[mtotton]

Hi,

I have a LAN with up to 5 PCs on it at any time. I use a Linksys router WRT54GL and use cable for most PCs and wireless for a couple (WPA2). I use comodo firewall on each PC and most everything runs fine. I just changed ISP and they installed a new router (a Thomson Speedtouch ST780) configured to run WEP!, but I kept the old one and have a cable to the new one because it occurred to me that it coud be useful.
I work in Information Security and there is no way I was going to have any external access to my lan! :4-thatsba
But with an extra router, I thought I could establish a DMZ with my Synology server in it and thus accessible from the Internet. However, I am not very up to date with internet protocols, so I am not quite sure how to go about it. I have read some guides and setting up a web server seems OK, and I now you can access the web server from the LAN via a local address. My main question is how do I transfer files to/from the server securely? There is a built in FTP service, is that the best way to do it?

Any tips and hints would be gratefully recieved!:grin:

 

[matt261102]

You need to configure a firewall rule to allow port 80(default http port) and port 23(default ftp) connections to the IP address of your web server. As long as you dont allow anonymous access FTP should be fine.

I was also curios you said "there is no way I was going to have any external access to my lan!"
Who was getting external access to your LAN? Any home router provides NAT, which keeps all local LAN devices hidden from external users.

 

[matt261102]

oh and sorry I meant port 21 for FTP. I had just been playing around with a telnet server and had port 23 in my head....sorry

 

[mtotton]

I was also curios you said "there is no way I was going to have any external access to my lan!"
Who was getting external access to your LAN? Any home router provides NAT, which keeps all local LAN devices hidden from external users.

Weeeell, as an afficianado of Shields Up! and running the tests which show ports that are not stealthed, I take care not to have any ports showing to the net.

quote from grc.com:
What's significant for our discussion is that all of the internal machines are interconnected on the same LAN. This is convenient for sharing files and data among the machines, but it creates a security problem if all of the machines are not equally secure and trustworthy. If any malware or Trojan software were to somehow get onto any one of the machines, and that machine is on the LAN with all of the others (as it normally is), the malicious software would have access to every other uninfected machine sharing the once-secure LAN. By sending "ARP broadcasts" to the LAN, an infected machine can determine the IP and "MAC" addresses of every other machine on the LAN . . . and go to work on them."

It's a belt and braces approach, but I haven't even had a virus for years, let alone any other kind of attack.

 

[matt261102]

I guess you can't be too carefull then:smile:

So how did you go with your web and ftp access?

 

[mtotton]

I guess you can't be too carefull then:smile:

So how did you go with your web and ftp access?

It will be a while before I set this up - I am doing my research first, like a good consultant, and will set things up when I have a bit more time. Also, I may be give a server for free (isn't life grand?) and then I need to transfer stuff around before I expose the Synology to the net. I will let you know how it goes. Thanks for the input!

 

[mtotton]

I guess you can't be too carefull then:smile:

So how did you go with your web and ftp access?

It will be a while before I set this up - I am doing my research first, like a good consultant, and will set things up when I have a bit more time. Also, I may be give a server for free (isn't life grand?) and then I need to transfer stuff around before I expose the Synology to the net. I will let you know how it goes. Thanks for the input!