Tech Support Forum banner
Cancel

Setting up a dmz at home

7683 Views 6 Replies 2 Participants Last post by  mtotton
M
Hi,

I have a LAN with up to 5 PCs on it at any time. I use a Linksys router WRT54GL and use cable for most PCs and wireless for a couple (WPA2). I use comodo firewall on each PC and most everything runs fine. I just changed ISP and they installed a new router (a Thomson Speedtouch ST780) configured to run WEP!:eek:, but I kept the old one and have a cable to the new one because it occurred to me that it coud be useful.
I work in Information Security and there is no way I was going to have any external access to my lan! :4-thatsba
But with an extra router, I thought I could establish a DMZ with my Synology server in it and thus accessible from the Internet. However, I am not very up to date with internet protocols, so I am not quite sure how to go about it. I have read some guides and setting up a web server seems OK, and I now you can access the web server from the LAN via a local address. My main question is how do I transfer files to/from the server securely? There is a built in FTP service, is that the best way to do it?

Any tips and hints would be gratefully recieved!:grin:
Save
Like
Status
Not open for further replies.
1 - 7 of 7 Posts
M
You need to configure a firewall rule to allow port 80(default http port) and port 23(default ftp) connections to the IP address of your web server. As long as you dont allow anonymous access FTP should be fine.

I was also curios you said "there is no way I was going to have any external access to my lan!"
Who was getting external access to your LAN? Any home router provides NAT, which keeps all local LAN devices hidden from external users.
Save
Like
M
oh and sorry I meant port 21 for FTP. I had just been playing around with a telnet server and had port 23 in my head....sorry
Save
Like
M
matt261102 said:
I was also curios you said "there is no way I was going to have any external access to my lan!"
Who was getting external access to your LAN? Any home router provides NAT, which keeps all local LAN devices hidden from external users.
Click to expand...
Weeeell, as an afficianado of Shields Up! and running the tests which show ports that are not stealthed, I take care not to have any ports showing to the net.

quote from grc.com:
What's significant for our discussion is that all of the internal machines are interconnected on the same LAN. This is convenient for sharing files and data among the machines, but it creates a security problem if all of the machines are not equally secure and trustworthy. If any malware or Trojan software were to somehow get onto any one of the machines, and that machine is on the LAN with all of the others (as it normally is), the malicious software would have access to every other uninfected machine sharing the once-secure LAN. By sending "ARP broadcasts" to the LAN, an infected machine can determine the IP and "MAC" addresses of every other machine on the LAN . . . and go to work on them."

It's a belt and braces approach, but I haven't even had a virus for years, let alone any other kind of attack.
Save
Like
M
I guess you can't be too carefull then:smile:

So how did you go with your web and ftp access?
Save
Like
M
matt261102 said:
I guess you can't be too carefull then:smile:

So how did you go with your web and ftp access?
Click to expand...
It will be a while before I set this up - I am doing my research first, like a good consultant, and will set things up when I have a bit more time. Also, I may be give a server for free (isn't life grand?) and then I need to transfer stuff around before I expose the Synology to the net. I will let you know how it goes. Thanks for the input!
Save
Like
M
matt261102 said:
I guess you can't be too carefull then:smile:

So how did you go with your web and ftp access?
Click to expand...
It will be a while before I set this up - I am doing my research first, like a good consultant, and will set things up when I have a bit more time. Also, I may be give a server for free (isn't life grand?) and then I need to transfer stuff around before I expose the Synology to the net. I will let you know how it goes. Thanks for the input!
Save
Like
1 - 7 of 7 Posts
Status
Not open for further replies.
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top