I do web development out of a small office and need to have multiple physical and virtual servers that can be accessed from the internet. I also have a number of devices (computers, laptops, tablets, printers, etc) that need connections as well. I have gotten a subnet of 8 IP's from my ISP and while that is adequate for the web servers its far too small for everything that needs access to the network.
My router is an ASUS RT-N16 running DD-WRT. I'm just smart enough about this routing topic to be dangerous, think 2 year old with a magic marker. I would like to keep my internal network NAT'ed on the 192.168.x.x network and route the 68.69.x.x 255.255.255.248 traffic directly to the servers. The physical network consists of the 4 port DD-WRT router and an unmanaged gig switch. I have a fiber connection to the office that works as an Ethernet port. In other words I can plug my laptop directly into it and have access to the internet. There is no login or password and the router is setup to get DHCP from the ISP, and to provide DHCP addresses for the internal network.
What I've done so far is google and try different configurations with little success. In the end I decided I didn't even know how to ask the questions needed.
My questions are:
-
Is this the best way to configure the network?
-
How do you do it? VLANs? Multiple routers?
I've never had to configure a router using anything more than the GUI so if this is command line stuff be gentle.
Best Answer
Chief first up, this question would have a better response on Serverfault.com as it is geared towards business environments and not single user service-desk type questions. Although that is to be debated by some. Alternatively, you will need either to find a Network Engineer consultant to design this for you or do whole bunch of reading on IP natting and vlan routing.
You can do it a few different ways depending on your budget but I would look into a cisco solution, for having routable vlans and IP NAT (Network Address Translation). In this scenario you would have several Vlans running on a Cisco Switch (Can use a layer 2 switch and have your router route the vlans or a layer 3 to it all for you) and a Cisco router taking care of NAT for all your external IPs to your internal addresses and Vlans. When setting up IP natting on a CIsco routers you restrict access by setting up acls and will route to vlan by using dot1q tagging.
Here is sample design would have:
1-2 Public IP address natted to Vlan 2 private IPs (Laptops, tablets, etc) 1-2 Public IP address nated to vlan 3 stage ( stage test environment) 2-6 Public IP addresses nated to vlan 4 Web servers
Good Luck..