Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Routing GW/Server
« previous next »
Pages: [1]   Go Down

Routing GW/Server

  • 3 Replies
  • 418 Views

Eugene Worth

Routing GW/Server
« on: February 14, 2003, 02:35:23 PM »
My network has 3 computers (server and 2 workstations), I am behind a hospital firewall for which I need access to a private Internet site ... URL ... 159.xxx.xxx.xxx. (This firewall does not allow access to the Internet at large, but to this URL through an edge router.) Currently, the three computers are on a 10.1.14.xx address net with a gw address of 10.1.14.254. When I dial up the Internet (modem) on either of the workstations, I cannot get access to this URL b/c the PPP adapter has an assigned IP address outside the usual 10.1.14.xx address in the office. I deal with that by turning off Internet access through the modem when I need access to this hospital URL, but I think I can do better with a routing solution on the 5.6 server/gw.

I have an e-smith server for my home network, which shares a dial-up to the Internet through the server/gw. I love it! I want to implement the same thing at my office ... but this routing problem has me stumped. I know that I can set up just a simple server, but I want to share Internet access among my office computers, and I want the security of being behind my own firewall ... so other offices on the same network don't get 'prying eyes.' Right now, all three machines are visible on the private network ... I don't care for that.

Because I'm 'sharing' this 10.1.14.xx network with other offices in the same building, I really want my 3 computers behind behind the 5.6 server/gw. Here's the solution that I see ... but I don't know enough to implement it ...

1. Put a second NIC in the 5.6 server/gw machine, and attach it to the 10.1.14.xx network, using the first NIC from the server/gw to all other machines in the office,
2. Use the server/gw to DHCP addresses for my 2 workstations and provide a gateway to the Internet (broadband or modem) through the server/gw,
3. Add a routing for this particular 159.xxx.xxx.xxx address through the server/gw for only this URL. (THIS is the step that I don't know enough to handle.)

Any help on this last step would be most appreciated.

Why is the system set up this way? I'm in a medical office building. Multiple offices share the 10.1.14.xxx address space, and the hospital information service, providing X-Ray and lab data is the 159.xxx.xxx.xxx address. So, it's OK for me to change the network configuration as long as I don't mess up their network.

Thanks for the input.

gene
Logged

Tony Howden

Re: Routing GW/Server
« Reply #1 on: February 14, 2003, 03:59:40 PM »
Hi Gene

While I am sure that the principle of what you want to do is possible, I'd question the issues that you raise in your situation.

There are numerous issues with providing a back-door to the internet for specific systems attached to a larger network, not the least of which is the risk to the hospital of hackers accessing personal data on patients via the backdoor that you would open by routing internet traffic via your sme server.

If it is essential to your business/department that you have internet access, then look towards the sysadmin for the main network as the first point of contact.

Assuming that the only 'control' that the hospital wants is to ensure that you dont mess up their LAN, then they will/should be happy to accomodate configuring your routing issue within your private LAN.

I know this is not the answer to the question you asked, but I think its probably the most appropriate response.

cheers
Tony
Logged

Eugene Worth

Re: Routing GW/Server
« Reply #2 on: February 14, 2003, 05:02:44 PM »
Tony:

Thanks, and understood. Actually, the hospital provided the office with access through the private network _only_ b/c access to the patient info URL was behind their firewall. And, they were loathe (understandably) to punch holes in their firewall for outside access.

They have no interest in providing Internet access to the physicians in the office building. Hence, we have the problem I detailed. Is there some risk to the hospital? Yes, but far less if my network is behind my own firewall, which I maintain ... and my computers are not visible to any other office on the private network.

That's why I want to see if this can be done. Otherwise, I will still dial-up the ISP when I need the Internet ... and have to provide security to _all_ of my computers from the inside 10.1.14.xx network.

gene
Logged

Tony Howden

Re: Routing GW/Server
« Reply #3 on: February 15, 2003, 07:12:13 AM »
Hi Gene

I'd guess that you may need to think through and have a look at

http://forums.contribs.org/index.php?topic=14394.msg54831#msg54831

I've been researching a similar issue for myself with having 2 external interfaces for my server. In essence I think you are chasing a single dial-up external interface and 2 internal lan settings. The response from Luciano in that older thread is comprehensive and I think if you substitute his 192.168.3.0 lan addresses for your hospital address then it may come close to your needs.

cheers
Tony
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Routing GW/Server