4 Replies Latest reply: Feb 21, 2008 6:33 AM by Jeff Lambert
Jeff Lambert Level 1 Level 1 (5 points)
I don't know if I'm at the right place, but here it goes...

We have a currently a Tiger server connected to a gigabit switch, all other computers also connect to the same switch which is connected to a router/ISDN modem from our ISP. We have 30 static IP adresses which we assign to each computer (by hand). We bought the upgrade to Leopard server and want to change all this to isolate some of the computers (but not all of them). I was reading about making the server as a gateway and creating a subnet in which most computers on our network could connect and receive their DNS, IP, etc, from DHCP. My problem is how will I enable the other computers that will keep their current IP adress from our ISP to communicate with our subnet? Will they see each other in bonjour? Will they have access to all services like the new iCal server, wikis, ichat server, the printers inside that subnet?

On another front, if I want to test this without buying another switch, can I hookup the new server directly to the router/ISDN modem which has 4ports for LAN and connect it to en0, then connect en1 to the same switch that operates our current network. Would that cause any problem?

With the new server, how do I setup DNS in the advance mode, Do I give it my ISP's DNS? I did register an IP adress and got a domain name, but we're not going to do our own mail server, so do I realy need a DNS service running on my server?

That's a lot of question, sorry, but any help would be very appreciated!

TIA
Jeff

Mac Pro 3.0 8 core, Mac OS X (10.5.2), 16Gb RAM
  • Leif Carlsson Level 5 Level 5 (4,950 points)
    Is that router doing NAT (doesn't seem so - and is it really ISDN)?

    Those 30 IPs are public IPs from ISP subnet? Do you need to have public IPs on those computers?

    No firewall (NAT router) inbetween Internet and machines or server?

    You don't have to do NAT between en0 and en1 but they will need to be on different subnets.

    If the Internet router does NAT you can route between en0 and en1.
    Static route in Internet router needed to find the innermost en1 LAN.

    I haven't tried Leopard "global" Bonjour or whatever it is called so I don't know what it does.

    You need to configure/enable DNS on the server.
  • Jeff Lambert Level 1 Level 1 (5 points)
    Hi Leif, thanks for helping.

    No the router/modem doesn't do NAT.

    Yes, those 30 IPS are public IPs from our ISP subnet. We do need some of the computers to have public IPs, or rather, we need to be able access them via apple remote desktop or Timbuktu, they are not serving anything up. If there is a way to do this without having public IPS, then even better!

    I don't understand the part about NAT. From what I've read, I can use the new server as a gateway, and have NAT activated. The problem I have is that you can have port fowarding to only ONE machine, not many and I need to be able to access some computer with ARD or Timbuktu, so there's my problem.

    If I need to configure DNS, what would be the basic setup? I've watched the Leopard server essentials tutorial on lynda.com and the guy teaching there says to put the DNS of the server to the adress of that server (self referencing), but what I don't understand is how is the server going to know about outside adresses if it doesn't have any DNS from the ouside (I'm thinking my ISP's DNS servers)?

    Jeff
  • Steve Krawcke Level 3 Level 3 (640 points)
    As or accessing the computers via ARD.
    If you set up the server as a gateway, why not also set it us as a VPN, then all the computers can be on the private side of your network, and the person who needs access to the internal computers can VPN in and have full access to them.
  • Jeff Lambert Level 1 Level 1 (5 points)
    Steve, I've never setup VPN and don't know much about it either. From what I understand, VPN is like a direct encrypted link between two computers on different networks. I don't know how to connect via VPN and can I do ARD via VPN? How could I access my computer from the outside of our network if the address is not public? That means I need to setup the DNS and add my fixed address to one of the entry in there, right? What whould I enter from my home computer to gain access to my computer on my workstation at the office behind that gateway? Right now, it's pretty easy, I just enter my IP address and I'm there, since the address is public, it's no problem. Firewalls are enabled on all computers by the way.

    Jeff