Professional Web Applications Themes

2 Isolated Ether networks sharing DSL? - Mac Networking

A network in a small office currently has a SpeedStream DSL modem connected through a NetGear FVS318 VPN/Firewall router <http://tinyurl.com/2sjz9> to the computers. I want to create a second network, in parallel with this network, so that computers on both networks can share the DSL service. Simple, right? But the requirement is such that computers on each of these networks cannot see the computers on the other network. There is a medical data base (MediMac) running on a server on each of these networks that serves the computers on that network only. The data base is such that the clients ...

  1. #1

    Default 2 Isolated Ether networks sharing DSL?

    A network in a small office currently has a SpeedStream DSL modem connected
    through a NetGear FVS318 VPN/Firewall router <http://tinyurl.com/2sjz9> to
    the computers.

    I want to create a second network, in parallel with this network, so that
    computers on both networks can share the DSL service. Simple, right?

    But the requirement is such that computers on each of these networks cannot
    see the computers on the other network. There is a medical data base
    (MediMac) running on a server on each of these networks that serves the
    computers on that network only. The data base is such that the clients must
    be on separate networks. Otherwise, there will be confusion and potential
    data corruption between the two data bases (each client may access *only* its
    server).

    I wish I could be more specific re. the data base requirements, but that is
    all the MediMac install tech provided.

    My questions:
    1. Can a dual-yet-separate network be achieved?
    2. Is additional hardware required?

    Computers are all Macs running either OS 9.1 or OS X 10..2.3

    Thanks,
    --
    DaveC
    net
    This is an invalid return address
    Please reply in the news group

    DaveC Guest

  2. #2

    Default Re: 2 Isolated Ether networks sharing DSL?

    In article <individual.net>, DaveC
    <net> wrote:
     

    Sure. What you need is a computer with three Ethernet interfaces to
    serve as the router, in place of the Netgear. A cheap Intel box
    running Linux would probably be the most cost-effective. You can also
    (probably) get a router that'll do this, but it'll be mucho bucks.

    --
    Jerry Kindall, Seattle, WA <http://www.jerrykindall.com/>

    Send only plain text messages under 32K to the Reply-To address.
    This mailbox is filtered aggressively to thwart spam and viruses.
    Jerry Guest

  3. #3

    Default Re: 2 Isolated Ether networks sharing DSL?

    In article <individual.net>,
    DaveC <net> wrote:
     


    The easiest solution is to install a 2nd network card into each machine.
    Nic 1 will be connected to the respective lan that is needed for that
    database and Nic 2 will be connected to the NetGear router. This way
    each network will have access to the database, but they will not be able
    to see the other network. Both machines though will have access to the
    router through the 2nd interface. The machines will be able to see each
    other on the 2nd nic, but the users will only be able to see there
    server.


    M. Prindle
    M. Guest

  4. #4

    Default Re: 2 Isolated Ether networks sharing DSL?

    On Tue, 13 Apr 2004 19:19:34 -0700, Jerry Kindall wrote
    (in article <130420041919342618%invalid>):

    [snip]
     

    I'm interested more in simplicity, which, to me, is represented by the (mucho
    bucks) router. I think my client would also be interested in simplicity, and
    would probably not have an issue with cost.

    Can you give me a bit of a description of what this configuration would
    entail?

    Thanks,
    --
    DaveC
    net
    This is an invalid return address
    Please reply in the news group

    DaveC Guest

  5. #5

    Default Re: 2 Isolated Ether networks sharing DSL?

    In article <individual.net>,
    DaveC <net> wrote:
     
    >
    > I'm interested more in simplicity, which, to me, is represented by the (mucho
    > bucks) router. I think my client would also be interested in simplicity, and
    > would probably not have an issue with cost.
    >
    > Can you give me a bit of a description of what this configuration would
    > entail?[/ref]

    You'll have to configure access lists that allow communication from each
    LAN to the Internet connection, but block communication between the two
    LANs. Access list language can be pretty arcane on most high-end
    routers; the expected user base is experienced network administrators.

    --
    Barry Margolin, mit.edu
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    *** Please don't copy me on replies. ***
    Barry Guest

  6. #6

    Default Re: 2 Isolated Ether networks sharing DSL?

    DaveC <net> wrote:
     

    Right. Want to stay Mac? Stay Mac. Find an old grey G3 machine (or
    something of similar ilk with a couple of spare PCI slots), load it up
    with your choice of OS (8.6, 9.2.2 or even 10.2.x), a pair of ethernet
    cards, and a copy of Vicomsoft Intergate (seriously simple -- as in,
    well thought out interface -- yet highly effective) or a copy of
    Sustainable SoftWorks' IPNetRouter (cheaper but more arcane in its
    interface, but just as powerful).

    If the serverMac will be running OSX, you *can* if you want to geek
    around with the *nix-like networking stuff, but you'd have to be a geek
    to handle it. As the criteria is "simple" I wouldn't bother with this
    approach, nor running a Long Fat Wang x86-clone running linux.
     

    The DSL link (from the SpeedStream) goes into the onboard 10baseT
    ethernet, each of the other two networks (via a hub/switch) goes to its
    own individual ethernet interface card. You would then set up each of
    the two disparate LANs with their own IP subnets (usually by range of IP
    numbers) and suitable hostmasks. The routing software can then handle
    DHCP assigning (within the alloted range of the individual subnet) so
    that neither ethernet card can see the other card, but can see the
    shared internet feed coming in from the onboard ethernet.

    If you're still using Classic/OS9 on the client Macs, you can also
    further increase security by making each sub-LAN a different AppleShare
    zone.


    Geoffrey

    (remove EXCESS BAGGAGE to reply via mail)
    --
    WARNING: mail to this address will be auto-bounced if:
    (a) more than 10% original content appears before first quoted matter,
    (b) quoted material exceeds 75% of total message content, and/or
    (c) HTML is used to format text and/or embed non-ASCII items.
    Geoffrey Guest

  7. #7

    Default Re: 2 Isolated Ether networks sharing DSL?

    DaveC <net> writes in article <individual.net> dated Tue, 13 Apr 2004 18:49:33 -0700: 

    Do you use the VPN passthrough capability of the router? If so, have you
    decided which of the dual networks will have the VPN server?

    At any rate, you can buy 2 additional routers (1 for each new network) and
    plug two internal routers into the external router. If you have a VPN
    server, you need VPN passthrough capability in whichever new router that's
    going to be behind. Otherwise just get 2 ordinary NAT routers.

    -- spud_demon -at- thundermaker.net
    The above may not (yet) represent the opinions of my employer.
    Spud Guest

  8. #8

    Default Re: 2 Isolated Ether networks sharing DSL?

    In article <individual.net>,
    DaveC <net> wrote:
     

    People have mentioned using a Mac as a router with three Ethernet
    connections and routing software. This will work and would be what I'd
    consider to be the best solution. You would likely need someone who
    understands IP networking to set it up. You would have to private
    subnets and set up a filter to block access between the two subnets. It
    may be that you would want some access between them such as a single
    server, this can be done.

    Another approach which no one has mentioned is to use three inexpensive
    hardware routers. Router #1 would connect to the DSL modem via it's WAN
    port. The WAN ports of routers #2 and #3 would connect to the LAN ports
    of router #1. The only special configuration you'd need to do is to
    assign different IP subnets to each router (ie. 192.168.1.x, 192.168.2.x
    and 192.168.3.x). Routers #2 and #3 could have the same subnets but it
    isn't recommended, too much chance for confusion.

    What this set up would do is to put two levels of Network Address
    Translation (NAT) between the users and the Internet instead of the
    usual single level. Because each of the subnets connected to computers
    is behind a NAT router the two groups cannot see each other but can
    access the internet. They could also see any machine connected to
    Router #1s LAN directly.

    I know that basic double NAT configuration works, I have it setup at
    home. My household LAN is running behind a Belkin wireless router. On
    that LAN is a machine running IPNetRouter that connects a MacIP
    LocalTalk network via NAT. I'm only using NAT as I couldn't get the
    wireless router to route to the IPNR Router.

    Anyway, that's my $2E-2 worth.

    --
    Clark Martin
    Redwood City, CA, USA Macintosh / Internet Consulting

    "I'm a designated driver on the Information Super Highway"
    Clark Guest

  9. #9

    Default Re: 2 Isolated Ether networks sharing DSL?

    On 2004/4/13 9:49 PM, "DaveC" <net> wrote:
     

    I would get a second firewall/router (go with the same brand/model for
    simplicity) and put each of the two local networks on one of the two
    routers. Connect both of them to a switch or another router which then
    connects to DSL.

    The firewall blocks the computers one each of your networks from accessing
    the server on the other network.
     

    I don't understand what you mean. Other than sharing the DSL connection, is
    there any traffic between the two networks?



    Bob Guest

  10. #10

    Default Re: 2 Isolated Ether networks sharing DSL?

    On Tue, 13 Apr 2004 20:49:33 -0500, DaveC wrote
    (in article <individual.net>):
     

    easy
     

    to do it the simple way, yes.

    1 get two more cheap routers.

    2 determine what IP setting there is on the NetGear. Typically this will be
    10.0.0.x or 192.168.x.x.

    3 put one of the new routers onto the first net. Set its IP setting to some
    other non Internet-routable IP range than what the NetGear uses. (If the
    NetGear uses 192.168.1.x, try 192.168.2.x, for example. Before doing this,
    make sure that the range you're specing is _not_ an Internet-routable range,
    or you may get undesired results... Non internet-routable ranges are:
    10.x.x.x where 'x' ranges form 0 to 255, and 192.168.x.x, and 172.16.0.0 to
    172.31.255.255. Warning: it would be a _bad_ idea to use 172.15.x.x or lower
    or 172.32.x.x or higher...)

    4 put the other new router onto the second net and use a different
    non-Internet-routable IP range.

    You now have three local nets: one with the DSL device, the Netgear, and the
    other two routers; and one each with one router and multiple computers.
    Because the three routers and the DSL device are on the same net they can
    talk to each other and you can get DSL service on the other two nets. Because
    the other two nets are behind their own routers and have different IP
    settings which are not visible over the Internet, they will have major
    problems seeing each other, particularly if they are in different AppleTalk
    zones.

    Warning: any device placed on the same net as the three routers and the DSL
    device _will_ be visible to _both_ of the other local nets, unless it's
    another router. If you have a big expensive printer which you want to share
    between both nets, put it on the NetGear's net. If you have a big expensive
    printer which you want only one net to you, put it on the router for that
    net.

    2nd warning: you can have a max of 256 devices per net. (realistically, 254,
    as one address, usually the x.x.x.1 or the x.x.x.0 point, is required for the
    router; also, some advise against using the x.x.x.255 point for reasons I
    won't go into here.) You shouldn't run out of addresses for a small office.
    3rd warning: there are ways to get around this kind of thing. There have to
    be, so that people who have more than 254 machines can have them all on the
    same net. The only 100% secure from outside connections computer is one which
    has no network or modem connections live.
     

    Just set TCP on the Macs to the correct IP range for that net, either by
    hard-setting an IP address on each Mac or by turning on DHCP. Do the same for
    other network devices, such as printers. (I'd recommend hard-setting the
    printer IPs, especially if there are any Windows machines on the network. You
    avoid so many headaches that way.)
     



    --
    We are Microsoft of Borg. You will be assimilated. Stability is irrelevant.
    Where _you_ want to go to today is irrelevant. We will add your currency to
    our own. Bend over right now. Resistance is futile.

    Charles Guest

  11. Moderated Post

    Default Re: 2 Isolated Ether networks sharing DSL?

    Removed by Administrator
    Heather Guest
    Moderated Post

Similar Threads

  1. woody on thinkpad570 - unable to connect to ether
    By Richard Lyons in forum Debian
    Replies: 0
    Last Post: July 23rd, 10:40 PM
  2. Isolated error?
    By Sean Thomas in forum ASP Database
    Replies: 0
    Last Post: July 7th, 07:03 PM
  3. Netware Networks file+printer sharing AND WinXP Pro
    By Zsiga in forum Windows Networking
    Replies: 0
    Last Post: July 3rd, 11:38 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139