Topic: SME & more than 2 NICs

[Scott Rogers]

Anyone have success with getting SME V5 to recognize more than two NICs to support more than one local network?  How did you do it?

[ryan]

Never tried 3 nics, but you can define additional local networks and use Windows 95/98/NT/2000 boxes as routers.  You will need a DHCP server on each subnet to define the gateway OR you can configure all clients static  OR use different scopes if your DHCP server is on a Windows Server and enble boot-P across the routers.  If you need performance, use hardware routers such as Cisco 1700.

Good Luck.

[Scott Rogers]

Ryan,

I have SME setup as a gateway and DHCP server connected to a cable mode on one NIC and a swtich on the other NIC.  So if I add a local network in SME's server-manager by designating a static IP address of another DHCP server (in my case a wireless AP) connected to my switch, will clients connecting to the wireless AP be able to see other clients connected directly to the switch?  I really don't need a firewall between the clients connected to the switch and clients connected to the wireless AP, I just want to prevent file or resource sharing, and most important, prevent potential virus infections.

Thanks,

Scott

[ryan]

Is wireless AP a hub or switch?  This device/system is on the same side of the firewall as the standard switch?  If yes to both, you can connect a wireless hub/switch to the standard switch just as if you were adding a switch to your LAN using the cascade port or a cross over cable.  I am not sure I understand your hardware and your goal.

[Scott Rogers]

Ryan,

My goal is simple.  I'm trying to set up two insulated networks or subnets on the same server. I have to connect my cable modem to a harware or software server (or router), providing a firewall and DHCP service to my LAN.  My ISP provides DHCP service so I do not have a static IP address and can't connect a plain hub or switch directly to the cable modem.  

Now, to support two subnets I thought I would need a server distribution which could provide separate DHCP service to each subnet, connected to separate NICs in the server box, to define the gateways for both subnets.  I also wanted some level of security between the subnets.  But that is where I got stuck.

So now I have a switch connencted to the second NIC on the SME server and, at the moment, I have a client and a wireless access point (WAP) connected to the switch.  The SME server is providing DHCP service to everything on the switch.

After reading your initial response, I thought the solution would be to add a local network in the SME server manager, designating a static IP address for either or both the client and the WAP.  My question then is, will my client PC connected to the switch be secure from clients connected to the WAP since my client and the WAP are no longer getting the same IP address?

Scott

[ryan]

To be honest, my linux experience is limited.  I am an NT administrator that wants to replace Microsoft where it can improve performance and save money.  I have been working with Linux for approx. 6 months.  I have installed 4.1.2, 5.0, and 5.1.2 and have 3 SME server running as proxy/gateways/VPNs for my agency.  It sounds like you want to use the SME server as a simple LAN router and DHCP server.  I can not help you set up SME as a LAN router.  I think (likely wrong) that IP masqerading will prevent an SME from being a LAN router without reconfiguring it.  The gateway (firewall)  basically requires internet IP addresses on one side and private IP addresses on the other side.  I also am not aware that a single SME DHCP sever can hand out IPs from 2 subnets because the gateway would not be visible to one of the subnets, which comes back to your original post of having 3 nics in the SME server.  You should keep researching this.

I suggest you seek additional assistance in the forum.  Your starting point should be getting the e-smith server setup as your gateway/firewall/dchp server.  When you say "insulated" I take this to mean you don't want either segments sharing resources...I can think of the following to accomplish this:

Options that make sense to me:  

1a.  Set up 1 subnet, select some computers for "workgroupA" and put the rest in "workgroupB".  Use share passwords that are different in each workgroup.

1b. Same as 1a, except each workgroup is on its own subnet.  Use one of the computers from"workgroupB" as a router (2nics).  Static configure the "workgroupB" client IP addresses.  This will allow seperate browser lists to exist, making it more difficult for users to find resources on in the other workgroup.  Since the network has only 1 gateway, it must be routed which means users can find other computers by their IP addresses.  Without a WINS server running, their will not be a simple way to translate computer names into IP address.

or

2a.  Set up 2 seperarte domains with SME or Windows as a domain controller.  You can then choose between a single subnet, or two subnets. If 2 subnets, each domain controller can take care of DHCP for it's subnet.  

2b.  Set a single subnet.  Set up some computers to use SME as a domain controller.  Make the other computers part of a workgroup.  The workgroup members will not have rights in the domain by default.  Make sure that domain usernames and passwords are not duplicated on the workgroup computers.

2c.  Set up 2 subnets.  SME a domain controller to the primary subnet.  Use a win9x/nt/2k system as a router.  Statically configure all IP settings on all clients on the second subnet.  Use another domain controller or a workgroup on the second subnet.

or

3.  Set up a single subnet.  Purchase a "managed" switch to set up V-Lans.  (Virtual Lans) which can allow you to control the follow of data through the switch.  Managed=more $$$.

Hope this helps.