router behind a router / DMZ

Toggle sidebar Toggle sidebar
Colt45

Colt45

Lifer
Apr 18, 2001
19,720
1
0
I've only got one IP, and i want the http server to be isolated from the LAN, in case of getting pwned.


So:

WAN -> router -> server, second router -> LAN

Does this make sense, or is there a better way of doing it?
If i set the first router as 192.168.1.x, and the second as 192.168.2.x - the LAN should be able to see the server, but not vice versa? or..?

I guess i can load an old box up with a bunch of NICs, should be able to segregate things that way too, but not exactly power friendly.

Anyways - any recommendations would be nice.

netowrking isn't my strong point :(
 
G

greenbean

Member
Jul 25, 2008
26
0
0
I can't say this is failproof protection, but it should work. An even more power friendly and less headache inducing solution would be to host your http offsite. Offsite http hosting will probably reduce your work, increase your security, and increase your uptime -- and for very little money.
 
J

Jamsan

Senior member
Sep 21, 2003
795
0
71
The traffic from the LAN is still passing through the same Layer 2 as the server as it passes ot the internet, so it really isn't doing much. You'll need 3 routers to completely segregate this setup. 1 router to the internet and 2 additional routers - 1 for the LAN and 1 for the "DMZ".
 
Nothinman

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
I can't say this is failproof protection, but it should work. An even more power friendly and less headache inducing solution would be to host your http offsite. Offsite http hosting will probably reduce your work, increase your security, and increase your uptime -- and for very little money.
Click to expand...

Depends on the host, I'd say it would probably also increase your headaches but then I'm a bit of a control freak when it comes to that kind of stuff.
 
JackMDS

JackMDS

Elite Member
Super Moderator
Oct 25, 1999
29,528
415
126
From a topology point of view there is No difference between the relation of the server and the LAN in local segregation arrangement or outside Hosting.

Why do you need the server to connect on it own to the LAN?
 
Colt45

Colt45

Lifer
Apr 18, 2001
19,720
1
0
Well I'd still have physical access and a serial link to the server, i couldn't have that with external hosting.

besides, it's free, good learning experience, and I've got too many PC'a collecting dust anyways. :)
 
JackMDS

JackMDS

Elite Member
Super Moderator
Oct 25, 1999
29,528
415
126
You would be able to access the Server from the second level and the server would respond back as needed.

If you sit at the Server and try to access from it a computer on the second level it would be stopped by the second Router's NAT.

You can install UltraVNC on the second level and set it to be accessed by the server through the NAT if you would like to.

Network Segregation - http://www.ezlan.net/shield.html

 
Colt45

Colt45

Lifer
Apr 18, 2001
19,720
1
0
Yeah, that will work. Now i just need to pull a whole box of cable through a (mostly) finished basement. awesome :(
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom