Sharing a broadband cable connection in a small office

[Slowlearner]

In an office with 25 computers of which only 15 need internet/email access, what would be the least expensive way to share the Roadrunner cable connection. The computers run all flavors of MSFT OSs and are of mixed vintage - though the ones needing internet are all Win98/XP.

From my home setup, I have found that the following setup works, can I replicate this?

cable modem > 4port router - uplink to WAN port, reg ports to PCs, or another switch>more PCs,

i.e keep adding switches(4,8,16,24, 48 ports) so long as total available ports <253

I would appreciate suggestions to improve this setup, and also actual experience with hardware firewalls as opposed to software firewalls, in which in case I might look at Zytel/SOHO models, instead of the usual Linksys/Netgear which I have used at home.

 

[AFB]

What type of company is it ? Some industries are required to have certain security standards.

 

[Cheetah8799]

For a company that size, you probably should get a better firewall. You could build a your own using Smoothwall or IPCop. Easy enough to do, and offers much more control than the usual Linksys/Netgear/DLink router. That would allow you to skip the whole router thing, and you could use the firewall to be your dhcp server as welll.

Other than that, if there are not special regulations as amdfanboy mentioned you should be fine with your setup. You may want to consolidate your switches into one or two large higher quality ones and run cat5 cable out as far as you can. That will help with future support, less small switches and stuff to track down.

 

[LuckyTaxi]

Originally posted by: Cheetah8799
You could build a your own using Smoothwall or IPCop. Easy enough to do, and offers much more control than the usual Linksys/Netgear/DLink router. That would allow you to skip the whole router thing, and you could use the firewall to be your dhcp server as welll.

I really dont understand why ppl advise others to 'build' their own. A lot of ppl dont have the expertise (not saying Slowlearner doesn't know) to configure certain software. Some just really dont give a hoot about playing with something like openbsd and playing with ipchains, and would rather purchase a GOOD firewall.

I do agree that these rinky dinky routers do not provide the adequate security the higher end firewalls do, but it's better than not having one.

 

[TonitosWay]

Originally posted by: lilcam

Originally posted by: Cheetah8799
You could build a your own using Smoothwall or IPCop. Easy enough to do, and offers much more control than the usual Linksys/Netgear/DLink router. That would allow you to skip the whole router thing, and you could use the firewall to be your dhcp server as welll.

I really dont understand why ppl advise others to 'build' their own. A lot of ppl dont have the expertise (not saying Slowlearner doesn't know) to configure certain software. Some just really dont give a hoot about playing with something like openbsd and playing with ipchains, and would rather purchase a GOOD firewall.

I do agree that these rinky dinky routers do not provide the adequate security the higher end firewalls do, but it's better than not having one.

I agree. You pretty much have to decide what you value the most (Time, Money, or Security) and base your decision around that. When we first started out we purchased a simple router (Linksys under a $100). Later when we had more time and money and valued our security a little more, we invested in a Cisco Firewall/Router. If you are looking for something in between and have the time to learn about Linux Firewalls, then go with Cheetah's idea.

 

[Southerner]

Quick and easy:

1) Network connection comes into modem/router
2) Router/Modem's LAN connection is connected to the WAN port of a Webramp 700s or comparable (essentially a Sonicwall original; no longer supported, but cheap on eBay and plenty for your needs. I've seen 'em for $25 in the FS forum here).
3) LAN port of the firewall is connected to your switch; the switch ties all the computers together.

This'll get you a firewall that can be adminned from a web browser and mostly forgotten. It'll also take care of DHCP for you to get the other machines connecting to the network as you like. If you want to limit the ability of certain machines to access the internet, just make the limits based on IP addresses and set up DHCP to always deliver the same IP addresses to those MAC cards.

Cheap and quick. A newer Sonicwall, Watchguard, or comparable appliance isn't a bad idea, but cost savings can matter to small businesses. If it makes you feel any better, I've got 2 client offices connected to my network via VPNs and they're using Webramp 700s in each location. The largest office only has 23 computers, but the firewall still works at line speed (though I run the VPN at DES instead of 3DES for performance reasons).

Re: building your own firewall. It can work well (especially if you use something like Mandrake's MNF, which turns your PC into what's essentially an appliance), but appliances win out in most situations as they have no moving parts (less to break) and can be set up/administered with confidence without an advanced degree in TCP-IP/Unix implementations.

 

[Davegod75]

Smoothwall Firewall and a bunch of 10/100 switches

basically costs next to nothing..

smoothwall = free
box to run it on < $100
bunch of 10/100 switches < $100

 

[HKSturboKID]

I guess what everyone suggest is invest in one of the small Nokia or Cisco Soho hardware firewall.

 

[Slowlearner]

Thanks for your useful input, folks.

I had 24 port hub first, added a 24 port switch later. Our problem has been getting a good conection to the internet - in the the past ISDN or a T1 line was just too expensive to justify. When DSL became available, it turned out we were too far (or the CDSU was behind the boss' office or whatever) from the telco's office to get anything better than a ISDL (144). Since we are in an industrial area there was no cable. Right now we have a partial T1 line coming in with only 12 channels, out of which 4 are dedicated data lines giving us 264/264 bandwidth which is just too slow. So I am excited about the new cable lines that have been laid close by and expect 3/264, though I have concerns about cable. For the past five years I have had a better internet connection at home than at work at about tenth of the price.

Cisco products to me have always been way overpriced and over complicated, it took Linksys' 150 $ routers to convince them there was a market for such products which are quite suitable for smaller companies. They bought Linksys when Cisco's share had fallen to 14$ or lower.

I know from experience that you do not get what you pay for so you have look far and look carefully. Right now the whole issue of voice and data comm has become so complicated that it is very difficult to make the right choices without some unbiased help.

 

[Goosemaster]

Originally posted by: Slowlearner
Thanks for your useful input, folks.

I had 24 port hub first, added a 24 port switch later. Our problem has been getting a good conection to the internet - in the the past ISDN or a T1 line was just too expensive to justify. When DSL became available, it turned out we were too far (or the CDSU was behind the boss' office or whatever) from the telco's office to get anything better than a ISDL (144). Since we are in an industrial area there was no cable. Right now we have a partial T1 line coming in with only 12 channels, out of which 4 are dedicated data lines giving us 264/264 bandwidth which is just too slow. So I am excited about the new cable lines that have been laid close by and expect 3/264, though I have concerns about cable. For the past five years I have had a better internet connection at home than at work at about tenth of the price.

Cisco products to me have always been way overpriced and over complicated, it took Linksys' 150 $ routers to convince them there was a market for such products which are quite suitable for smaller companies. They bought Linksys when Cisco's share had fallen to 14$ or lower.

I know from experience that you do not get what you pay for so you have look far and look carefully. Right now the whole issue of voice and data comm has become so complicated that it is very difficult to make the right choices without some unbiased help.

-Although I agree with you somewhat, I would hardly through off Cisco or other enterprise-calliber hardware off as "complicated." Perhaps they do not feed your exact needs, but they DO fufill those of others .


-As for your network, if you want great security, get a Cisco Pix. It's a relatively cheap for the ROI. Of course, it is "complicated" to operate unless you have a good IT guy, or a would-be "qualitfied" IT guy at that

-From experience, many have told me to stay away from watchdog products.


-If you want a great solution, go Netscreen. They just got bought out by Juniper Networks, and are still going strong.


Link to some random netsreen vendor



As for checkpoint all-in-one devices, they seem to be a little easier, if not ridiculously easy to administer and are of great quality.

Link to product index


Actually, now that I browed the page, look at teh Conenctiva Checkpoint solution.

It offers both SSL and IPsec which will allow you to be flexible...remote access from a webpage is nice and you can use IPsec when you need direct network interaction.


oh..and yeah, that 24 port switch goes behind this

:beer: