From owner-freebsd-questions@FreeBSD.ORG Mon May 29 04:59:41 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0650316A4CC for ; Mon, 29 May 2006 04:59:41 +0000 (UTC) (envelope-from mikhailg@webanoide.org) Received: from cayster.site5.com (cayster.multisite.site5.com [216.118.97.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8315A43D46 for ; Mon, 29 May 2006 04:59:40 +0000 (GMT) (envelope-from mikhailg@webanoide.org) Received: from ppp110-20.lns1.hba1.internode.on.net ([150.101.110.20] helo=[192.168.0.4]) by cayster.site5.com with esmtpa (Exim 4.52) id 1FkZqs-00026d-Fe; Mon, 29 May 2006 00:59:39 -0400 Message-ID: <447A7FB5.5010209@webanoide.org> Date: Mon, 29 May 2006 14:59:33 +1000 From: Mikhail Goriachev Organization: Webanoide User-Agent: Thunderbird 1.5.0.2 (Macintosh/20060308) MIME-Version: 1.0 To: Scott Sipe References: <8C402A85-9C04-4454-B846-7A5F0D47841C@mindspring.com> In-Reply-To: <8C402A85-9C04-4454-B846-7A5F0D47841C@mindspring.com> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Antivirus-Scanner: This message has been scanned by ClamAV. X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - cayster.site5.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12] X-AntiAbuse: Sender Address Domain - webanoide.org X-Source: X-Source-Args: X-Source-Dir: Cc: freebsd-questions Subject: Re: Network Design X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 May 2006 04:59:41 -0000 Scott Sipe wrote: > > I'm helping a small business expand their networking. > > right now they have one office location (with a freebsd firewall box, > and a freebsd box running db, web, samba, etc). > > Their main office location has: > - 3 external static IPs on a DSL connection (all aliased on one nic) > - an internal network of 10.0.0.0/255.0.0.0 > - a wireless network with IP range 192.168.1.0/255.255.255.0 (nat'ed and > running off the firewall box) > > They are adding a second warehouse location. It will also have one > static IP address (running on dsl also). I'd like to get a IPsec > connection going between the location so all warehouse traffic goes > through the main branch. I've done this much before. > > They also want to subdivide up the network at their main location so > some terminals can be on gige and some are on 100. I believe I've read > you shouldn't mix and match 100/1000? > > I don't really have any experience with how subnetting and IP ranges > should work for a configuration like this (local network, remote ipsec > location, wireless network, etc). > > Looking for any assistance (advice, links, anything!) on how to setup a > sane and well designed network. Hi, You could have something like this: 10.0.0.0/255.255.0.0 # for your 100s 10.1.0.0/255.255.0.0 # for your 1000s 10.2.0.0/255.255.0.0 # for the second warehouse Each network would be capable of handling 65,534 hosts. Also, I don't see any problems regarding mix and match 100/1000. I'd keep them together if they fall into same category/department (workstations?). Here, some links for you: http://jodies.de/ipcalc http://innovation.dc-uoit.ca/kyrytows/subnetting/subnetting.htm Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: mikhailg@webanoide.org Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B