Different segment to separate Application Server to be access from Internet
Last response: in Networking
Hi,
I am new to network and hence need some advice.
I am using a static IP broadband connection for my internet connection at home-office environment. I am setting up server which i want to hide from the internet.
What i need is
1. 2-3 PC that in 1 segment that will able to access internet. This segment include IP camera and printer which i need to access outside the office.
2. A web server that serve my account application, sales application that I do not want to expose to internet but more for accessing internally.
Appreciate any help i can get here.
Thanks.
I am new to network and hence need some advice.
I am using a static IP broadband connection for my internet connection at home-office environment. I am setting up server which i want to hide from the internet.
What i need is
1. 2-3 PC that in 1 segment that will able to access internet. This segment include IP camera and printer which i need to access outside the office.
2. A web server that serve my account application, sales application that I do not want to expose to internet but more for accessing internally.
Appreciate any help i can get here.
Thanks.
More about : segment separate application server access internet
You of course could get a real router and run 2 actual lan segments and put in firewall rules to accomplish what you need or you try the simple way but slightly less secure.
First thing
Do nothing. By default unless you port forward things none of your internal machines can be see via the internet. The NAT in the router does most the key feature of a firewall mostly because it is too stupid to know where to send traffic from someone trying to attack you.
For some addition protection
Remove the default gateway from your internal only devices. Without a default gateway now these devices can only communicate with things on their lan. This prevents even a virus infected machine from opening a connection back to someone in the internet.
First thing
Do nothing. By default unless you port forward things none of your internal machines can be see via the internet. The NAT in the router does most the key feature of a firewall mostly because it is too stupid to know where to send traffic from someone trying to attack you.
For some addition protection
Remove the default gateway from your internal only devices. Without a default gateway now these devices can only communicate with things on their lan. This prevents even a virus infected machine from opening a connection back to someone in the internet.
Hi john-b691
Thanks. Sorry, i am not that network savvy, can advice how do i configure the addition protection if I am using Cisco EA2700 as the 2nd router that connect up the webserver? Or is there any site that able to advice.
Thanks in advance!!!!!!
First thing
Do nothing. By default unless you port forward things none of your internal machines can be see via the internet. The NAT in the router does most the key feature of a firewall mostly because it is too stupid to know where to send traffic from someone trying to attack you.
For some addition protection
Remove the default gateway from your internal only devices. Without a default gateway now these devices can only communicate with things on their lan. This prevents even a virus infected machine from opening a connection back to someone in the internet.
Thanks. Sorry, i am not that network savvy, can advice how do i configure the addition protection if I am using Cisco EA2700 as the 2nd router that connect up the webserver? Or is there any site that able to advice.
Thanks in advance!!!!!!
john-b691 said:
You of course could get a real router and run 2 actual lan segments and put in firewall rules to accomplish what you need or you try the simple way but slightly less secure.First thing
Do nothing. By default unless you port forward things none of your internal machines can be see via the internet. The NAT in the router does most the key feature of a firewall mostly because it is too stupid to know where to send traffic from someone trying to attack you.
For some addition protection
Remove the default gateway from your internal only devices. Without a default gateway now these devices can only communicate with things on their lan. This prevents even a virus infected machine from opening a connection back to someone in the internet.
You don't really want to run a second router it just makes things even more complex. I think the only firewall options you even have on that router are parental controls but I have not read the manual lately.
You need a single router that can run 2 networks. There are a couple of low end cisco ones...but not cisco-linksys... that can do this but they are not my first choice. I suspect there are consumer grade routers on the market that can do this but I generally just load DD-WRT onto a router that supports it when I need these features. DD-WRT firmware lets you assign different ports to different vlans and has firewall features you would need. Still this is just a tool you need to understand how subnet works and how you need your traffic to flow to properly configure the firewall rules. You need to be very careful setting it up wrong could be worse than if you choose the do nothing option.
I guess you could also just buy a true firewall and place that between your 2 groups of machines. Something like a low end sonicwall would work but it tends to be overkill for what you need. You generally buy a firewall when you WANT to expose your server to the internet but need to protect it.
You need a single router that can run 2 networks. There are a couple of low end cisco ones...but not cisco-linksys... that can do this but they are not my first choice. I suspect there are consumer grade routers on the market that can do this but I generally just load DD-WRT onto a router that supports it when I need these features. DD-WRT firmware lets you assign different ports to different vlans and has firewall features you would need. Still this is just a tool you need to understand how subnet works and how you need your traffic to flow to properly configure the firewall rules. You need to be very careful setting it up wrong could be worse than if you choose the do nothing option.
I guess you could also just buy a true firewall and place that between your 2 groups of machines. Something like a low end sonicwall would work but it tends to be overkill for what you need. You generally buy a firewall when you WANT to expose your server to the internet but need to protect it.
Related ressources
- How to set up separate Wireless network (no access to network resources) for internet access - Forum
- Using separate internet access (OS/VM) - Forum
- Share internet access between two separate networks - Forum
- How to setup 2 network cards in server 2008 r2 to access internet for lan - Forum
- Block Internet Access On Windows Server 2003 - Forum
Hi John-b691,
Can check with you whether DD-WRT firmware support running of 2 network with a single router?
Thanks
You need a single router that can run 2 networks. There are a couple of low end cisco ones...but not cisco-linksys... that can do this but they are not my first choice. I suspect there are consumer grade routers on the market that can do this but I generally just load DD-WRT onto a router that supports it when I need these features. DD-WRT firmware lets you assign different ports to different vlans and has firewall features you would need. Still this is just a tool you need to understand how subnet works and how you need your traffic to flow to properly configure the firewall rules. You need to be very careful setting it up wrong could be worse than if you choose the do nothing option.
I guess you could also just buy a true firewall and place that between your 2 groups of machines. Something like a low end sonicwall would work but it tends to be overkill for what you need. You generally buy a firewall when you WANT to expose your server to the internet but need to protect it.
Can check with you whether DD-WRT firmware support running of 2 network with a single router?
Thanks
john-b691 said:
You don't really want to run a second router it just makes things even more complex. I think the only firewall options you even have on that router are parental controls but I have not read the manual lately. You need a single router that can run 2 networks. There are a couple of low end cisco ones...but not cisco-linksys... that can do this but they are not my first choice. I suspect there are consumer grade routers on the market that can do this but I generally just load DD-WRT onto a router that supports it when I need these features. DD-WRT firmware lets you assign different ports to different vlans and has firewall features you would need. Still this is just a tool you need to understand how subnet works and how you need your traffic to flow to properly configure the firewall rules. You need to be very careful setting it up wrong could be worse than if you choose the do nothing option.
I guess you could also just buy a true firewall and place that between your 2 groups of machines. Something like a low end sonicwall would work but it tends to be overkill for what you need. You generally buy a firewall when you WANT to expose your server to the internet but need to protect it.
Yup has many ways to do it. Simple way is to assign a network to the different lan ports. It also can run multiple wireless lans. Just be very sure to check the supported router lists. This list is old but almost all broadcom chipset routers work.
http://www.dd-wrt.com/wiki/index.php/VLAN_Support
http://www.dd-wrt.com/wiki/index.php/VLAN_Support
Related ressources:
- ForumHome server for internet access and control
- ForumBlock internet access on server running Windows Server 2003 Standard
- ForumHow can I setup server to access files remotely from Internet?
- ForumDisable Internet Access from server!
- ForumAccess server via internet ftp
- ForumCAN NOT ACCESS MY FTP SERVER VIA COMCAST INTERNET
- ForumDirect internet access to Terminal Server
- ForumUn-able to access internet from server
- ForumApplications can't access the internet
- Forum2 internet connections on 2 different servers
- ForumAccessing files over the internet with Windows Server 2003
- ForumConnecting different Servers over Internet
- ForumWindows servers need internet access
- ForumUsing VPN - Accessing servers on different subnet
- More resources
Read discussions in other Networking categories
!
