DescentBB

Maybe someone can either give me a suggestion, or point me at a web site that discusses this stuff.

Here's the deal...

My company currently has a small-business Roadrunner package (1M x 384 with one usable static IP for $125/month). The static IP is assigned to the WAN side of a Linksys cable router. We're using NAT, and fix our own inside IPs for our 2 file servers and web server. Workstations get IPs via DHCP. We have the router configured to forward port 80 traffic to the web server.

The cable company provided us with a Cisco router that's configured just as a bridge, and essentially works as a cable modem. Our Linksys router is just plugged into that from its WAN side, and the LAN side is tied into our bigger switches for our inside network.

There's now a very short-term and VERY sweet offer by the cable company. The package would give us 2.5M x 1M and 5 usable static IPs for $250 per month. That ties in nicely with our needs, since we need more speed (particularly upload), and want to hang 2-3 more web servers.

My confusion is in what I need inside to make it happen. One way might be to hang a switch between the bridge(modem) and our router, and then plug the web servers also into the switch. Of course, each of them would then need some kind of firewall protection, say only opening port 80 on each.

Is it that simple? Or am I thinking about this wrong? Can anyone paint me a mental picture?

Thanks for any advice...

-VonHerc

You can usually set up a router to have multiple external IP's, each of which directs connections to an internal system (such as one of your webservers). In UNIX, you'd set a line in your network config file that read something like "alias [interface] [IP]". I assume you can do something similar with your router, though you may have to upgrade.

For example, at one company I worked at, we had an OpenBSD firewall / router connected to our DSL modem. The outside network card on our router had several IP addresses: xxx.xxx.xxx.81 through .94. Connections to .82 - .84 to our three webservers, .85 and .86 to our mail servers, and .81 was the firewall/router itself. All other systems used NAT with the .94 IP address.

This is what I've learned in CCNA so far.


ISP - ROUTER - SWITCH - PC's
|- SERVERS


EDIT: The servers should connect to the switch but I can't(don't know how, to lazy to learn) do formatting here.


Have the firewall to block anything on your fastest/most powerful router/switch. THis will be the one that has the most RAM also.

If need be, you can bind MAC addresses to the switch ports so no one can move a PC nad have it work.

You'd best use that CISCO router as your WAN router as it is more powerful than the Linksys one by far. It also has more security capabilities in it.


Using ACL lists can protect you a lot.