Our office is moving from dial up modems connected via individual
phone lines for each to each specific PC in a LAN that is connected to
a 16 port hub (not all PCs need internet connection)  There are 10
workstations (Microsoft 2000 & XP) and 1 unix based box required for
specific software.  The new location has a T1 line coming in.  I was
told that we could use a Linksys router BEFSX41 with firewall at the
point of the T1 line for security & control of the IP addresses.  Now
after some research, I am finding that might not be the case.  The
internal PC need to have static IP addresses due to the connection
with the software on the Unix box.  Looking for options for security &
accessibility to internet & some direction for making this work.

---

Clarification of Question by mj626-ga on 17 Apr 2005 21:41 PDT

The unix box is physically in the office & ONLY want limited internet
connection to it (we specifically give out the IP address so VAR can
get in to make any data base necessary changes)  The internet
connection will only be available to some PC (some constant & others
intermittant & others not at all).  The unix server box has data that
needs to be strictly privacy protected.  The IP addresses within the
LAN are hardcoded so they can access to the UNIX data via the hub.

Your configuration is not very complex. A simple soho router such as
the linksys may very well do the job.  If you need to have one machine
visable on the internet with a specfic IP (the unix box) then you may
simply purchase an additional static IP for that machine and phyicaly
connect it to the public side of the network. This would be the public
segment of the network BEFORE a segment enters your soho router. A
cheap hub or switch could be used to "slipt" the segment if needed. 
It should be noted however that IP security will need to be handled in
some way for this machine due to the fact that it is exposed to the
public with all ports open by default (unless resticted on the machine
level).

The second option would be to simply find out what ports are used by
the needed services on the unix machine and forward those ports from
the public IP to the internal IP of the unix machine.  This also takes
care of most security issues becuase only the ports of needed services
on that machine are open.  This is a simple task that can be handled
in the web interface on the soho router.

There may be a few other options you can use.  It would be helpfull to
know more about your configuration. After rereading your question I'm
unclear as to if your unix machine is currently on the internal
network or out on the internet in the differant location.   If you
don't wish to "tinker" with the unix machine it may be best for it to
have it's own IP however this assumes that security issues have
already been taken care of in the past with the machine.

I can pretty much tell you that the Linksys box is adequate for what
you're describing. You can certainly turn off the DHCP that the
Linksys box provides by default. Even if you don't, the default range
is about 192.168.1.100-192.168.1.150, so static assignments outside
that range are good and proper. Further, that range is adjustable to
fit your current network. Read: all you have to do is actually
configure the Linksys box to be on *your* network, in an unused IP
address. Once that happens, you will have much joy. (You will need to
configure your default Route and maybe DNS to point to the router.)
Other comments above are valid.

Specific things need also to be addressed if you are using Active
Directory and Windows 2K or 2003 *SERVER*.

I think the above comment is also important with regards to if the
Internet is necessary to see your unix box. I get the feeling that you
probably don't want that to happen, so that is good.

--
This is a free comment.