Need a crash course in broadband router theory and setup

[Mangetout]

Broadband has finally been delivered at my place of work and due to a combination of miscommunication and not-quite-competence, all they(BT) did was to install the line and provide a router; they didn’t actually set anything else up or offer support (well, not quite right, there is a support line, but the guy ended up telling me he ‘didn’t know’).

So, I have a DSL connection that has been tested and activated, delivered across a copper phone line; attached to this is a router than has four ethernet ports on it.

Up until now, the company internet access worked like this:
A PC was set aside as a mail and proxy server; it was connected to an ISDN line on dialup (as well as being connected to the office network) - IE on the client machines was set up to point at the IP address of the mail/proxy server machine, the web proxy application (a bit of freeware called Jana Server) would dialup on demand.

BT don’t support any method of connecting the router directly to the office network, and I need to put a firewall in place anyway; what I think I need to do is:

Install a second NIC in the mail/proxy server machine so that it can connect into the router.
Install a software firewall on the machine

I’m terribly unclear on how the PC sees the internet connection (I’ve only ever dealt with ordinary dialup, ISDN and broadband modems, which are all treated by Windows in much the same way). As I’ve mentioned elsewhere, I’m an IT generalist and this is one of my weak areas - I tend to bone up on things as the need arises, which is what I need to do here, but I can’t do that in a vacuum - any sound advice you can offer will be most gratefully appreciated.

Couple more details; the mail/proxy server runs W98 (for no particularly good reason) and we have been allocated a static IP.

[Maxxxie]

Hi Mangetout,

Firstly, you’ll be far better off with a hardware firewall. Not so susceptible to the foibles of the operating system.

Most firewalls are also routers (or NAT devices). Basically this’ll turn your one public address into a bunch of private addresses (typically in the 192.168.x.y range).

It’d help to know the model of the router you’ve been supplied. It might be that it already performs the functions of a basic firewall.

With DSL (and most SoHo broadband connections), it basically looks like this:
Phone line – DSL modem – Ethernet with public address – router/NAT/firewall – private ethernet addresses.

As to how it “looks” to your network, that’s kind of dependent on your setup, but essentially it is presented to you as an Ethernet connection. You can choose to proxy that ethernet connection (as you have been doing), but I suggest now is as good a time as any to take advantage of affordable hardware firewall and routing solutions. If you choose this method, there’s no need to configure IE or other applications to talk to the proxy. Just ensure your client workstations use the router as a default gateway and TCP/IP will take care of the rest for you. Also, ensure you have appropriate DNS addresses defined. I suggest you take advantage of the DHCP server that is built into most hardware devices (or use an existing DHCP server on your network).

If you choose to use the software method (did I mention I think you should go hardware?) a good firewall is ZoneAlarm. This firewall has the advantage of scanning traffic at the application level, which means it can prevent particular applications from accessing the internet.

Hope this gets you started on the right track,

Max.