 gt7697cPremium
join:2001-02-16
The Hive | reply to krygen
Re: Isolating a System on a Home Network 
No I am not splitting the line at this time.
In the setup that I have Router 1 recieves the WAN connection and then shares the WAN connection with Router 2. This allows to me to manage the servers from the LAN side, and it allows protection should the server side get infected. While I don't have a True DMZ for the Servers or my LAN systems...I do still have a DMZ. (Or really I have something that marketing for these Routers calls a DMZ.) I have never had to use the DMZ for the Routers, I just simply forward the necessary ports. This allows for added protection as a DMZ means everything is open to that 1 machine or systems, while Port Forwarding means only a limited amount of ports are open to the system or machine the rest are still blocked.
So in essence Router 2 is assigned an IP subnet of Router 1 for Router 2's WAN connection. Router 2's LAN IP is different than Router 1's LAN IP.
HTH.:)
--
Just my 2 bits. |
|
| One more thing; If you have any tinfoil hats laying around the house.
You could try forwarding the ports you want. But instead of running the services you want, you could pick up portpeeker. A slick program by LinkLogger »www.linklogger.com/portpeeker.htm Bind portpeeker to those forwarded ports and see what activity it picks up. This will give you an idea of possible nasties trying to connect to you. |
|
gt7697cPremium
join:2001-02-16
The Hive
1 edit | You did a good job of explaining my setup, I better go break out the Tin Foil hat now and hide under my server..or better yet hide my servers.:)
__________
Speaking of Tin Foil hats, if you don't want your buddy able to connect to you; setup the software firewall to block him from connecting and learning how to hack/exploit your system.
Please read my comments below. Thanks.:)
--
Just my 2 bits. |
|
|
|
 skelet0rPremium
join:2004-04-26
Florence, AL | Doesn't sound like much of a buddy if he is trying to hack your system  |
|
gt7697cPremium
join:2001-02-16
The Hive | Was not intended to sound as if I have a buddy trying to hack a system, or that I was trying to hack a system.
What I was saying is that Router 2 is above Router 1 in the configuration. Therefore Router 2 can access systems in Router 1 and can also access the Modem. Router 1 can access the modem, but can not access Router 2's systems. Since I do not know Krygen's buddy, I thought I would try to point that out. From the looks of how I worded it I didn't get my point across.
To stop that activity/behavior you would configure a Software Firewall to block any connection attempts from Router 2's IP subnet, and it would stop any malicious activities either by: person (from Router 2 accessing the system in Router 1), virus, trojan, or spam.
This only effects systems in Router 1 not Router 2 if anyone uses my configuration. However it is not a problem for me as I am the only one that 1. Knows about the setup and is bright enough to go looking around the network to find anything at my house. 2. The only one who manages it.
HTH.:)
--
Just my 2 bits. |
|
