Find the answer to your Linux question:
Results 1 to 10 of 10
Hello Guys: This is more of a personal problem. I work for a University and the Univ has given me an ip address range 135.123.39.2 - 135.123.39.254 for my lab. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2007
    Posts
    10

    Talking Network Solution


    Hello Guys:

    This is more of a personal problem. I work for a University and the Univ has given me an ip address range 135.123.39.2 - 135.123.39.254 for my lab. Every time I bring a computer for the lab, I have to ask the university to add the dns name to the dns server. Recently we have split up within the lab and we are having trouble coexisting. So we want to separate. Now the whole setup is like this

    rouetr -> firewall -> switch -> workstations/servers

    There is only one port coming out of the the router and going to the my linux firewall (bridge mode) and then to the switch where i distribute all the IP tot he rest of my machine. Now I am trying to understand the University setup. This is a Class B address (135.123.39). But if I wanted to separate within or ask the univ to separate,

    1) How they would do it and

    2) How can I do it ?

    I want to know all my options. I would be glad to provide you with more info if needed

    Thanks

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,672
    OK, first things first.

    While the first octet is in the class B range looking at what you posted they setup your range as a class C.
    I'm willing to bet your mask is /24 or 255.255.255.0

    OK, I'm not clear on the split your are talking about. Where should this split take place?

    At the Router?
    At your switch?
    At the firewall?

    Is the router controlled by you or the University?
    What do you control?

    How is the range to be split up, with how many ip addresses?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Just Joined!
    Join Date
    Sep 2007
    Posts
    10
    Thanks for your reply. To answer your questions:

    >While the first octet is in the class B range looking at what you posted they setup your range as a class C.
    >I'm willing to bet your mask is /24 or 255.255.255.0

    You are correct! They set it up to be a class c network and the mask is /24

    >OK, I'm not clear on the split your are talking about. Where should this split take place?

    >At the Router?
    >At your switch?
    >At the firewall?

    Since I do the filtering at the firewall, I want to separate the switches. I have no control on the router. I can ask for a single port and then split them via router. But then if I have my own sub-domain, I would need to setup a dns server too right?



    >Is the router controlled by you or the University?

    Yes

    What do you control?

    Firewall, switch, servers in the intranet.

    >How is the range to be split up, with how many ip addresses?

    I dont want to split up within the existing IP address, (I.E. 135.165.25.2 - 135.165.25.50). It would be better if we get a new range (135.175.14.0/24) and then split up the switches and have my own firewall and DNS for the internal network. But the question is if I have a internal network, how do I get in from outside (internet). For example if have 10.0.0.5 (wks1.bla.boop.edu) inside then how do I access it from outside. Also do I need to do NAT ? How can I do VPN in my position? I actually need a diagram. Can you help?

    Thanks

  4. #4
    Just Joined!
    Join Date
    Sep 2007
    Posts
    10
    OK. So here is the deal. They are just gonna put a bunch of Cisco 3750 routers and put VLAN and firewall on it and separate every groups. But here is the problem:

    We had only one port (meaning instead of all my workstations on univ's switch i would get one half-duplex line coming and then I would split them out) coming in from the university (from the cisco router to firewal to switch) and then I have my own switch and firewall to serve and protect the intranet. Now that we should move to their (Univ) switch, we need to pay for every port (!*!$#) that is on their switch. The reason we have the configuration we have right now is because we wanted to avoid this very thing. Now please suggest alternatives. I will be happy with 100 clients. I need to make a deal but an educated one with the univ. This is why I am asking you guys.

    Thanks

  5. #5
    Just Joined!
    Join Date
    Sep 2007
    Posts
    10
    Any ideas guys?

  6. #6
    Linux Engineer rcgreen's Avatar
    Join Date
    May 2006
    Location
    the hills
    Posts
    1,134
    We had only one port (meaning instead of all my workstations on univ's switch i would get one half-duplex line coming and then I would split them out)
    Are you concerned that you won't get enough bandwidth,
    or is it that you will only get internal addresses (and will need NAT)?

  7. #7
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,672
    I would like to say sorry for the late reply.

    Next, I do not think you will be connecting at half-duplex.

    You are asking us to give you an idea but you are not telling us what we need to know to help you along with this.

    Questions I would have are as follows:


    1. What is the per port cost and what speed are they set at?
    2. What is the cost if it is decided to request more bandwidth?
    3. What is the minimum speed needed to meet your needs?

    Then you need to know what speeds your devices can handle without dropping packets.

    A big factor is how much traffic are you planning on pushing/pulling through your network?
    Are they going to limit the amount of traffic to/from your network?
    If yes, are they going to charge you when you gop over and how much?
    This is the starting point.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  8. #8
    Just Joined!
    Join Date
    Oct 2008
    Posts
    14
    They the Univ gave you the address range 135.123.39.2 - 135.123.39.254 as a class C (mask 255.255.255.0)
    So you have 253 IP's to use as you want (They own the .1 which I assume is the router interface.)
    I take it that you want more IP subnets but do not want to pay for more Univ router ports?

    Well you have some options. But all involve addition of your own router.
    Place your router after the Univ router like this

    router->firewall->Your router->Lab subnets.

    By adding a router you can slice up the full class C network in to
    several smaller ones.
    Such as using a mask for your lab subnets of 255.255.255.240 will give you 16 subnets with 14 hosts per subnet.

    If you need more IP's than you are given you can add NAT function to the router or firewall and then you can use any IP scheme on you lab
    you want.

  9. #9
    Just Joined!
    Join Date
    Sep 2007
    Posts
    10
    Thank you very much for your answer RumbleFish. I really appreciate it. This is what I was thinking too. But the problem is the Univ wants to put us behind the firewall (no matter how - as I mentioned earlier that they are just gonna put a bunch of cisco switch and use fwsm for firewall and seperate the vlan). Suppose they decide to give us the IP 135.123.39.45 on VLAN 10 and this I take and connect to my own router and then from that router I branch it out with switches. (correct me on this)

    1. I need to have my own DNS
    2. I have to reconfigure the firewall.
    3. How do I route connection to be able to connect from outside using VPN ?

    As you see I am trying to get the whole picture because I need to tell them this is how you have to do it for us.

    To answer other question the network traffic is not that much from outside. What is most important is that inside network (because of lots of backups and stuff). Any insight will be much appreciated.

    Thanks to all.

  10. #10
    Just Joined!
    Join Date
    Oct 2008
    Posts
    14
    You are correct in how you have to set things up if they give you IP 135.123.39.45 on VLAN 10.

    >1. I need to have my own DNS
    You will need your own DNS for all of your internal IP range. The IP range that is assigned by you Univ. will be part of their DNS.

    >2. I have to reconfigure the firewall.
    I'm not sure why you have to reconfigure their firewall. It should pass most traffic to you. But of course you will have some restrictions. Can you clearify why you will have to reconfig the firewall?

    >3. How do I route connection to be able to connect from outside using VPN ?
    This is the real problem you will have. While you can do anything you want behind the Univ. in your own network. You will have to play by their rules when you are trying to go from the real world in to your network. Because you will have to cross their firewall in to your network.
    If they only give you a single IP address they you will only be able to contact that IP address from outside your network. If you have multiple servers that you need to access from outside you will need some sort of port forwarding scheme, to forward outside traffic to the proper internal server.
    If they give you an address range then you can use the 'real' IP addresses to contact your server from outside with out having to port forward.

    Just remember that you can create a network any way you want. But the problem always comes when you want to get to and from another network.

    I hope this answers some of your questions.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •