Recommend NAT box please

Ok, that makes sense. If you want to go the Linux route (sorry about the pun!) you might want to look at Shorewall. Its what I use here on the Bridge/Firewall at Carr Hill.

http://www.shorewall.net/

Quote:

---

Originally Posted by mark

Quote:

---

Originally Posted by Ric

Incidentally, why can't you just use the same IP address range for your Admin and Curriculum networks?

If you intend to use NAT anyway, you will end up using a single IP address viable to the outside anyway.

---

I have more than 254 devices attached is why. We already have a single IP viewable to the outside world, as the County WAN is made up of private IP ranges. My router is on an LES2 fibre 1/2 mile across town, connected with the one port hence the reason the two ranges don't talk properly.

---

Sorry - I be stoopid there - of course using nat I have a practically unlimited no. of IP's available on a single range! - I often forget the obvious :oops:

Hi Mark.

We had an admin network IP range that only allowed for 124 clients (and after using most for printers and servers etc effectively had a lot less than that to use). EMBC (our broadband provider) wouldn't give us anymore but recommended that we use a small NAT device from NetGear (or whoever else we wanted to get one from) and take one of our 124 addresses and assign that to the WAN port. We could then use any private range we like internally to give as many addresses as we needed to internal systems and other devices.

I used 192.168.x.x and we can now have up to 254 clients with static IP addresses- whilst using only one of our 124 routable public addresses. Neat. And it works really well!

We currently have about 150 admin systems running through the NAT box at any one time- remembering of course they only do this when they want an external (internet) connection. It's pretty fast too. To help, I connected the NAT box directly into our core switch, so that helps a little. As from next week however, we are going to reaching nearly 220 connections to the NAT box, so time will tell whether this is a workable solution. Apparently EMBC know of many schools with this arrangement and they use the following model or a derivative of it:

http://www.netgear.co.uk/firewall_ro...pn_tunnels.php

All I can say is, "it works". And well enough for admin use. If you have many more intended connections through the NAT box, i.e. curriculum internet use, then you will need a bit more serious equipment. Hopefully this answer will help you a little though.

If you decide it will fit the bill and you need any more help let me know and I'll be only too happy to help you out.

Take care,

Paul

Thanks very much for that Kingswood. The price of those netgear boxes are certainly attractive! Dunno if I could stand the sneers from Nathan with his flashy firebox - but if it does the job...

Plus you could have two of those and i'd still be half the price of the watchguard!

Ah! - it's all too damn confusing! :)

Quote:

---

Originally Posted by GrumbleDook

We use Watchguard kit as a firewall, but that is because we manage our own connection but still have a seperate filter service even though the firebox has some.

---

Just like me then tony :)

what WG unit have you got and how many clients/users/etc. have you got attached to it?

Any policy tips to make vnc'ing via vpn faster would be useful too ;) (its ok but i'm sure it could be a touch faster ;))

mark - at least we can poll together on this one - if matt gets one too :D

Regards
Nath

I mailed the watchguard tech team Nath and they recommended an x1000!

Plus i'm just trying logmein as a vpn solution - seems very nice :)

Thought it might be that - I *think* that comes with 6 ports active on it (lucky git) - 2 x external, 2 x trusted, 2 x optional (1st being for connection to powys router, the later being for physically seperate lan - policy manager defining what can see what :))

Cheers
N.