4 Replies Latest reply: Jun 20, 2010 3:50 PM by tdurick
Jeff Lambert Level 1 Level 1 (5 points)
Hi all,

I've been "managing" our network and doing the IT stuff even though I'm not a "true" IT guy, just a graphic artist dabbling in the stuff. I want to get some help on moving our multiple public IP address network to a more secure single Public IP address. I don't know where I can get that help so I'm taking my chances here even though this is not specific to Apple server.

Here's the equipment we have:
Apple Extreme dual band
Apple Server 10.6.3 for file services, iCal, iChat, DNS, Open directory, Address book, Web.
FTP server using CrushFTP on a Mac Pro running 10.6.3
Two ADSL modem from same ISP, one 16 Mbps the other 10 Mbps
a Peplink Balance 310 for load balancing the traffic (and it's not working as advertised as far as I could configure it.
30 static IP addresses hooked to the 16Mbps modem/router
a gigabit switch ASANTE Intracore IC36240
a 100 mbs switch ASANTE intracore 3524

I'd also like to be able to log into any machine remotely with ARD. Right now, it's a peace of cake with everyone having it's own public IP address, but how will I make this work with DHCP? I'd also like to be able to have VPN enabled.

I have no idea how to make the best of this equipment so if you have any insight or know where I can get some help to set that up, that'd be great!

iMac 24", core 2 duo, 2.8Ghz, Mac OS X (10.6.4), 4Gb RAM
  • MrHoffman Level 6 Level 6 (13,280 points)
    There are as many 'good' networks as there are network requirements and hardware combinations.

    Get a server-grade firewall, if that peplink router can't provide that function.

    Figure out what's up with the peplink router.

    If the peplink isn't working and if it doesn't have firewall capabilities (I've not read the specs), I'd replace it with a firewall with dual uplinks.

    Once you get DHCP going, you'll have two IP subnets, and you'll have to set up subnet routing for your gear. Other than that (and with that external server-grade firewall), the remote connections are straightforward.

    The server-grade firewall should have VPN end-point servers for pptp and l2tp, and probably ssl, and probably a DMZ. RADIUS support, likely. For this case, dual uplinks and support for running both.

    Stay out of for your private stuff.

    I'd likely set up the public static IP for the router, the DMZ, and key stuff that needs to be public facing. I might well run the rest of the stuff in a private IP block.

    None of which involves Mac OS X.
  • Jeff Lambert Level 1 Level 1 (5 points)
    Thanks MrHoffman,

    Well, I understood about 25% of what you just said, but sounded interesting:-) I think, I'll get a consultant for this since this looks to be way over my head and I want it to be working and not spend hours and hours trying to figure this out on my own (or with the help of you guys).

  • BobT360 Level 1 Level 1 (0 points)

    First - we looked at Peplink a while back. What threw us off is the fact that the firewall has no certifications whatsoever like ICSA, WestCoastLabs or EAL. Take a look down the road of Cisco, Juniper, Fortinet or Sonicwall. Can't go wrong with these usually.

    Second, dual-wan firewalls typically run outbound traffic only and are of no help on inbound traffic. If you have 2 ISPs use'em! We got an Elfiq and we're very pleased with it.
  • tdurick Level 1 Level 1 (0 points)
    Hi Jeff,

    If you are looking for help getting the network optimized, please just give Peplink support a call. We would be more than happy to help you make sure everything is working well together.

    Outbound load balancing should be fully automatic, and it is very easy to check if this is working. To achieve inbound load balancing, we have an integrated DNS server. Thant setup may be a bit more involved to get working. 9 out of 10 times people just need outbound load balancing to speed up their network.

    Give us a call between 9-5 Central, and we should be able to get you going quickly. 650.450.9668