The client was pretty cheap before we came on board, and they didn't want to spring for a business grade firewall or router. So our guy goes over to Bestbuy to pick up a Linksys. Problem is, they have a few servers on site that they want to make available to the Internet, and the Linksys could only handle one IP address on the WAN interface.
The solution?
- Buy two more Linksys routers.
- Give all three unique IP addresses on the WAN side, and on the LAN side.
- Statically assign everything, so all workstations are going out one router with NAT overload, the email server is going out one with a static NAT, and the webserver is going out the third, again with static NAT.
- The asterisk box can be tied directly to the Internet, with a 4th public IP address.
- The 4th router was also sitting in the pile, using the 5th public IP address. He wouldn't tell us what that router was doing, but we found out soon enough that it was his unauthorized back door into the system.
- The 5th router was sitting in a file cabinet as a cold spare.
By the time 5 Linksys routers were purchased from Bestbuy, or wherever they came from, why couldn't they have just bought a decent firewall?
No comments:
Post a Comment