As alot of you know I have a server setup but when I plug it into the router it does not work because the router blocks it and I have tried everything opening ports and all and it still blocks it. So what I was wanting to do since I can't fix it is buy a new network card so I can have to network adapters or connections one on the motherboard and one on pci. I was wondering if with the two if I could take one from the dsl modem and hook it up to the pc and then use the other port and hook it to the router and still be able to have the internet on my pc and everyone through the router after can anyone help me thanks!!!
1
nework and server help
Started by
shanee
, Oct 09 2004 07:20 PM
10 replies to this topic
#2
-
- Inactive Moderator
-
- 6,411 posts
TMN Seasoned Veteran
- Location: Purdue University
Posted 09 October 2004 - 07:56 PM
ok.. you should be able to do this... What brand router do you have?? have you placed the server in the DMZ? That should take care of it right away.. Also please tell me that you are running a software firewall and virus protection on that server... otherwise you are just asking for trouble when it comes to your network.. What you are trying to do is fairly common and yes does work.. however, you have to have that machine on all of the time and if you get hit with a virus you are directly sending it to the rest of your network.. Because that would be a trusted zone...
#3
-
- Inactive Moderator
-
- 1,807 posts
TMN Veteran
- Location: Tucson,Arizona
Posted 09 October 2004 - 10:17 PM
The computer that is configured for DMZ(de-militarized zone=battlefield!!!danger) will be completely vulnerable on the Internet,and as you know as was said this can be a big problem if not dealt with correctly, so I wouldsuggest that you try opening ports from the Virtual Server or Firewall settings before using DMZ if Im understanding what it is your trying to do,(gamer) I think I would try this first although you may still have to take another route!!!!Microwaveİ
#4
-
- Inactive Moderator
-
- 6,411 posts
TMN Seasoned Veteran
- Location: Purdue University
Posted 10 October 2004 - 09:25 AM
he is trying to run a server though his router.. which means that if he port forwards he is going to open his entire network for bad things when the server is pinged...
#5
-
- Members
-
- 49 posts
Jr. Member
Posted 10 October 2004 - 11:07 AM
no it shoudn't expose my pc because u have norton iternet security and more.
#6
-
- Inactive Moderator
-
- 6,411 posts
TMN Seasoned Veteran
- Location: Purdue University
Posted 10 October 2004 - 12:40 PM
HUH? If you run the internet in to a server, then into your network and plug it into you network.. you have just made that server local.. meaning that if you do get something on that machine or some one is able to hack to the rest of you network... Meaning if something gets though you nortan.. which does happen some times.. you have basically no defense.. assuming that you are running nortan on the network.. however, if you have DMZ it is placed outside of you network.. meaning that it isnt local.. and if you do get something then it will not be able to enter.. because you havent forwarded any ports and NAT is working.. Do you see what I am getting at? 
Short for demilitarized zone, a computer or small subnetwork that sits between a trusted internal network, such as a corporate private LAN, and an untrusted external network, such as the public Internet.
so basically all servers should sit outside of the trused area and then can be referenced if need... that way you are not tracking any dirt in...
Short for demilitarized zone, a computer or small subnetwork that sits between a trusted internal network, such as a corporate private LAN, and an untrusted external network, such as the public Internet.
so basically all servers should sit outside of the trused area and then can be referenced if need... that way you are not tracking any dirt in...
#7
-
- Members
-
- 98 posts
Full Member
- Location: 199.232.159.243
Posted 14 October 2004 - 10:03 AM
but as far as I know with the DMZ's on the "el-cheapo" home routers, they are not "true-dmz's" where the computer is actually isolated from the other segments in your home.
Generally when you configure a dirty-DMZ in a corporate environment, the server may be on the 192.168.1.x network, while the rest of your machines will be on the 192.168.2.x network. and the router has the routes setup in such a way that the hosts on the DMZ cannot initiate connections to anywhere.
Now with these home routers, there is only a single DHCP scope, meaning you can't setup 192.168.1.x and 192.168.2.x...because the router inside interface (where all hosts reside) is going to be 192.168.1.1...or the first useable address in the DHCP scope defined.
Using *real* network equipment, you can setup a virtual interface on the router, so that the single *inside* interface is not only 192.168.1.1 but also 192.168.2.1, then you could have multiple computers hooked into the same switch with different addresses and in order for them to talk they'd have to traverse the router.
In other words...as far as I can tell the DMZ feature on the home routers is crap. Setup port forwarding to port 80 on that server and use IPSEC rules or a firewall to stop the server from talking to other hosts on your network. It would also be a good idea to setup personal firewalls on the other computers just to prevent them from being attacked in the event the server is compromised.
Alternatively you could look at taking an old computer and loading astaro on it, which will give you 3 interfaces on your router, which is what you really need to seperate the server from the other hosts.
Another possibility would be getting another el-cheapo router and plugging that in behind your existing router and setup a different address scheme.
Generally when you configure a dirty-DMZ in a corporate environment, the server may be on the 192.168.1.x network, while the rest of your machines will be on the 192.168.2.x network. and the router has the routes setup in such a way that the hosts on the DMZ cannot initiate connections to anywhere.
Now with these home routers, there is only a single DHCP scope, meaning you can't setup 192.168.1.x and 192.168.2.x...because the router inside interface (where all hosts reside) is going to be 192.168.1.1...or the first useable address in the DHCP scope defined.
Using *real* network equipment, you can setup a virtual interface on the router, so that the single *inside* interface is not only 192.168.1.1 but also 192.168.2.1, then you could have multiple computers hooked into the same switch with different addresses and in order for them to talk they'd have to traverse the router.
In other words...as far as I can tell the DMZ feature on the home routers is crap. Setup port forwarding to port 80 on that server and use IPSEC rules or a firewall to stop the server from talking to other hosts on your network. It would also be a good idea to setup personal firewalls on the other computers just to prevent them from being attacked in the event the server is compromised.
Alternatively you could look at taking an old computer and loading astaro on it, which will give you 3 interfaces on your router, which is what you really need to seperate the server from the other hosts.
Another possibility would be getting another el-cheapo router and plugging that in behind your existing router and setup a different address scheme.
#8
-
- Sophist Member
-
- 9,650 posts
If you go fast enough they can't tell how big it isn't.
- Location: Pizza Napoli's
Posted 14 October 2004 - 10:21 AM
Quote
but as far as I know with the DMZ's on the "el-cheapo" home routers, they are not "true-dmz's" where the computer is actually isolated from the other segments in your home.
Generally when you configure a dirty-DMZ in a corporate environment, the server may be on the 192.168.1.x network, while the rest of your machines will be on the 192.168.2.x network. and the router has the routes setup in such a way that the hosts on the DMZ cannot initiate connections to anywhere.
Now with these home routers, there is only a single DHCP scope, meaning you can't setup 192.168.1.x and 192.168.2.x...because the router inside interface (where all hosts reside) is going to be 192.168.1.1...or the first useable address in the DHCP scope defined.
Using *real* network equipment, you can setup a virtual interface on the router, so that the single *inside* interface is not only 192.168.1.1 but also 192.168.2.1, then you could have multiple computers hooked into the same switch with different addresses and in order for them to talk they'd have to traverse the router.
In other words...as far as I can tell the DMZ feature on the home routers is crap. Setup port forwarding to port 80 on that server and use IPSEC rules or a firewall to stop the server from talking to other hosts on your network. It would also be a good idea to setup personal firewalls on the other computers just to prevent them from being attacked in the event the server is compromised.
Alternatively you could look at taking an old computer and loading astaro on it, which will give you 3 interfaces on your router, which is what you really need to seperate the server from the other hosts.
Another possibility would be getting another el-cheapo router and plugging that in behind your existing router and setup a different address scheme.
Generally when you configure a dirty-DMZ in a corporate environment, the server may be on the 192.168.1.x network, while the rest of your machines will be on the 192.168.2.x network. and the router has the routes setup in such a way that the hosts on the DMZ cannot initiate connections to anywhere.
Now with these home routers, there is only a single DHCP scope, meaning you can't setup 192.168.1.x and 192.168.2.x...because the router inside interface (where all hosts reside) is going to be 192.168.1.1...or the first useable address in the DHCP scope defined.
Using *real* network equipment, you can setup a virtual interface on the router, so that the single *inside* interface is not only 192.168.1.1 but also 192.168.2.1, then you could have multiple computers hooked into the same switch with different addresses and in order for them to talk they'd have to traverse the router.
In other words...as far as I can tell the DMZ feature on the home routers is crap. Setup port forwarding to port 80 on that server and use IPSEC rules or a firewall to stop the server from talking to other hosts on your network. It would also be a good idea to setup personal firewalls on the other computers just to prevent them from being attacked in the event the server is compromised.
Alternatively you could look at taking an old computer and loading astaro on it, which will give you 3 interfaces on your router, which is what you really need to seperate the server from the other hosts.
Another possibility would be getting another el-cheapo router and plugging that in behind your existing router and setup a different address scheme.
If I knew what I was talking about, I would say this guy knows what he is talking about. 
#9
-
- Members
-
- 98 posts
Full Member
- Location: 199.232.159.243
Posted 14 October 2004 - 10:57 AM
Quote
If I knew what I was talking about, I would say this guy knows what he is talking about. Good I fooled you.
I just like to throw out key buzz words and form intelligent sounding sentences.
#10
-
- Inactive Moderator
-
- 1,807 posts
TMN Veteran
- Location: Tucson,Arizona
Posted 14 October 2004 - 11:30 AM
Quote
Quote
If I knew what I was talking about, I would say this guy knows what he is talking about. Good I fooled you.
I just like to throw out key buzz words and form intelligent sounding sentences. unstable,First Id like to welcome you to the site and hope you enjoy, my kinda guy doesn't take himself to serious:) of course it is apparent that you knew what you were talking about(I looked up the 2dollar words..LOL) and was able to give a clear picture about the subject matter(and be humble).......Thats what makes this a cool site is that not only is it the best and most accurate site, but the exchange of knowledge is given freely by people like yourself....so glad your here and keep coming back:)
Microwaveİ
#11
-
- Members
-
- 98 posts
Full Member
- Location: 199.232.159.243
Posted 14 October 2004 - 11:56 AM
Microwave,
I usually do my best to toss in words that let me off the hook in case I'm way off base and have no idea what I am talking about...these include but are not limited to: "as far as I know, generally, as far as I can tell, possibility...etc. etc"
I've been playing around with computers for awhile now, and one thing I've learned is...when you think you know a thing or two, you don't know $hit.
I recently did a phone interview with Microsoft for a job...and the guy on the other end was asking me some of the wildest questions...like what is a gratuitous arp? Which I had no clue on whatsoever...but those who are wondering, when a computer fires up its' IP Stack it sends out a message asking for its own IP address to see if there's a duplicate address on the line.
I usually do my best to toss in words that let me off the hook in case I'm way off base and have no idea what I am talking about...these include but are not limited to: "as far as I know, generally, as far as I can tell, possibility...etc. etc"
I've been playing around with computers for awhile now, and one thing I've learned is...when you think you know a thing or two, you don't know $hit.
I recently did a phone interview with Microsoft for a job...and the guy on the other end was asking me some of the wildest questions...like what is a gratuitous arp? Which I had no clue on whatsoever...but those who are wondering, when a computer fires up its' IP Stack it sends out a message asking for its own IP address to see if there's a duplicate address on the line.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
