Routers, Firewalls and Appleshare

[bigbadbill]

I hope someone has an answer for me.

My company has DSL routed with an Asante FR3004 Router. I would like to be able to connect via appleshare to my work computer from home. My problem seems to be the firewall. We have already set my boss up to access his work computer from home by establishing a DMZ. This works great for him, unfortunately we can only set up one computer as a DMZ. Is there a way for me to gain access by assigning a port? I am going nuts trying to figure this out. I called Asante but they seem to only have minimum wage employees that have never even seen a computer working at tech support. It's a damn shame. PLEEZE HELP!!!

 

[lethe]

i think the port number for AFP is 548, IIRC

 

[lethe]

of course, you can still only connect one computer. it s probably easier to just use DMZ. port forwarding won t work while DMZ is active

 

[bigbadbill]

If I disconnect the DMZ can I set up port forwarding for more than one computer (at the same time) so that we can acces our computers simultaneously, or simply put, is there a way for us to gain simultaneous access via appleshare with a firewall active?

 

[lethe]

Not possible. Each machine that connects to the remote server should have a distinct IP address that identifies it on the internet. your firewall hides each machines IP address, and uses one global address for the whole network. the only way you could connect more than one machine would be to buy an additional IP address from your ISP.

 

[bigbadbill]

So let's say i DO get an additional Static IP address from PacBell, then what, do I manually assign this new IP address to my computer and I'm good to go?

 

[bigbadbill]

OK, I just checked with my ISP and it turns out we ALREADY have multiple static IP addresses. So then, I assign my computer a new static IP address, do I need to disable the DMZ we have setup? and will I still be protected by our firewall?

P.S. Thank you for your time and assistance with this.

 

[lethe]

well this is an interesting twist. i m not exactly sure what the asante will do with a global IP behind its firewall. perhaps the best way to find out is to try it.

i actaully have an asante myself, although right now i have no internet connection to speak of. wait until the fall.

anyway, as far as i know, the asante router (nor any other home router that i am aware of) is smart enough to deal with masking a netork behind more than one IP address. these machine are really only designed for networks that will have only one IP address. so you having two IPs really throws a monkey wrench into their plans. i imagine that they could still be useful, but right now i think we should put the asante aside.

the point is that if you have multiple IP addresses, you may not even need a router at all. your cable modem will do the translation from ethernet frames, and you don t need ip masqing. in other words, if your ISP gave you two IP addresses you can use, give them to the two computers, ans connect them with a hub, or better yet, a switch. the NAT router is really only needed when you have more computers than IPs.

and if you have some weird combo, like 3 computers for your two IPs, we can DMZ one of them. but anyway, forget the router for now, try it with just a switch or hub. if you don t have one, you could probably pick up a hub for $20-$40

 

[bigbadbill]

OK, here we go.

I FINALLY figured this out!

First let me thank Lethe, Asante and PacBell DSL for all the tech support...

We had to add an ethernet hub between the modem and the router, this gave us 3 ports to connect the computers we wanted remote access to. This also put those computers outside the firewall built into our router, but we were able to protect these with Firewall software.

We then assigned static IP addresses the those computers (provided by our ISP) which allows us to connect to them via AppleShare. (It also increased our internet speeds on those computers due to the fact that they were no longer sharing bandwidth with the rest of the office.)

We then ran our DSL connect out of the hub to the WAN port of our router, and the from the router to our second hub/switch.

We then connected the remaining office computers to the second hub/switch. These computers are not accessable remotely but they are protected by our router's built in firewall.

Finally we ran an ethernet cable from the hub to the hub/switch which allowed the computers on both the hub and the hub/switch to see eachother.

Once we had it all figured out and hooked up, we encountered one final problem, some of our ethernet cables needed to be crossover cables, while others COULD NOT be. After about 3 hours of trial and error, we got it up and running!!! YAAAAA!!!!

I figure somewhere out there, someone else is going to need this info, so I drew up this diagram to help. GOOD LUCK!