Stone_age Posted July 24, 2005 Share Posted July 24, 2005 Ok, here is the wierd part, I have three PC's that are connected to the net thru a wired router, I Also have two other PC's that I want to use as servers, one with windows, as a file share, the other with FC3 for use as a in house http server, for use in tweaking my own forum without worring about messing up my host server. The two servers I do not want connected to the internet in any way, to avoid hacks. Now my plan is this, to add secondary NICs to the internet capable machines, and run them to a network switch, to which the servers will be connected. Is this possible? Link to comment Share on other sites More sharing options...
jcarle Posted July 24, 2005 Share Posted July 24, 2005 Unless you port forward your router to the servers, they cannot be accessed from the Internet. And there is no secure way to make your two servers safe if they are part of a network that has access to the Internet no matter which way you configure them. If one machine can be accessed from the outside, they all theoretically can get hacked. The best way is to insure that no port forwarding is in effect with your router and you will be one step safer. Link to comment Share on other sites More sharing options...
Stone_age Posted July 24, 2005 Author Share Posted July 24, 2005 I have all port forwarding disabled in the router. I know there is always a hacking possibility. I tried the linux server once before thru the router with 80 open supposedly only to my internal network, I was hacked in minutes, so I gave up that plan. Just looking for a safer way to do this. Link to comment Share on other sites More sharing options...
jcarle Posted July 25, 2005 Share Posted July 25, 2005 I don't know much about linux security, I specialize mostly in Windows based systems. See the problem is that even if you install secondary network cards, just the fact that one of the machines connects to the internet leaves that "door" possibility. My only advice would be to forward only the absolute minimum of ports. Make sure all your computers are secured with alphanumeric passwords and have all of the latest operating system and application level updates possible. Link to comment Share on other sites More sharing options...
RogueSpear Posted July 25, 2005 Share Posted July 25, 2005 Something I tried recently on a smaller network was to take a really old good for nothing computer and just set it up as sacrificial lamb in the DMZ. Mind you it's running XP SP2 with all of the patches and updates so that it won't get taken down immediately. But it gives the kiddies something to mess with, generally drawing attention away from what matters.There's all sorts of other things you can do as well but that would involve a rather lengthy reply, not to mention an endless debate on what's better. Link to comment Share on other sites More sharing options...
jcarle Posted July 25, 2005 Share Posted July 25, 2005 (edited) There's all sorts of other things you can do as well but that would involve a rather lengthy reply, not to mention an endless debate on what's better.Because no one ever argues about what's better? Right? Heh... network security is such a subjective matter that can be debated without end. Edited July 25, 2005 by jcarle Link to comment Share on other sites More sharing options...
chilifrei64 Posted July 25, 2005 Share Posted July 25, 2005 Remove the default gateway from the servers you dont want to have access to the internet....No Default Gateway.. No Internet Access Link to comment Share on other sites More sharing options...
jcarle Posted July 25, 2005 Share Posted July 25, 2005 No gateway also means no routing within the local network doesn't it? Link to comment Share on other sites More sharing options...
chilifrei64 Posted July 25, 2005 Share Posted July 25, 2005 (edited) No default gateway means no communication with devices on ANOTHER subnet.. Local subnet still accessibleDefault gateway is your doorway out of the lan into the wan..if you dont have one then you cant fine your way out.Routing is non-existant on a single subnet lan anyways Edited July 25, 2005 by chilifrei64 Link to comment Share on other sites More sharing options...
jcarle Posted July 25, 2005 Share Posted July 25, 2005 Point taken and agreed. Good work. Link to comment Share on other sites More sharing options...
Stone_age Posted July 30, 2005 Author Share Posted July 30, 2005 (edited) Thank you very much! Its working as planned, no default gateway since all info is being sent and recieved to and from the file server thru secondary NIC's on the IE capable machines. The primary NICs have only TCP/IP protocol enabled, and are not bridged to the secondary's. Edited July 31, 2005 by Stone_age Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now