topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 3:39 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Connecting a system on one network to a 2nd network for filesharing  (Read 3342 times)

questorfla

  • Supporting Member
  • Joined in 2012
  • **
  • Posts: 570
  • Fighting Slime all the Time
    • View Profile
    • Donate to Member
If this question is in the wrong place, please tell me where to move it.
I have run into a situation where i need to connect a system that runs on a single static ip and give it a 2nd iip that is part of our local main network.
Example the systems must stay active at 184.174.129.235 and i need it also be seen at 10.0.70.xxx.   My first thought was to use a 2nd NIC.  My 2nd thought was to use duel VPNs Servers as a bridge .  The 10.0.70. network already has Softether VPN and adding the same to the 184.174.xxx.xxx network should allow for a VPN Bridge.
But I am not sure which method would best allow for shared folders on the 184.174 system to be accessed by people on the 10.0.70 network. 
The dual nics do work but from everything i can read, this is not the best way to go. 
All pf the systems are running normal Windows 10 x64 Home.  Unfortunately,. MS has recently removed the Homegroup option from 10 Home. 
The third option (which might be best) would be to move the 184.174 system inside the 10.0.70 network but it is an small Apache Web Server that i would prefer to keep on the separate static IP it runs on now.  The folder access is for people that have to load and edit files on the websites.  None of them are proficient enough to deal with an FTP program and need this to be a simple shared network connection if possible

Shades

  • Member
  • Joined in 2006
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
Re: Connecting a system on one network to a 2nd network for filesharing
« Reply #1 on: February 15, 2020, 01:27 PM »
From your description I understand that both networks are in the same physical location. That makes it simpler.

Must the routing device be Windows or may it be something else? In case of the latter, things become even more simple.

I would suggest the following:
questforfla.network.suggestion.pngConnecting a system on one network to a 2nd network for filesharing
Use an old(er) computer, kit it out with NICs as you see fit and install OPNSense on it. This is based on FreeBSD, therefore very secure and made to do networking.

I use this software for 7+ years already and hasn't failed me yet. My network consists of 30 bare metal computers, 20 active VMs, lots of phones, 5 WiFi routers (converted to AP's) and several IP cameras. For the OPNSense router I use a system with an old Intel Core Duo (2 core) processor, 2 GByte of RAM and an old 300 GByte HD I still had lying around. The load counter has never come above 15%. Computer hardware that a lot of people throw away or sell for a pittance nowadays.

This router box manages the DHCP leases, does traffic inspection, has lots of firewall rules and manages traffic shaping on the fly. For my intents and purposes I need about 30% of the feature set that comes with the default installation. But you can add free/commercial extensions to it if you so desire. OpenVPN, Unbound DNS, NTP, authentication, traffic logging and lots more is part of the default feature set.

Anyway, the web interface is pleasant to work with and allows you to create separate networks for your 184.174.x.x network on one NIC, the 10.0.x.x network on another NIC and the 3rd NIC you use to connect the OPNSense router box to the modem you got from your ISP.

Some ISPs allow their modem to be used as a bridge device, meaning that all traffic to and from your location is now managed by the OPNSense router box directly. My ISP doesn't, so I killed almost all functionality of the modem I got and added rules to forward traffic to/from my OPNSense box. Now my OPNSense router box manages all traffic indirectly. One extra hop, but it works just fine.

You can keep the 184.174.x.x and 10.0.x.x networks separated, you can combine them, whichever way you wish. You can also use the OPNSense box to forward all HTTP/HTTPS traffic from the 184.174.x.x IP address to the computer with the Apache web server on it, which is located in the 10.0.x.x. network. Your Apache web server computer won't know the difference if it was directly connected to the internet or to the OPNSense box. People working inside your network can use the web server without leaving the premises, so to speak. You can even set up the DNS forwarder to let any user inside your network or outside your network use the "outside" URL of your Apache web server.

It is all managed by firewall rules. And once you get the hang of how that works, you won't go back to Windows-based solutions. Even better, you can as many NICs as your computer hardware allows. Each of those can be it's own separate LAN network or combine them. If you purchase services from more that one ISP for your location, you can also add NICs to connect these to your OPNSense box, it will even combine the provided bandwidths from those connections for you, load-balancing traffic over these connections.

OPNSense is GPL software and is provided to you without costs. There is an extensive online-manual (which you will need), the hardware needs are low (depending on your use of features) and cheap to get. I just used a financially written off computer I already had in my possession. You will be spending time getting familiar with this and time is money, so it helps if you are quick on the uptake. However, once it runs, it doesn't need much maintenance. It is also easy to make backups of your settings (all stored in XML), so it doesn't take too much effort to restore to a previous good state after your latest configuration changes screwed something else up.

Yeah, fanboy here and proud of it.

Once you get over your fixation that Windows is the solution for everything, you'll quickly find that there is some very good software already out there, which is a much(!) better fit for a specific problem. And as configuration is managed through a web browser, you won't have to leave your Windows comfort zone.

For file sharing:
That was an problem for me too. Most people do have a grasp of how to work with cloud drives (Google, Onedrive, Dropbox, whatever). For my intents and purposes I needed a solution that did not use any of such services that are not based in the Netherlands or (based on contractually agreed upon permission) Europe. I chose to use NextCloud (which can be accessed by browser, tools like CarotDAV and also iOS/Android apps) and run that on a separate Linux server. Diverting NextCloud traffic to my NextCloud server was a breeze in OPNSense and using that for 4+ years already. NextCloud can do so much more than just file sharing, but that is the only use I have for it.

« Last Edit: February 15, 2020, 01:48 PM by Shades »