• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Reorganizing my network

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

bLack0ut

Member
Joined
Dec 21, 2004
As a followup to my other thread, I would like to get feedback on my current proposed network setup. A picture is worth a thousand words, so :



Any criticisms on organization/security would be appreciated.
The requirements for this network are:
  • Clients and my computer can access the fileserver
  • The clients use their own cable modems, my computer and the webserver use my cable modem

I think the web server is in a bad spot, and I should isolate it more, but it currently serves a smb share(my music), so it needs access to the fileserver.

I have extra routers/NICs, so extra hardware isn't a problem. I also have extra pentiums (~500mhz) that I need a use for :), suggest w.e. (electricity is not a problem).

EDIT: Assume that the clients are normal ole joe-sixpacks who know little to nothing about computers.
 
Last edited:
I am a little confused with the client situation...are they strictly on the network to access the file server? But go through their own internet connection for the outside world?
 
I am a little confused with the client situation...are they strictly on the network to access the file server? But go through their own internet connection for the outside world?

Yep, they are only on the network for the files. Pretty much, we all have good download links but our upload is crap, so I would rather they connect through LAN than WAN so my upload link isn't saturated.

Plus, they might torrent on my connection :bang head (on accident of course).

This setup seems a little convoluted, so I'm taking all suggestions on how to make it simpler/more organized/more secure.
 
Well I would suggest moving the SMB share to a new server (you said you had extra).

From there I would add another interface to the pfsense (I think they can do this?) and make it not possible to touch the webserver from the other interfaces, but of course be able to still have web functions.

It adds a little extra to the network but then the webserver is isolated from the other clients on your LAN.

EDIT:
Overall it seems like a pretty simple setup, I wouldn't change anything besides that, which is not absolutely necessary in the first place.
 
one more question -- how the wireless is setup now, can the clients currently access the file server?
 
Well I would suggest moving the SMB share to a new server (you said you had extra).

From there I would add another interface to the pfsense (I think they can do this?) and make it not possible to touch the webserver from the other interfaces, but of course be able to still have web functions.

It adds a little extra to the network but then the webserver is isolated from the other clients on your LAN.

Well, I'll give an example. The fileserver has a SMB share with blah.mp3. All the clients and my computer should be able to access it, preferably locally (again, to save my upload link). However, the web server is also serving that same mp3, so John Doe in Alaska can also access, albeit through WAN.

I need that functionality, but it almost seems inherently insecure.

one more question -- how the wireless is setup now, can the clients currently access the file server?

Yep, that's the point of the LAN.
 
Well, you have a few options..

1. Add more than one NIC in pfSense and team the NICS, if it supports it or
2. Get a dedicated wireless firewall appliance, such as a sonicwall TZ 170, and put your web server on the DMZ port.
3. be sure the switch is a real switch, and not a glorified hub.
 
Well, you have a few options..

1. Add more than one NIC in pfSense and team the NICS, if it supports it or

Well, why would I need to team NICs? Wireless limitations probably won't reach the throughput limit of one NIC and the switch would offload the wired side. You talking about teaming NICs WAN-side? If so, I only have access to one cable modem. -> but it's a good idea, i get another line :sn:

2. Get a dedicated wireless firewall appliance, such as a sonicwall TZ 170, and put your web server on the DMZ port.

The problem with this the web server can't serve files from a smb share of the fileserver. I'm also pretty certain I can configure pfsense to have a DMZ port.

3. be sure the switch is a real switch, and not a glorified hub.

It's a Dell PowerConnect 2016, 16-port 100Mb switch. I think it qualifies :).

Again, my main concerns are optimization of network flow and security. These are great suggestions, keep em coming :beer:
 
Can you access the switch via a web browser?? This would require the switch to be assigned an IP... This would be called a manageable switch, and would be in the class of a "REAL" switch. The Dell PowerConnect 2016 is a glorified hub... No intelligence, does what it need to do without management.

Also, If you think you get 100Mbs on your NIC, then your more gullible than I thought. You'll be lucky to hit 25% to 35% of the 100Mbs. I would team as many nics as you can. Besides if you have 4 users hitting a so called 54Mbs, you've already hit your thresh hold...

100Mb/s is only 12.5 Megs a second. 54Mb/s is only 6.75 Megs a second. These numbers are rarely ever hit. Maybe PC to PC with a crossover cable and then maybe you'll hit 100% utilization, and that's if the cable is perfect!

Try this on your network. Luckily for you XP has a built in network bandwidth monitor, in the task manager > Networking tab.

Try moving a file or what ever you do, and see what network utilization is...and see for yourself...

Edit: Case in point. at work I have a Gigabit connection to my server. The server and myself are both on the same managed switch.

Gigabit is 125MB/s in theory. I moved a 465MB file to a server. It used a whole 8% of the Gigabit network. which equals to 15.625MB/s. It took about 30 seconds to move over..
 

Attachments

  • network.JPG
    network.JPG
    48.9 KB · Views: 65
Last edited:
Ah, you meant a managed switch... I really doubt that I need a managed switch for this network (plus it's kind of expensive and this is really just for fun).

I've actually measured bandwidth of my NICs, and I usually get about 8MB/s, which is about 75%, which isn't too shabby. Considering that 802.11g rarely hits 3MB/s (because of interference)... oh wait lol. I'll team a few NICs and see if improves performance.

You seem to know quite a bit about networking. Got any ideas for the security aspect of the web server accessing the file server?
 
Well, why would I need to team NICs? Wireless limitations probably won't reach the throughput limit of one NIC and the switch would offload the wired side. You talking about teaming NICs WAN-side? If so, I only have access to one cable modem. -> but it's a good idea, i get another line :sn:



The problem with this the web server can't serve files from a smb share of the fileserver. I'm also pretty certain I can configure pfsense to have a DMZ port.



It's a Dell PowerConnect 2016, 16-port 100Mb switch. I think it qualifies :).

Again, my main concerns are optimization of network flow and security. These are great suggestions, keep em coming :beer:

Ah, you meant a managed switch... I really doubt that I need a managed switch for this network (plus it's kind of expensive and this is really just for fun).

I've actually measured bandwidth of my NICs, and I usually get about 8MB/s, which is about 75%, which isn't too shabby. Considering that 802.11g rarely hits 3MB/s (because of interference)... oh wait lol. I'll team a few NICs and see if improves performance.

You seem to know quite a bit about networking. Got any ideas for the security aspect of the web server accessing the file server?

If both are windows boxes, setup a VPN between the two..
 
dont you wish you could do trunking and vlans!?
another option is may be move your personal network to a seperate ip range and route traffic to it through a router, but may be this is too much for what you require..
 
Back