Hi Friends

I am just doing a small setup of 10 friends who live in one society and we are collectively planning to setup our own network as we all are doing development on a new project for all our schools wherein we want our schools to have their admission and results online.

We need a fast internet connection and we can easily get a leased line at our location. We also have a spare store room which will act as our server room.

The total distance of the 4 buildings where the network connections are to be done are within 100 to 150 Meters.

I can get my ISP to drop his fiber connection of the leased line to our store room / server room.

We are able to chip in and get a regular P-IV 3.2 GHz with 1 GB RAM and 120GB x 2 Hard Disks. I think this is enough for us for our software and mail.

Well I've already figured out to put 2 x 8 port switches whcih will be connected via Fiber backbone. Please connect me if I am wrong. This is because I feel that if I already have fiber ports ready then I can even increase other friends who just want internet access. Well please correct me if I'm wrong. NOw my concern is that the switches will be in locked units in the buildings and anyone can access them if locks r broken so I want to have a dialup or some login type of facility. What would be the solution as in like I've seen a similar setup where users login to the server like a ISDN Dialup but without modem or anything and just using the Ethernet Card on their pc's. Well I am really not sure of how this can be done.

Also I would need advice as to what will be the issues relating to security??? WHat do I need to do to protect my network. I am not great at IPTABLES but can manage a bit. Well my server should be available online, so I am opting to go for Static IP and we would like our website and email work. So what are the issues I need to know relating to that???

I am planning on a simple Sendmail configuration which I already have done and tested somewhere else. I can easily use squirrelmail for webmail later and that wouldnt be a problem as we all use some MUA or the other.

Our platform will be cross platform with 4 using MS Windows like 98, 2000 n XP and 5 are using Linux's mostly RedHat and one has Xandros. there is one MAC machine too. I worried about that too.

Now here's my question. I know that its most important to understand the setup so I explained it and if any other clarifications then please do ask.

Is my network setup correct???

How do I do a login type of system as in ppl can access the server / anything only on dialup or something whichever is best and easiest to setup also. Also some info regarding how to go about it???

I need to have ppl use the same shares on Windows, Linux and Mac machines. Will samba work for this purpose??? I can do a good Samba Setup so only concern will be MAC. Will MAC be able to share SAMBA SHare?

Mail is not really a big concern. But still comments are welcome.

How do I negotiate with the ISP as in what should my discussions include??

What will be my firewall requirements for this setup??? Cause in India, thats where I live, there are lot of fakes and ppl who cheat so I wanna be sure of the ISP too.

Later if I want that a user can even dialup from outside the network i.e. from internet, then how do I go about setting up the VPN? Is there some better way??? But this is for later.

Also if possible can I make sure that every user gets limited bandwith of Internet cause if one is downloading and taking all the bandwith all the others will be stuck.

I def am putting a Linux machine as our server and we shall configure it on our own cause we cannot afford and dont have any money for licenses and we rather use that additional money for some better hardware or a bit more on bandwidth.

Please advice as to how much Bandwidth should we go for from the ISP as our requirements are minimal to browsing documentation and info and mail on the net and occassional downloading.

This is really important for me as we are all college students and in various fields and so we want to do some good for our schools and we have a whole break coming up now so we want to start working when we get the 15 day break. Kindly advice any such other requirement which I may need to know.

Thanks a ton and anyone who can help me on any of my questions please put in your views and ideas as we all in our group are learning and wanna do something which will help us as well as others. Its gonna be a great project as well as good for our schools too. And we all doing it in our free time after school or Universities.

Awaiting a lot of posts and help from you people.

Its a long list of Questions. Sorry for the trouble and Thanks for all the help in advance from all you GEEKS.

Jimmy

1. check out iptablesrocks.org for a firewall that you should be able to use with few changes needed.
Be sure to allow incoming traffic on ports 80, 25, and 22 for the services you have listed. Having iptables running on the system that connects directly to the ISP should be all that is required. Make sure to include Network Address Translation in your firewall configuration.

2. I'm not sure about your MAC issue. I've never used a MAC.
3. Depending on your ISP's terms of service, I question if it is legal to connect multiple building to your single line. If you are the property owner of all the building, then you should be fine.

4. Secure shell is what will take care of the 'login type system' for remote users, but it kind of sounds like you are trying to setup your own mini-ISP for the connecting users? if so, you will likely run into some headaches.

5. For negotiating with your ISP about the terms of service, use full disclosure if you want to be legal about it.

6. For allowing dialup users (from outside your network), since they've already dialed up to the Internet, they can Secure Shell in to your firewall box and them access resources. This assumes that port 22 is open.

7. I believe iptables can do bandwidth limiting to useres, but I've never tried it. As far as how much bandwidth 10 people will need. I imagine anywhere between 3-6Mb line or more would be good. Your talking about getting fiber, so I assume you've got money to throw at this project.

Thanks for the reply.

Now my concern about the legal issue is solved as I have spoken to my ISP and in our locality I can manage my own private network as long as its not going for commercial purposes and so I dont think it is an issue to spread over my society which is a private residential society.

Ya its mainly going to be sharing the Bandwidth. I suppose its not that we've got money to throw at but we've decided rather have a good setup from the beginning. n Its just the backbone which is going to be fiber and now a days you get reasonably priced fiber too. One of us will handle the End termination of the fiber. SO its just the matter of cost of the additional equipment.

I get what you say about firewalls. I shall be using IPTABLES but am not really aware about NAT? Like what would that be useful for???

Is it going to be possible to have a dialup type of system to facilitate only users with usernames and password to connect to the server and even hence enable internet access too since its a firewalled machine??? If so can you advice a link which would give such info as this would be an ethernet network. I dont want to have modems and stuff. It seems to be possible to do it with Ethernet connection only.

Ok, I can basically pull two questions out of your post.

What is NAT?

Network Address Translation - Iptables will provide this and it allows your private network to share a single public IP address from you ISP.

What type of 'dial-in over ethernet' could you use?

If you outside user is already on an ethernet network, then they could VPN into your firewall/server to access resources. This would eliminate any modem/telephone lines.

As far as documentation to set all this up, it depends on your distro. Gentoo has the best documentation around, but for some reason people think that gentoo is hard to use.