SMC Router Setup for Private File Xfers Over the ?Net?

[Magyar]

(Network Newbie)
I have an SMC Barricade 4 Router working just fine on a local network. Now I want to be able to look for and transfer some files to/from another specific computer on the internet and still keep the system secure. Both have static IP addresses; using DSL connections.

I?m running Win2k Pro and ZoneAlarm.

I?ve tried reading up on networks but got lost, head spinning. Tech support at SMC wasn?t very helpful.

Virtual Server(?), Special Apps(?), Triggers(?), ...Ar-r-rgh!

Can someone help me set up this router to do what I want? When I get to the other system next week I'll have to set that one up too. Or can I do what I want? The SMC tech didn?t think I could do it and still be secure.

TIA!

 

[lordofdeath]

your best bet is use the DMZ zone. set your internal pc IP and enable it .. this will by pass the firewall for that specific IP

 

[kingink]

Yes, it will bypass the hardware firewall and leave that machine out in the open.
Please protect that machine with some sort of software firewall at least or if a *nix system then only allow the services that you are providing with that DMZ'ed machine.

The DMZ stands for demilitarized zone. So your machine would not be secure if you left it out there. Under the virtual server section, you will see the id # the service port, the internal ip address, and an enable switch. At the bottom of the page you will see a drop down list that has well known services and their ports in parentheses. You can bind these ports/services to an id# and internal ip address.
You can use other ports than those provided there for your services if you need to do so.

say you are setting up ftp then you want to enable ports 21 and 22. you then enter the internal ip of the machine for the same id for each port. (You could also just identify well known service ftp to id number whatever at the bottom of this page.) If you are running an illegal server because your ISP prohibits that then you would want to allow the services on another port say port 1972 for ftp. Just have the ftp service and server running on the machine with the internal ip that you assign.

Now you enable it by checking the box. Next you save this and then reboot the router. Now you should already have your ftp setup in win2k. So when you have people contact the external ip you have, then all requests for that service/port will be forwarded to the internal ip you assigned.

You might want to look into ssh and scp(secure copy.)

Boy, that seems really messy.

I hope it helps though.


kingink

 

[JackMDS]

You can try to use software solution, like Symantec pcAnywhere.

You will have to open few ports in the Barricade, Special AP menu.

With software solution you can leave open the few ports that the software uses, you don?t have to ?expose? your whole system.

 

[Magyar]

[WOW, between the time I read the first answer this morning and was ready to send the message below, I see two other responses, close to my own thoughts. I'm at work now, so I'll read the comments carefully at home. Thanks, guys!]

Seems that would leave this computer wide open. Although I'm running ZoneAlarm, I'd still be goosey since the computer is on but unattended for days at a time.

I've looked at PGP freeware which has VPN capability but from my first read-thru it looks like it may not support a NAT device.

I think I have another option and that is to use PCAnywhere but that seems like overkill since I don't need to control the other PC, just transfer files every once in a while.

 

[JackMDS]

There are some shareware staff that does what pcAny (more or less) does for less money.

I tried one a while ago, but it was too cumbersome to configure.

Take a look at this collection:

http://www.davecentral.com/cgi-bin/search.pl?query=remote

 

[Magyar]

JackMDS: davecentral has a couple or three remote control pgms that look interesting at a very quick first glance - "Minicom", "DHCP/BOOTP Server" and maybe "RemoteControl-DG". I'll check them out.

I do have PCAnywhere 8.0 that I haven't used for a while. I think there's an upgrade rebate to the later version. That may be the easiest way to go.

I'd still like to use the VPN of PGPnet if I can though, since I already have PGP set up for email. I just have to do a little more homework to see if it really doesn't support a NAT device. PGPnet will just make me feel more secure.

Since I'm using ZoneAlarm, I'll also add the computer at the 'other' end to my local zone so only it and the other servers I specified will get thru.

Thanks to all. The Barricade set-up is much clearer now.