The PhenixbluE

Bringing Nonsense to the Masses since 2003!

Networking Upgrades: Part 1

This is Part 1 of the 2 part series on current network upgrades for my hosting setup. To start off, let me tell you a little about my current setup:

• Service
  • My current service is a 20MB down/5MB up residential connection through Comcast. I have 1 static public IP for now ( I have have hopes to upgrade to business class service which includes 13 status public IP’s.
• Software
  • DHCP and DNS services are currently hosted on  Mac OS X 10.5 Server running on an Apple Xserve G4. DHCP is setup into 2 subnets, 1 for my “admin” network that houses all of my server infrastructure, and a second subnet for public traffic such as wireless clients and multimedia streaming.
  • Port Forwarding is currently handled by a Netgear WNR3500 802.11 N wireless router. Since I have multiple services on multiple systems that need to be public facing, and only 1 public IP, Port Forwarding is essential to my setup.
• Hardware
  • Core router/Wireless AP: Netgear WNR3500 802.11 N wireless router (5 port Gigabit Switch)
    • As this device isn’t used for DHCP it acts as a Wireless AP and a 5 port Gigabit switch only.
  • Dev Switch: HP ProCurve 2523 (J4813A)
    • This is a 10/100MB switch with 2 Gigabit uplinks. I use this mainly for my dev systems that don’t really require a huge data throughput.

All of that out of the way, let me start by describing my issues with the current setup. As I previously stated, because of my current setup I depend greatly on Port Forwarding, which is currently handled by the Netgear router. The service, “as-is,” works alright, but has a good bit of limitation. First of all, I am unable to forward an external port to a different internal port (ie. forward TCP Port xxx.xxx.xxx.xxx:5902 on the WAN to xxx.xxx.xxx.xxx:5900 on the LAN. This limitation just adds more difficulty when configuring internal services on multiple systems that listen on the same ports. It’s not impossible, but it is definitely cumbersome. The second major limitation is that the Netgear router only supports a maximum of 20 port forwards. As I host multiple services on mutliple systems behind one public IP, this gets messy! Think about it this way:

Assume I have 4 systems behind my router with 1 public IP. Here are potential services that would need to be forwarded:

1. SSH/FTP (ports 21-23) for system 1
2. VNC (port 5900) for system 1
3. AFP (ports 548-549) for system 1
4. MySQL (port 3306) for system 1
5. HTTP (port 80) for system 1
6. HTTPS (port 443) for system 1
7. DNS (port 53) for system 1
8. VPN (port 1723 for PPTP) for system 1
9. VPN2 (port 1701 for L2TP) for system 1
10. POP (port 110) for system 1
11. SMTP (port 25) for system 1
12. IMAP (port 143) for system 1
13. iStat (port 5110) for system 1
14. Zimbra HTTP (port 81) for system 2
15. Zimbra HTTPS (port 89) for system 2
16. Zimbra Admin HHTP (port 7071) for system 2
17. Zimbra IMAP SSL (port 993) for system 2

Then if you need any of these ports/services available on another system, the number of needed port forwards multiplies. As you can see from this simple example, I very easily filled up the 20 available port forwards, and have been forced to switch port forwards on the fly as needed. In search of a solution I was looking for a product that wasn’t limited and offered a little more to meet my future needs. After much reading and deliberation I decided on the Netgear ProSafe FVS318G VPN Firewall (read more about it here). I’ve come to like Netgears SMB products over the years as I’ve used many of there switches, hubs, access point, and WiFi routers without any significant issues. Sadly I cant say the same for there regular home/consumer based products. In addition to being fairly inexpensive (always a plus!), it packs a few other nice features. Most notably:

• 1 x Gigabit WAN port
• 8 x Gigabit LAN ports
• NAT routing and Classic Routing
• 5 VPN tunnels for Secure Remote Access
• IPsec Secure Site-to-Site connectivity
• Denial-of-Service (DoS) protection
• Stateful Packet Inspection (SPI)
• Logging and Reporting
• Realtime Alerts

All of this, and more, packed into a sturdy little metal box that has a lifetime warranty!

I don’t expect that this product will solve all my network issues, but it will hopefully remedy some of my immediate needs. In the long run I know I need to move to a business class service and move away from only a single public IP setup. As this is more of a hobby than a necessity I can’t currently justify the added monthly expense of business class service, no matter how much I’d like to! I guess I could always save a ton of time/money by going back to a completely flat network setup with no servers and only a wireless router, but where’s the fun in that?! This raps up Part 1 of the 2 part series. In part 2 I will cover the unboxing of the Netgear FVS318G and talk a little about it’s installation, configuration, and the aftermath of it finding it’s home on my network.

-Phenix

If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Powered by Wordpress | Theme based on WP Premium theme by WP Remix
Copyright 2009. The PhenixbluE. All rights reserved

• Home
• About
• Life
• Reviews
• Polls Archive
• Contact