network at work, quick question

[mjcason]

ok so we have a shared T1. they payed some dumbass to do their network and i think he made a bad move.

it goes internet > T1 modem > Firewall box thing > switch - computer >switch comuters and so forth.

they pay for an IP for every computer, couldnt a router be thrown in the chain after the firewall and then they would only need one IP. The max computers im guessing we would ever have is about 50.

Also what possible problems could be causeing the windows 2000 server to not allow more people to connect to it (they can get to the web and local shares but not the network drives)

if this doesnt make any sense i wouldnt be surprised but i thought maybe someone knew what was up. thanks.

 

[draconius]

Unless there is some need for a public IP on each machine, they really could stick a router or hardware based firewall/router such as http://clarkconnect.org in there


<edit> stupid me, not reading</edit>

 

[Boscoh]

Why would you need 3 CAL's per employee?

 

[scottatwittenberg]

get a firewall/router. do people need to be able to connect to specific comptuers from remote locations? i doubt it, that would be the only reason to give them their own IP addresses...

 

[Boscoh]

And that's not even a reason. If they're all XP machines, setup remote desktop on each one, change RD's port number in the registry, and do port-redirection on one global IP. You'd have to make the PC's have a static private IP address, but it can be done. It's not secure by any means. Giving everyone a VPN client and locking down the VPN clients to only the RDP port would be the better way. Or Citrix, or and SSL proxy.

 

[mjcason]

ya the "admin" (doesnt know too much) uses RD to connect to the two servers (pieces of crap) wouldnt the hardware firewall make it secure? plus the router? only outgoing ports that would need to be open would be for internet traffic and maybe ftp on one computer or something. I'm gonna try to talk with the owner and let him know he doesnt need to buy all those IPs. So a router before the switches will take care of everything right? Do they make routers that can do 10/100/1000 or just 10/100? Wanna still take full advantage of the T1. Also wanna get them to go Gigabit but they are stingy.

 

[draconius]

Why would you need 3 CAL's per employee?

whoops!
I misread the original post. forget that whole licensing thing.


and to add, you might try some basic troubleshooting to the server from the problem workstation(s)

1) open up a command prompt (start->run->cmd) and see if you can ping the server ip address (ping x.x.x.x where x.x.x.x is the ip of the server)

2) If you are able to ping the server by IP, are you able to ping it by its DNS name? (ping thenameofyourserver)

3) If you are able to ping the server by DNS name, what happens when you go to start->run->\\ip.of.server.here?

4) does the above return a list of your shared folders, printers, etc? If not, are the following services started on the server: Workstation, Server, Remote procedure?

Umm it's late and I am tired, but thats all I can think of right now...oh and sorry if that was answered already, I didnt read through all fo the new posts

 

[Boscoh]

Well if he's can connect to the server over RD from outside the network using the public IP address...so can everyone else in the world. At that point, its your username and password scheme protecting you from the 13yr olds with a port scanner that roam the internet. You could restrict what IP's are allowed to connect to the servers with an access-list, but that would either require that admin have a static IP at his house (so you could lock it down to allowing only one IP to connect to those servers over RD), or you'd have to limit access to his entire subnet. That would still open you up to a lot of 13yr olds.

To answer your other question, a firewall and switch should take care of what you need. In your case, a good firewall unit is probably going to be able to provide all the "routing" you would need.

 

[mjcason]

they have a fhardware firewall already, it doesnt act as a router, and if it does (ill check, they dont use it as one) they have a unique IP to every machine. Its a waste and im gonna try to get them to switch over to a router setup. Keep posting here if you guys have more ideas.

 

[wraieghaeien]

Just as an FYI
a 10/100 router is still more than over kill if it is just for internet connection sharing.

the T1 that you are taking about is 1.5mbit so even old school 10mbit ethernet is several factors faster than the internet connection.

Now I dont remember reading anything about what kind of bandwidth you need internaly, but you dont need gigabit to take full advantage of your T1.

 

[mjcason]

hte gigabit would help the network casue there are some computeres that save big 500mb - 1gb files. Autocad and Macromellium or some weird program like that (not one 1GB file, but say a bunch of designs in a folder togethor. Like a whole years worth of work, etc.)

Anyways I think a WRT54G would work well as the router, only emails and internet traffic would be leaving. Doesnt really warrent a cisco or some big brand.

 

[Boscoh]

hte gigabit would help the network casue there are some computeres that save big 500mb - 1gb files. Autocad and Macromellium or some weird program like that (not one 1GB file, but say a bunch of designs in a folder togethor. Like a whole years worth of work, etc.)

Anyways I think a WRT54G would work well as the router, only emails and internet traffic would be leaving. Doesnt really warrent a cisco or some big brand.

Not necessarily. Most computers now except extremely high end workstations and high end servers are limited in hardware from doing gig. It's possible you'll see maybe a 5-6% performance increase over 100mbps equipment simply because gig nics and CAT6 cabling tends to be higher quality. Unless you've got the latest SCSI controllers or Serial ATA, and 10k or 15k RPM hard drives you will probably be hard pressed to even max out a 100mbps line on your standard desktop, especially if you're using SMB to store files on your network.

 

[Cardboard Hammer]

Not necessarily. Most computers now except extremely high end workstations and high end servers are limited in hardware from doing gig. It's possible you'll see maybe a 5-6% performance increase over 100mbps equipment simply because gig nics and CAT6 cabling tends to be higher quality. Unless you've got the latest SCSI controllers or Serial ATA, and 10k or 15k RPM hard drives you will probably be hard pressed to even max out a 100mbps line on your standard desktop, especially if you're using SMB to store files on your network.

I got around 4X the performance after upgrading to a gigabit switch and NICs. While most PCs currently are held back by the PCI bottleneck, what they can get out of gigabit is still a major improvement.

 

[Boscoh]

Did you have a pretty nice system?

It's certainly possible to exceed the capacities of a 100mbps line on a desktop. In my experiences though it hasnt been common, mostly due to the bursty nature of file transfers. Transferring big files is another story. Then you've got to take into account how fast the user's hard drive and controller are, what else is using the PCI bus at the time, how fragmented the user's hard drive is, overhead from SMB (if that's what is being used), retransmissions, how big the file is vs how long it takes the transfer to get up to it's max speed, lots of things. The point I'm trying to make is that while it is possible to exceed 100mbps on a normal desktop, even if you did it could only theoretically be by 33mbps (32bit bus x 33mhz (what most desktops are) is maxed at 133mbps). That usually doesnt happen.

I didnt take into account the fact that he said Autocad. I usually associate Autocad with pretty high-end workstations. So he might see a big performance increase in going to gig, especially if the workstations doing autocad have 64bit PCI busses.

 

[Cardboard Hammer]

Decent, but not very high end systems. It doesn't noticably improve my entire network use experience, but it helps a ton when moving large quantities of data.

 

[Cardboard Hammer]

... The point I'm trying to make is that while it is possible to exceed 100mbps on a normal desktop, even if you did it could only theoretically be by 33mbps (32bit bus x 33mhz (what most desktops are) is maxed at 133mbps). ...

Your math is a bit off there... 32bit bus x 33mhz = 1056mbps = 132 MB/s.

100mbps = 12.5 MB/s.
1000mbps = 125 MB/s.

(In all cases, effective rate is less, due to interface overhead).

As you can see, there's plenty of room for improvement by moving to gigabit.

 

[IceWindus]

And keep in mind also, 125meg is the THEORETICAL maximum of 1 gig ethernet which you will never achieve due to TCP overhead, collisions, ect... So your probably look at at 100megish on a Gigabit network which a PCI bus will easily do unless its totally saturated from other hardware.

Trust me, im on a 10meg half duplex network at work here and moving files is absolutely painful. I'd kill to have 100mbit switches right now

 

[bignasty]

so all of your machines and your servers have public IPs??? that just screams SECURITY HOLE!!!!! getting a router/firewall would be a good move, it would keep your data secure, something i guess you guys take for granted!! I would get someone in there to look at it, sounds like your admin is a real genius...

 

[mjcason]

like i said before, someone was paid before i was there, to setup the network. the damage has been done by him. They do have a FIREWALL, a real HARDWARE firewall (ill get the model name manufacture next time i work (tues).

 

[Boscoh]

Your math is a bit off there... 32bit bus x 33mhz = 1056mbps = 132 MB/s.

100mbps = 12.5 MB/s.
1000mbps = 125 MB/s.

(In all cases, effective rate is less, due to interface overhead).

As you can see, there's plenty of room for improvement by moving to gigabit.

Yeah, you're right. It was off. I dont know how I got it so wrong. Long day, and I dont even want to try to retrace my bad math. Heh. That's what happens when you go to work off of 3 1/2 hours of sleep, drink 10 cups of coffee in the course of two hours, and then try to math as you're coming down off your caffeine high.

At any rate, ultimately it's his money. If he wants to do gig, he will see an improvement in moving big files. How much will be dependent on a lot of things, including the hardware in his PC's.