Have 3 servers. One as a webserver, one handling terminal services connections, and one as a file server, ftp server.

Also around 25 desktops / laptopns.

We have an allocated 32 ip addresses, servers use 4, phone sys 3 and the rest and rest allocation via DHCP to the desktops / laptops.

What I want to do is keep the servers on their static public ip's while having all the desktops on private class c 192.168... addresses.

I take it this is possible? can anyone offer advice?

cheers
Andy

hi Andy

what you want to do is quite common.

and common way would be to set up your servers in a DMZ configuration.

DMZ stands for Demilitarised Zone, basically it means there is a firewall between your public facing servers and your internal network where all your pcs are.

so i would advise having a look at DMZ setups.

Yes, it's possible. Exactly how you do it will depend on the capabilities of your firewall/router, and the capabilities of your DHCP server.

What devices do you have?

hi Andy

what you want to do is quite common.

and common way would be to set up your servers in a DMZ configuration.

DMZ stands for Demilitarised Zone, basically it means there is a firewall between your public facing servers and your internal network where all your pcs are.

so i would advise having a look at DMZ setups.
My new thing learnt for the day :)

Within my very small intranet, I normally just make sure I switch the servers on first before anything else that connects via DCHP lol

HI,

thanks for the replies, the router we have on at the moment is a Netgear DG834G, but this is about to be replaced so open to suggestions.

cheers
Andy

Difficult to advise without a lot more information.

What OS are the servers running? If you do put them in a DMZ, can they effectively firewall themselves?

Do you need the router to offer DHCP, or this taken care of by one of the servers?

Why dont you set up the address pool in the DHCP section of the servers to run from say 101 to 200 for workstations and let the DHCP service handle that, put all servers in the range 30 - 50 for example, Printers in a range 1 to 30, and other bits and bobs 60 to 100?

You effectively will need a router between your 'internal' network that is using a DHCP server to assign arbitrary addresses, and your 'external; network that uses the assigned IPS.

This can be done with one router and a DMZ, or with two router. In both cases it is worth either learning a bit about IP security or paying someone to ensure the outside world only has access to the services it needs.

It's good practice to default to blocking everything, then allowing individual ports as required, especially ports for external to internal connections. Blocking posts the other way can also increase security - such as preventing workstations sending mail directly or contacting IRC can reduce the effects of any virus infestation, as they cannot phone home (although new ones use port 80 - web browsing, so if you block it you lose web too!)