Help Need Network Advise

[James02]

I am expanding my network at my office.  Here's the background:

1.  I purchased a package DSL deal that came with 5 fixed IPs.  I need one for an FTP server for my clients.  The number doesn't matter, just assume I have one fixed IP to make this easier.  I'll call it 99.x.x.153 (yes, there are more digits)

2.  I have a Motorola box (call it Moto) that came from AT&T.  It has 5 ethernet ports on it.  It gets assigned a random IP on the internet side, say 167.x.x.x 

3.  I have a typical private network 192.168.1.x.  It has a mix of fix IPs and DHCP.  File server and printer are fixed.  It is serviced by a Netgear firewall/router/switch I'll call Net1.  Net 1 is plugged into Moto in one of the ethernet ports.  Moto also has the private network, 192.168.1.x.  You can configure it to let Net 1 handle a chunk of that network (or all of it).  So far, so good, everyone talks to everyone, and everything can get out to the internet.  By the way, Net 1 is 192.168.1.111, fixed.  Moto is 192.168.1.254 on the LAN side.

4.  Now I have to put the FTP server online, and it will be 99.x.x.153.  I want to put it behind a switch/router just in case I want to add other servers later (and I have 4 more fixed IPs).  So that will be my slice of the internet.

5.  So I have two options.  Moto can be configured to send IPs it doesn't know to a fixed IP or MAC.  So I can tell it to send those IPs to 192.168.1.111, Net 1.  Then I can plug a box into Net 1, call it Net 2, and plug the FTP server into Net 2.  I think Net 2 can be a simple switch, and save money.

6.  I can plug Net 2 directly into one of Moto's ethernet ports.  But if I do that, then Net 2 probably shouldn't be a simple switch as I lose the advanced firewall functionality that Net 1 has.  So in this case I use the same type box as Net 1 for Net 2.

So how would you set it up?  Should Net 2 be a simple switch, or the Netgear Prosafe Firewall/Router gig?

Thanks.

[Atomagenesis]

You only need one switch/router plugged into the actual modem itself. If you plug in another switch/router (I'm assuming Net 2) then you have to change the subnet address for all traffic on that switch/router so it doesn't conflict with the first Router/Switch on Net 1, otherwise there will be an IP address conflict and nothing will work.

Since you're using 192.168.1.1-255 for the first, then use 192.168.2.1 for Net 2, you have to make that change in the firmware. I am a little confused about all the hardware you have, if you listed it all I would have a better idea of your network hardware and could give you a more detailed answer. I am a Systems/Network Engineer by trade, feel free to message me if you have any other questions.

Everything needs to be behind the firewall, plain and simple, especially if you're running a business. The best way honestly is just to plug in switch 2 into switch 1, basically like a daisy chain, and just create another subnet, but you don't technically have to unless you have more than 200 machines that need IP addresses.

If you can't get it setup by yourself, I would hire a consultant, enterprise level networking isn't as simple as people think sometimes. lol

[James02]

Here is where I think it fails.  If I give Net1 192.168.1.x on the LAN side, but my fixed IP is 99.x.x.153, it doesn't "fit".  So I'm thinking I'll set up a Net2 box.  On the WAN side it will have 192.168.1.222, then let it have 99.x.x.x for my 5 fixed IPs.  The FTP server will plug into this.

Net1 and Net2 are Netgear ProSafe FVS318G.

I think my best bet is to plug Net2 into Moto.  Then tell Moto to route all 192.168.1.x to Net1, and all "strange" IPs to Net2.  I don't want my business machines on public IPs.  And I have more than 4.

[James02]

Well, I gave it a whirl.  Net2 works well.  The server can reach the internet.  Only problem is that I can't reach the server.  I think it is a firewall issue.  More hacking needed, but I am getting close.

[Atomagenesis]

There's always a way. I guess you're running all Windows servers?