[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Request for advice on internet sharing in a LAN/WAN

To: klug@xxxxxxxxxxxxxxxx
Subject: Re: Request for advice on internet sharing in a LAN/WAN
From: tgray@xxxxxxxxxxxxxxxx
Date: Fri, 7 Jan 2000 12:04:56 -0500
In-reply-to: <20000107.2254500@estate1.whitemice.org>
Priority: normal
References: <MDAEMON-F200001061707.AA071540md50000073050@adacplastics.com>
Reply-To: tgray@[10.4.1.5]

On 7 Jan 00, awilliam@whitemice.org wrote: 

> > Our setup:
> > We have multiple facilities all of which have users that need to
> > access the internet.  Our network is entirely Win9x with NT boxes in
> > the hands of IT personell only. Our servers are Novell, each
> > facility has it's own tree.  (I can hear some of you cringing, maybe
> > laughing.  It's not my choice, don't blame me about the multiple
> > tree thing.)  Most of that has no bearing and is just for reference.
> > Currently our internet sharing is being accomplished using a
> > LanBridge program that runs on a Win95 box.  Each facility has a
> > server that reaches the internet through a proxy on our firewall.
> > Client software is loaded on the "internet authorized" users
> > systems.  That software intercepts internet requests and puts them
> > through the LanBridge server.  TCP/IP does not need to be installed
> > on the client machines (which is nice, but no big deal).  If the
> > LanBridge server is down at one facility, the client software will
> > scan our WAN for any others connecting to the first one.
> 
> Holy cow, and that actually works?  
> 

Yes.  It works pretty darned well, when the license keys don't crap 
out on us.  The software is Acotec's Vi LanBridge.  A website 
relevant to that is http://www.acotec.com/english/index.html.  It's 
pretty slick, but you have to buy it, so every time we add a 
facility... we get popped for another license.  

> By client software what do you mean?  With a Linux solution TCP/IP
> will have to be installed on anything that wants to be "attached" to
> the internet.  What type of WAN do you have?  If your not using TCP/IP
> how is routing handled?  If TCP/IP is verbotin, you might be able to
> use an IPX enabled Linux box, with WinXX boxes uses PPTP connections
> configured through Windows DUN to tunnel IP packets to the gateway
> box,  but that may be more complicated than your current solution.

Client software for the internet lanbridge.  We have to load software 
onto each node that needs access to the internet on our lan.  It's 
part of the lanbridge software we're using (and having trouble with 
the license keys on).  I'm not sure what you mean by what type of 
WAN do we have.  We have T-1 lines connecting our facilities 
throughout GR and up to Muskegon through boundary routers and 
netbuilders.  Some of the WAN traffic goes through MCI phones 
also.  TCP/IP is not forbidden, just a "hey neat" feature of our 
current solution that I don't think is critical.  Intalling that protocol 
on those machines would be simple enough (there wouldn't be that 
many machines that need it.)

> > My desire get away from this setup because we've recently had
> > problems with the LanBridge software spontaneously expiring it's
> > registration key, forcing us to contact the authoring company to get
> > it re-activated.  With Linux and Squid + (Mystery program) we could
> > control it all in-house.  That would be a good thing in my book.  It
> > would also be the first application of Linux in my shop... I'm
> > fighting uphill to legitimize it in my supervisor's eyes.
> 
> The "Mystery Program" is a kernel module called IP Masquerade,  and is
> part of just about every default kernel image.  There might be some
> presentations about this in the past presentation section of the KLUG
> web site.

Thanks, between you and RGB, it certainly seems that IP Masqing 
is the way to go.  I'm going to start reading up on those.  KLUG will 
be my first stop.

> What is "Surf Watch"?  If you mean a porn-buster, we simply publish a
> list of all the web sites each user visits on our Intranet, where
> anyone can go and read.  Peer pressure seems to work great.

I like that idea, I'd have to omit our IT machine's addresses from the 
log though.  No sense in the user's knowing how much time we all 
spend at www.planetquake.com looking for the newest mods or 
logged in at www.hotsexymama.com (is that a real website?).  
Even so, is it possible to limit an IP address's surfing to a given 
domain or some such with IP Masq and Squid?

Thank you all for the wonderful input.  I'm sure there's more to 
come too!

"If you don't think life is interesting,
you're not paying enough attention." me, 1987-ish.
--Tim Gray

References:
- Request for advice on internet sharing in a LAN/WAN
  - From: tgray
- Re: Request for advice on internet sharing in a LAN/WAN
  - From: awilliam

Prev by Date: Meeting January 11th - Setting up a home network.
Next by Date: Re:linux - newbie questions
Prev by thread: Re: Request for advice on internet sharing in a LAN/WAN
Next by thread: IP Masquerading
Index(es):
- Date
- Thread