have inherited my position from someone else who setup our VPN infrastructure long ago. Problem is that we have added a new location and I have been asked to add it to our VPN. I found a spare 2610 in the equipment closet with IOS Version 12.2(24) which is a higher version than some of the other working VPN routers in the field. I am basically using the other VPN router configs as a template but when I issue the command "crypto", it does not recognize it. Nor does it recognize the command "ip ssh". So the questions are, do I have to get an updated IOS? If this IOS is ok, do I need an add-on VPN pack? If yes to either one, how do I get it? - Thanks.
DonSo if I do a "show ver" on the router I am having trouble with, I see:
IOS (tm) C2600 Software (C2600-IO3-M), Version 12.2(24), RELEASE SOFTWARE (fc1)
On one of the working VPN routers I see:
IOS (tm) C2600 Software (C2600-IK9O3S3-M), Version 12.2(15)T14, RELEASE SOFTWARE (fc4)
So I see the K9 in the IOS version of the working router. Thanks for that part of the puzzle.
Now my question is, how do I get that IOS?
Don -
Is a modem enough? Or do I need a router?
No, really, that's my question. Bear with me; I'm ignorant of how this is supposed to work, though I think I understand the very basic principles.
I have an old zoom modem that for six years has wirelessly connected my iMac to the internet. The network is sometimes very unreliable and I have to restart the modem and fool with settings to get it working again; that sometimes fixes it for several months, but sometimes I get dropped freqently for weeks before something fixes itself. However, the network always shows up in the drop-down list. I'm in an 800 squ. ft. apartment in a large building and surrounded by 15 or so home networks, but I'd like to add a wireless printer and connect remote speakers with an Airport Express, so I want it solid before I start playing with more devices.
Given the number of wireless setups around me, I recently I decided to make my network more secure because the modem was not encrypted and I had no wireless security set up in my network preferences. But as soon as I started playing with encryption on the modem and/or adding WPA2 security on the network preferences, everything became unstable. The network still shows up in the drop-down list (the one that comes up when I click on the network icon in the menu bar), but it usually wants me to enter a WEP password and doesn't let me connect, etc. If I reboot the modem and restart the computer (I think the latter helps) I get a connection; that might work for several days or for only hours. Sometimes rebooting the computer helps too. But, like I said, the only time I have anything that stays stable for any length of time is with no security.
So I've got to do something. People are always talking about routers connected to modems, but the guy at my ISP said that for my purposes a modem alone would be enough. He suggested connecting an ethernet cable and creating a new network to see if that alone will help, and if the wireless setup still doesn't work I should replace the modem.
So, considering my modest demands on the network, do I need a router? Shouldn't a wireless dsl modem be enough, even if I need to replace this one?
Edited to add: my understanding is that everything on the network is connected to the modem, which is why he said the modem is all I need. Is this wrong? I just got an iPod touch and all I had to do was sign in to the network. Right now I've had a few days of stability, so I haven't gotten so see if it loses the network when the iMac does.A potential problem with a non-Apple router is compatibility. Some brands tend to be better than others. Also there is the question of support. Few if any mfgrs. provide support for Macs. That said I would give a qualified thumbs-up to D-Link routers. They do work well with Macs and can be easily configured with a browser. Mac support is available although minimal. D-Link also sells access points that can be used much like an Airport Express.
Any problems with WPA on your Zoom is likely because it's very old. The modem may not even be DOCSIS 2 compatible given its age.
Consult with your ISP to determine what they recommend for a replacement modem or what they currently provide in new installations. Whatever you do a new modem may require provisiioning with the ISP.
I don't believe Tesserax or I made conflicting statements about needing a router to connect multiple devices. If there's any question here, then the answer is, "Yes. You need some type of router to connect multiple devices. It could be separate from the modem or it could be built-in to the modem like what you now have. -
Confussion: DNS/FQDN behind SOHO Firewall/Router
Hi Everyone,
I'm a little confused as to the setup of DNS behind a Firewall/Router.
I have previous had an OS X 10.6 server with DNS setup directly to a Global IP.
In my new setup, I will have a SOHO Firewall/Router setup at the "edge" with server & clients on the Local LAN. I will need the server to be able to serve up DNS / Open Directory master / Web Services / etc. both publically and privately. The SOHO device will serve up DHCP.
Port Forwarding on the SOHO router is not an issue, so covered there.
I am a bit confused on what to do on the DNS side as it is now sitting on private lan but needs to serve out publically as well.
Is it as simple has having something like the following in the DNS tables?
Note: dns1.mycompany.com. would have static IP: 192.168.1.10
dns1.mycompany.com. IN A 123.123.123.123
dns1.mycompany.com. IN A 192.168.1.10
10.1.168.192.in-addr.arpa. IN PTR dns1.mycompany.com.
123.123.123.123.in-addr.arpa. IN PRT dns1.mycompany.com.
That way there is a machine record and reverse lookup for both internally and externally?
Message was edited by: Jin597I am not saying the following is the only way to do it, but typically you would run your own DNS server internally and may have for example www.yourcompany.com resolve to a local private IP address, and externally you would have your ISP run a DNS server for the same domain but it would resolve to your public IP address.
The outside world would only see and use the ISPs version and would therefore always use the (correct) public IP address, and your users on the LAN would use your internal DNS server and hence the private IP address.
It would be possible to do the same all yourself by having two separate DNS servers internally but keeping one for use by your LAN, and the other for use (only) by external users. I don't believe the standard Apple Server Manager utility makes it possible to properly do both on one server. -
Im having a problem interfacing the HP B210 all in one wireless printer to my ASUS wireless Laptop. Do I need a router or can I some hoe make the wireless connection using my blue tooth on my laptop. Please help.
Well, the printer does not have bluetooth so that will not work.
However, you can connect to it directly via wi-fi on your laptop. From the front of the printer go to: Setup > Network > Restore Network Defaults.
Now, on your PC, look for a wireless network beginning with "HP". Join it. There is no password.
Now, go to Control Panel > Printers and Add a Printer.
Say thanks by clicking "Kudos" "thumbs up" in the post that helped you.
I am employed by HP -
Do I need a router when I have time capsule
I'm so new with iMac. Thinking getting a time capsule for movies and music so if I get a time capsule do I need a rout with it
Time capsule is a backup device not a media server.. it will not work at all well as a place to store your itunes or iphoto libraries..
Read around carefully for what people use but TC has no internal method to automatically backup.. anything stored on the TC even if you only use it for file storage is lost. if the TC dies.. which they do.
If you still want to use it. a TC is basically an airport extreme.. ie wireless router with built in hard disk drive. -
Need a router to conect ipad to a telstra 4G usb Sierra wireless "AirCard 320U
need a router to conect ipad to a telstra 4G usb Sierra wireless "AirCard 320U
You need a MiFi. Talk to your cell provider.
Maybe you are looking for
-
My wifi on my ipod isnt working. It works on my computer but not on my ipod touch or any other cellular device. i have tried resetting the network settings but still nothing. Please help??
-
BOOTMGR is missing in Windows Server 2008 R2
I have tried putting the dvd in and then running the recovery console via the command prompt. I only have the options for "system Image Recovery", "Windows Memory Diagnostic" and Command Prompt. I ran Bootrec /RebuildBcd, Bootrec /FixMbr and Bootrec
-
Replace text with wildcard in the middle
I am looking to change several config file keys that have server names in the format <server>server01</server> <server>server02</server> <server>server03</server> I would like to change all of the server tags to contain the same server, for example
-
Imported older PDFs view as blank pages but print ok
When I open older pdfs or scanned docs and images they view a blank grey pages, but print ok
-
HI, I need to understand how we use the EAI value Maps for mapping values for external System. I am using Siebel 8.0 and need to map values for 2 fields before sending the SOAP message using Outbound Web Service. I can send it and receive the respons