RFC on solution to Rejean's situation

Allan Shaw technews at sympatico.ca
Sat Nov 1 20:24:00 EST 2003


As i have exchanged a number of emails with Rejean regarding their network 
configuration my assessment and comment are the same.

Q4. Is this over kill?
The first rule in IT is (KISS) Keep It Simple and we all know what the last 
"s" is for.

1: I don't by the need or justification for 2 modems either from a 
bandwidth or data transfer requirement.  The cable modem alone is more than 
likely sufficient to meet and exceed the network requirements.

2: If you have 2 routers with 2 networks the 2 networks should be joined 
through the routers not having a system bridging the networks.

3: Instead of trying to fix this problem with a sludge hammer, go out and 
get the right equipment, namely a new Firewall/router with a 8 port switch 
and connect all servers and workstations to this device, a single modem and 
then configure it to allow and direct the appropriate services to the 
appropriate server/workstation.

4: Personal opinion, I have rarely seen such a convaluded network 
configuration in nearly 20 years of working with networks, but this is only 
my opinion.

At 18:59 11/1/03, you wrote:
>Hello, folks
>After talking to Rejean about solutions to his situation, we came up with
>the following.  I would like comments from the users experienced with this
>sort of thing, about whether our solution will work as I believe...
>Now, the groundwork, and useful information summary:
>1.  The network consists of many Windows machines, and a single Linux
>2.  The Linux machine is a public access server for web, mail, and FTP,
>and a private access server for samba.
>3.  The internal network is switched.
>4.  There is both a cable internet connection, and an ADSL internet
>connection.  Both of these are necessary for their own reasons.
>5.  The windows portion of the network should use only the DSL connection.
>The Linux side should use only the cable connection.
>6.  The Windows and Linux boxes must communicate for purposes of samba.
>7.  The current configuration is this:
>The network of switched Windows boxes, go through the DSL router.
>The Linux box goes through a router, which connects to the cable modem.
>The Linux box, has a second card, which links it to the Windows network.
>This is not ideal.
>So here is the proposed solution, to solve all problems of security,
>compatibility, connectivity, and so on...
>1.  He sets up an older computer, as a dedicated firewall/router, running
>one of the tiny Linux floppy distributions, which exist for this exact
>2.  This box would have four interfaces, configured as follows:
>eth0: cable modem.
>eth1: ADSL modem.
>eth2: Linux server.
>eth3: Windows network.
>3.  Eth0 would accept traffic for, and outgoing traffic from, eth2.
>Eth1 would accept traffic for, and outgoing traffic two only, eth3.
>This creates a box which is basicly split, into a Windows router, and a
>Linux router.
>4.  The Windows side, would accept no inbound connections (that is:
>through the ADSL modem), accept those desired by the Windows network--that
>is: related connections to those established by it.  It'll be doing one to
>one NAT, and firewall duty.
>5.  The linux side, will have connections related to anything it creates,
>as well as incoming connections to its services.
>6.  Either (A) private samba connections can be permitted between eth2 and
>eth3, with the modems being none the wiser; or (B) a separate connection
>for samba use, can be created either between the switch and the
>routing box, or it can be made from the switch, directly to the Linux box.
>Questions include:
>1.  Will this work as well as I believe it will?
>2.  How much memory will this routing box need, given a large quantity of
>data transfer per day?
>3.  What else might we not be considering for this?
>4.  Is this overkill?
>Thanks for any comments, and for reading this novel.
>Speakup mailing list
>Speakup at braille.uwo.ca

More information about the Speakup mailing list