• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

router behind a router / DMZ

Colt45

Colt45

Lifer
I've only got one IP, and i want the http server to be isolated from the LAN, in case of getting pwned.


So:

WAN -> router -> server, second router -> LAN

Does this make sense, or is there a better way of doing it?
If i set the first router as 192.168.1.x, and the second as 192.168.2.x - the LAN should be able to see the server, but not vice versa? or..?

I guess i can load an old box up with a bunch of NICs, should be able to segregate things that way too, but not exactly power friendly.

Anyways - any recommendations would be nice.

netowrking isn't my strong point 🙁
 
I can't say this is failproof protection, but it should work. An even more power friendly and less headache inducing solution would be to host your http offsite. Offsite http hosting will probably reduce your work, increase your security, and increase your uptime -- and for very little money.
 
The traffic from the LAN is still passing through the same Layer 2 as the server as it passes ot the internet, so it really isn't doing much. You'll need 3 routers to completely segregate this setup. 1 router to the internet and 2 additional routers - 1 for the LAN and 1 for the "DMZ".
 
I can't say this is failproof protection, but it should work. An even more power friendly and less headache inducing solution would be to host your http offsite. Offsite http hosting will probably reduce your work, increase your security, and increase your uptime -- and for very little money.
Click to expand...

Depends on the host, I'd say it would probably also increase your headaches but then I'm a bit of a control freak when it comes to that kind of stuff.
 
From a topology point of view there is No difference between the relation of the server and the LAN in local segregation arrangement or outside Hosting.

Why do you need the server to connect on it own to the LAN?
 
Well I'd still have physical access and a serial link to the server, i couldn't have that with external hosting.

besides, it's free, good learning experience, and I've got too many PC'a collecting dust anyways. 🙂
 
You would be able to access the Server from the second level and the server would respond back as needed.

If you sit at the Server and try to access from it a computer on the second level it would be stopped by the second Router's NAT.

You can install UltraVNC on the second level and set it to be accessed by the server through the NAT if you would like to.

Network Segregation - http://www.ezlan.net/shield.html

 
Yeah, that will work. Now i just need to pull a whole box of cable through a (mostly) finished basement. awesome 🙁
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top