[BLUG] Network Topology Question

David Ernst blug_at_mailman.cs.indiana.edu
Mon, 26 Mar 2007 13:27:15 -0400 

I'm not sure I get it all, but I'll take a stab at this:

First, you say you have a couple of public IP addresses.  Is it really
just two?  That would be pretty weird.  But not impossible.  

Next question: is the IP address on the T1 Interface of your router
presently public also?  Is that one of your "couple"?  

Third: the BSD Machine/ftp server.  How is it able to use its public
ip address right now?

My personal prefered set up for this would be to have everything
behind the Cisco on private IPs, and use NAT on the Cisco to map the
private IPs to whichever machine you like.

If you don't like that, I'd try to create a small network of public IP
machines right inside the cisco, and make one of them a simple
ethernet-ethernet firewall to NAT/firewall everything else you're
doing.  In this case, the best thing would be to have enough public
IPs so that you make a whole network in this area.  Assigning another
public IP to the inside of the cisco shouldn't be an issue as long as
it's on a separate network as the one that's on the outside.  Most T1s
that I've seen come with a public IP address for the outside interface
that isn't part of any other public IP addresses you've been
delegated.  Hopefully that's true of you, in which case you're fine.

Again, I'm not sure how well I grasp what you're aiming for, but
hopefully something that I've said is helpful to you.  

David


On Mon, Mar 26, 2007 at 07:35:03AM -0500, Peter G. Brown wrote:
>Good Morning,
>
>I am trying to configure what I need to do (or add) in order to do the 
>following.
>
>1st - my current equipment is Cisco 1721 Router (T1 interface, FastEthernet  
>interface and ethernet interface (10 Mbs) used for a ftp server), Cisco 
>Catalyst switch (24 port) and two HP 10/100 24 port hubs.
>
>We have a couple of public ip addresses. I want to use them while continuing 
>to protect our private network (using 10. ) and get away from the 10 Mbs 
>interface.
>
>I get stuck on the T1 interface part - as if I could just plug our incoming T1 
>into the switch and then have the router coming off the switch with the two 
>hubs attached to its FastEthernet interface, I can then plug any public IP 
>machines into the switch.
>
>With what I have if I assign the router's fastethernet another public ip 
>address (which Cisco tells me I cannot do) and then plug into the switch I 
>would need another router to attach the two hubs to.
>
>My ISP forwards the public ips to the one interface (the router) which 
>redirects so I think the router is going to stay where it is and I need to 
>configure behind it.... If so what ip address do I assign the FastEthernet, 
>and what does the network topology behind it look like or need?
>
>What else I could throw in:
>a FreeBSD machine - it functions right now as a ftp server (very little 
>traffic) with a public ip 
>
>Thank you,
>Peter Brown
>_______________________________________________
>BLUG mailing list
>BLUG_at_linuxfan.com
>http://mailman.cs.indiana.edu/mailman/listinfo/blug

-- 
yes, this is a new email address.  The old one still works, but it'd
be great if you switched your addressbook entry to 

david.ernst_at_davidernst.net