Network and Firewall Advice

Hey all. Am after some advice which I've detailed here:
http://mattie47.com/network.pdf OR http://mattie47.com/network.docx

If you know your stuff with networking etc would be great if you wouldn't mind having a look over it and giving some advice.

Thanks, Matt :)

geek_mattie47, Mar 15, 12:22 am


I'm no expert, but given that what you want to do is monitor network traffic, why don't you use a packet sniffer? That's what they are designed for and there are plenty of free ones around.

geek_stevel_knievel, Mar 15, 10:59 am

Correct me if I'm wrong but I don't believe a packet sniffer would help. A packet sniffer would potentially be useful if I was using a hub, as a hub broadcasts incoming packets out all ports (which is terrible). When using the switch the packets only get sent out via the port containing the destination MAC address. Actually I guess I potentially misread what you wrote, as I presume you're now meaning have the server set up with RRAS (or even bridge the two NICs in the server?) so all traffic flows through while having a packet sniffer running. Regardless I still don't know how well that would run, at least for WLAN clients. I still don't think it would meet the purpose of what I'm wanting to do either. When you say packet sniffer are you referring to tools such as Wireshark?

This is more what I'm meaning in terms of stats I guess:

http://www.smoothwall.org/images/promos/3.0/about_traffic.png http://www.smoothwall.org/images/promos/3.0/about_traffic_monitor.png http://www.smoothwall.org/images/promos/3.0/about_bandwidth.png

Thanks though

geek_mattie47, Mar 15, 2:01 pm

Trying to get my head around the wireless being outside the perimeter lol. I was wondering if you had them VPN into the smoothie machine on the purple card then the gateway is back out on the red one? not sure really. The stats you get can be a bit misleading as the stats are done by IP address so if someone changed their address they would skew the results. You could probably make a rule in IP tables or something perhaps to bind the mac addys to IP addys or something too perhaps.

Also something like wireshark I would think would give you more detailed results as to the type of traffic that's using the most bandwidth etc. With no hub you could try an ARP poisoning.

geek_jcmp21, Mar 15, 2:24 pm

Yeah I know lol. I do have another dynalink rta1320 wired modem/router which I'm thinking if I do all this, I may have to use that where the dynalink rta1025w currently is, and then move the wireless router on to the other side of the server. Also potentially looking at using TMG on the server as that way I'm not running a virtual machine on top of server 2008. Also going to take a look at Hyper-V and see if that is something I should use instead of VMware in an OS.

geek_mattie47, Mar 15, 2:37 pm

Yeah shouldn't be an issue though. As I currently have the wifi router giving specific IPs to clients based on their MAC address, and some machines like my PC and server already have static IPs. And even if that wasn't the case, generally everything would still get the same IP as they usually connect within the 8 day DHCP lease period. In other words I'd still know whatthings are. Only have 5 laptops, desktop, 3 phones, PDA, TV, bluray player and potentially a couple other devices in the house as clients.

Thanks,

Matt

geek_mattie47, Mar 15, 2:47 pm