• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

LAN Security with public servers

I

InlineFour

Banned
for comsumers, is the safest and cheapest solution for securing an internal lan with public webservers is by using 2 NAT routers?

teh evil int3rweb > external NAT > public webserver > internal NAT > internal machines

is this essentially how most commercial LANs are secured, by segregating the public computers from the internal computers?
 
not sure it's the best way, but we don't ever double-nat. We run web->Pix (non nat)->7500 (core router)-> servers/machines on live IP's. the PIX also has a nat pool for several secured networks.
 
I could be wrong but you dont necessarily have to NAT them just do this

Internet--->Firewall--->external network--->firewall---->internal network.
 
not sure it's the best way, but we don't ever double-nat. We run web->Pix (non nat)->7500 (core router)-> servers/machines on live IP's. the PIX also has a nat pool for several secured networks.
Click to expand...

cisco pix would be overkill on a home network and expensive as well.

Internet--->Firewall--->external network--->firewall---->internal network.
Click to expand...

firewall is a general term. a NAT router is essentially a "firewall", but there could be better solutions.

JackMDS, what would be the next step better than 2 NAT routers for network segregation? 🙂
 
Best, Safest etc. are all ?Relative? terms.

Relative to the needs and the environment that it is only known to you.

So, upward the next step would involves professional system with special hardware, or and Central Server system (like Win2003) with ISA and RADUIS.

Downward, as posted above software Firewalls. Assign Static IPs (or reserve IPs within DHCP if your Router can do so). Leave a small open range of DHCP for the public Wireless, and use the Trusted Zone of the Firewall to curb traffic between the Wireless IPs and the Static/Reserved IPs.

:sun:
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top