Need advice Please. Got T-1, Now what?

[jlondon]

We got T-1 and have 30 computers to connect to the internet.

Can someone tell me what all stuff I need to get the computers onto the internet.
T1
|
|
---------------
| | | |
S1 S2 S3 S4


S1, S2, etc are Cisco switches? Am i getting it right? What else do I need?

Thank you.

 

[skritch]

Originally posted by jlondon
We got T-1 and have 30 computers to connect to the internet.

Can someone tell me what all stuff I need to get the computers onto the internet.
T1
|
|
---------------
| | | |
S1 S2 S3 S4


S1, S2, etc are Cisco switches? Am i getting it right? What else do I need?

Thank you.

If you've got a T1, then you've got a router with a CSU/DSU, and a public IP address.

Configure the router to use NAT to translate that external address to an RFC1918 address space internally (and vice versa). Advertise your block via BGP4 (if this isn't already being taken care of by your upstream).

Set up a server internally to hand out addresses in the RFC1918 address space via DHCP, or manually configure each machine with a static IP from the RFC1918 space.

Set the internal machines' default gateway to the IP of the router's internal interface, set up a server with a forwarding-only DNS server, point the internal systems to that DNS server, and away you go.

 

[ccarrigan]

And do yourself a favor, buy a firewall.

 

[Zwitterion]

I was just about to mention that.
Step 1: Firewall
Step 2: everything else

 

[jlondon]

woah. sounds more complicated than I originally thought.

I am going to get the server (windows 2003?) and a router and do all the stuff required.

before doing that, if I get three switches and connect them daisy chain, and connect a cat5 cable from a port on a switch and the nic card of a computer, will i be able to access the internet?

 

[Anthony.L]

Cisco 1721 w/ WIC-1DSU-T1
Cisco PIX 506 Firewall
Cisco 2950 24-Port switch (2)

 

[skritch]

Originally posted by Anthony.L
Cisco 1721 w/ WIC-1DSU-T1
Cisco PIX 506 Firewall
Cisco 2950 24-Port switch (2)

I'd recommend something other than the PIX. Like, for example, a firewall that actually works. OpenBSD + PF, preferably. Bonus: It's free.

 

[Anthony.L]

Originally posted by skritch
I'd recommend something other than the PIX. Like, for example, a firewall that actually works.

uh... wrong.

 

[rosco]

You don't need Server 2003, you can configure your firewall to hand out the ip's. No offense but you might want to hire someone to do this as if it's a business you don't want to leave yourself wide open to attacks.

That said, getting something like a sonicwall, or snapgear firewall that's easy to configure might be a good idea. It's not free but you won't spend the next 6 months trying to learn openbsd+pf.

 

[Zwitterion]

Originally posted by skritch
I'd recommend something other than the PIX. Like, for example, a firewall that actually works. OpenBSD + PF, preferably. Bonus: It's free.

Whats wrong with PIX? Was there some bad press or alot of vulnerabilities found in it or something?

 

[skritch]

Originally posted by Zwitterion
Whats wrong with PIX? Was there some bad press or alot of vulnerabilities found in it or something?

That, and it simply doesn't perform well, its state tables are miserably small, its "I can't believe it's not IOS!" interface sucks, and its functionality is woefully limited.

 

[Zwitterion]

Ooh I see. Hmm, maybe give him some alternatives? I'd sorta like to know whats better out there, too.

 

[Nybbles]

Originally posted by skritch
That, and it simply doesn't perform well, its state tables are miserably small, its "I can't believe it's not IOS!" interface sucks, and its functionality is woefully limited.

Hmm, maybe so, but it will work. I've got a 506 at work that's been there for about 4 years now, longer than i have. And I have approx. 100 users on my LAN, over 3 times what the original poset has, and we've had ZERO problems there with it.

I'm not saying it's the absolute best solution. And it is Cisco so it's probably overpriced; something better may be able to be purchased for less money, but if that's what he decides to go with it will definately perform IF it's properly configured.

And with that said, if u have to ask where to go, I wonder if some outside help may be in order. There's no way u can learn to configure a PIX, or set up OpenBSD + pf overnight. At least on the firewall config, it may be in ur best interest to hire out at LEAST for the firewall config as it will probably be the trickiest part.

Of course, post any other questions u have here and we'll do our best to help.

 

[kleptophobiac]

If you're willing to invest personal time into it, I figured out the basics of pf in just a day or so. More advanced things like shaping took me a couple more days.

I was already a *nix person, so switching gears from freebsd to openbsd was cake.

I think if he was willing to invest some serious setup time, he'd be able to have a superb openbsd + pf firewall that would do the job in a few days. Depending on how much you value your time, that may be the right solution. For me, being a 15 year old computer nerd, it was a great trade off. Do I use this dell with 32mb ecc and a couple NIC's off the shelf, or do I shell out for a nice router? Being under the legal hiring age solved that one for me pretty quick.

 

[Projkt4]

hop on the clarkconnect express, youll love it, easy to configure w/ a bit of *nix background. i started with no *nix background, and after doing a bit of research i was able to figgure most of it out. www.clarkconnect.org