Jump to content

nework and server help

shanee

By shanee
in Networking and Hardware

 Share

Recommended Posts

shanee Jr. Member

shanee

Posted
Posted

As alot of you know I have a server setup but when I plug it into the router it does not work because the router blocks it and I have tried everything opening ports and all and it still blocks it. So what I was wanting to do since I can't fix it is buy a new network card so I can have to network adapters or connections one on the motherboard and one on pci. I was wondering if with the two if I could take one from the dsl modem and hook it up to the pc and then use the other port and hook it to the router and still be able to have the internet on my pc and everyone through the router after can anyone help me thanks!!!

Link to comment
Share on other sites
Swimmer TMN Seasoned Veteran

Swimmer

Posted
Posted

ok.. you should be able to do this... What brand router do you have?? have you placed the server in the DMZ? That should take care of it right away.. Also please tell me that you are running a software firewall and virus protection on that server... otherwise you are just asking for trouble when it comes to your network.. What you are trying to do is fairly common and yes does work.. however, you have to have that machine on all of the time and if you get hit with a virus you are directly sending it to the rest of your network.. Because that would be a trusted zone...

Link to comment
Share on other sites
MICROWAVE TMN Veteran

MICROWAVE

Posted
Posted

:) The computer that is configured for DMZ(de-militarized zone=battlefield!!!danger) will be completely vulnerable on the Internet,and as you know as was said this can be a big problem if not dealt with correctly, so I wouldsuggest that you try opening ports from the Virtual Server or Firewall settings before using DMZ if Im understanding what it is your trying to do,(gamer) I think I would try this first although you may still have to take another route!!!!

Microwave

Link to comment
Share on other sites
Swimmer TMN Seasoned Veteran

Swimmer

Posted
Posted

HUH? If you run the internet in to a server, then into your network and plug it into you network.. you have just made that server local.. meaning that if you do get something on that machine or some one is able to hack to the rest of you network... Meaning if something gets though you nortan.. which does happen some times.. you have basically no defense.. assuming that you are running nortan on the network.. however, if you have DMZ it is placed outside of you network.. meaning that it isnt local.. and if you do get something then it will not be able to enter.. because you havent forwarded any ports and NAT is working.. Do you see what I am getting at? :?:

Short for demilitarized zone, a computer or small subnetwork that sits between a trusted internal network, such as a corporate private LAN, and an untrusted external network, such as the public Internet.

so basically all servers should sit outside of the trused area and then can be referenced if need... that way you are not tracking any dirt in...

Link to comment
Share on other sites
unstable Sr. Member

unstable

Posted
Posted

but as far as I know with the DMZ's on the "el-cheapo" home routers, they are not "true-dmz's" where the computer is actually isolated from the other segments in your home.

Generally when you configure a dirty-DMZ in a corporate environment, the server may be on the 192.168.1.x network, while the rest of your machines will be on the 192.168.2.x network. and the router has the routes setup in such a way that the hosts on the DMZ cannot initiate connections to anywhere. :)

Now with these home routers, there is only a single DHCP scope, meaning you can't setup 192.168.1.x and 192.168.2.x...because the router inside interface (where all hosts reside) is going to be 192.168.1.1...or the first useable address in the DHCP scope defined.

Using *real* network equipment, you can setup a virtual interface on the router, so that the single *inside* interface is not only 192.168.1.1 but also 192.168.2.1, then you could have multiple computers hooked into the same switch with different addresses and in order for them to talk they'd have to traverse the router.

In other words...as far as I can tell the DMZ feature on the home routers is crap. Setup port forwarding to port 80 on that server and use IPSEC rules or a firewall to stop the server from talking to other hosts on your network. It would also be a good idea to setup personal firewalls on the other computers just to prevent them from being attacked in the event the server is compromised.

Alternatively you could look at taking an old computer and loading astaro on it, which will give you 3 interfaces on your router, which is what you really need to seperate the server from the other hosts.

Another possibility would be getting another el-cheapo router and plugging that in behind your existing router and setup a different address scheme.

Link to comment
Share on other sites
Shug7272 TMN Seasoned Veteran

Shug7272

Posted
Posted
but as far as I know with the DMZ's on the "el-cheapo" home routers, they are not "true-dmz's" where the computer is actually isolated from the other segments in your home.

Generally when you configure a dirty-DMZ in a corporate environment, the server may be on the 192.168.1.x network, while the rest of your machines will be on the 192.168.2.x network. and the router has the routes setup in such a way that the hosts on the DMZ cannot initiate connections to anywhere. :)

Now with these home routers, there is only a single DHCP scope, meaning you can't setup 192.168.1.x and 192.168.2.x...because the router inside interface (where all hosts reside) is going to be 192.168.1.1...or the first useable address in the DHCP scope defined.

Using *real* network equipment, you can setup a virtual interface on the router, so that the single *inside* interface is not only 192.168.1.1 but also 192.168.2.1, then you could have multiple computers hooked into the same switch with different addresses and in order for them to talk they'd have to traverse the router.

In other words...as far as I can tell the DMZ feature on the home routers is crap. Setup port forwarding to port 80 on that server and use IPSEC rules or a firewall to stop the server from talking to other hosts on your network. It would also be a good idea to setup personal firewalls on the other computers just to prevent them from being attacked in the event the server is compromised.

Alternatively you could look at taking an old computer and loading astaro on it, which will give you 3 interfaces on your router, which is what you really need to seperate the server from the other hosts.

Another possibility would be getting another el-cheapo router and plugging that in behind your existing router and setup a different address scheme.

:shock::shock: If I knew what I was talking about, I would say this guy knows what he is talking about. :huh:

Link to comment
Share on other sites
MICROWAVE TMN Veteran

MICROWAVE

Posted
Posted

Good I fooled you. :D I just like to throw out key buzz words and form intelligent sounding sentences. :D

:) unstable,

First Id like to welcome you to the site and hope you enjoy, my kinda guy doesn't take himself to serious:) of course it is apparent that you knew what you were talking about(I looked up the 2dollar words..LOL) and was able to give a clear picture about the subject matter(and be humble).......Thats what makes this a cool site is that not only is it the best and most accurate site, but the exchange of knowledge is given freely by people like yourself....so glad your here and keep coming back:)

8) Microwave

Link to comment
Share on other sites
unstable Sr. Member

unstable

Posted
Posted

Microwave,

I usually do my best to toss in words that let me off the hook in case I'm way off base and have no idea what I am talking about...these include but are not limited to: "as far as I know, generally, as far as I can tell, possibility...etc. etc"

I've been playing around with computers for awhile now, and one thing I've learned is...when you think you know a thing or two, you don't know $hit.

I recently did a phone interview with Microsoft for a job...and the guy on the other end was asking me some of the wildest questions...like what is a gratuitous arp? Which I had no clue on whatsoever...but those who are wondering, when a computer fires up its' IP Stack it sends out a message asking for its own IP address to see if there's a duplicate address on the line.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...