Results 1 to 12 of 12

Thread: LAN protection

  1. #1
    Junior Member
    Join Date
    Apr 2002
    Posts
    25

    Question LAN protection

    Hello I have a LAN connected to a NETOPIA 3347W router and recently installed on the server (win2k server) Terminal Services Application Mode, we access from a different country this server...

    Before setting up TS on it, we could not access the server because it's internal IP address is: 192.x.x.x so from the router we setup a bridge and applied a valid IP address (in this case 65.x.x.x) and of course we're able to remote control very good.

    Now, we're looking for a secure way to protect our data at the Win2k Server, so what do you recommend?

    VPN, Firewall, what?

    Thanks for your time,

    Cheers,
    Jac.

  2. #2
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,913
    Get it back behind the NAT firewall ASAP!!!!!!!

    And simply forward port 3389 to the LAN IP of the server.

    And from the outside, you'll connect your remote desktop or TS client to the WAN IP that the router obtains.
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  3. #3
    Junior Member
    Join Date
    Apr 2002
    Posts
    25
    Ok now I dont have access to the web admin of the router, I will try it tomorrow, and check because I really don't know how to do that. Thank you.

  4. #4
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,913
    Netopias are usually 192.168.1.254 (I have one myself, although a 3546 model)
    Admin for password, and often the serial number on the bottom of the unit for the password.

    Server hanging out there unprotected, with Server and Workstation services bound to that NIC...oh boy! Oh boy! Don't want that at all! All ports are exposed...virtually hanging the servers butt out there naked, waiting to be pillaged and plundered. Hope you have strong passwords on it at least. Windows updates, good antivirus, etc.

    Bottom line. Get it back on a private LAN IP behind that NAT protection...fast as you can.
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  5. #5
    Junior Member
    Join Date
    Apr 2002
    Posts
    25
    Hi, yes that's our main worry. I went to the router web administration page, at "security" button I saw: ClearSailing, SilentRunning and LANdlocked, so I wonder which of these options should I use? Thanks.

  6. #6
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,913
    Not there...those are various settings for the router:
    ClearSailing...the router runs NAT, but responds to some outside probes, like PING.
    SilentRunning..you're running completely hidden (what I used when I ran this router)
    LANlocked...completely shuts off traffic in both directions, nobody can get in or out...basically the router is running, but effectively shut down.

    What you want is the port forwarding section...but Netopia calls it "Pinholes".

    Read up on it here:
    http://www.netopia.com/en-us/support...e/CQG_025.html
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  7. #7
    Junior Member
    Join Date
    Apr 2002
    Posts
    25
    Ok I only need Win2k Server provided TS for my clients, not other services, I supposed I need add a pinhole to the specify port of the TS and that's all?

    And also leave as it is the router (ClearSailing) checked button?

  8. #8
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,913
    Yes, only create a pinhole for TS to come through, forwarding to the LAN IP of the server. Server should be a static IP address, not dynamic. Is your server running as a DC? Any other servers on the network?

    I'd go with Silent Running, that's what I was using on my Netopia router at home when I was using it.
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  9. #9
    Junior Member
    Join Date
    Apr 2002
    Posts
    25
    Yes, we're using a DC, and also from the router we have VoIP, does these changes affect? Thanks.

  10. #10
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,913
    I'm not overly familiar with VOIP services. You running that from another hardware device? Did it work when your server was behind NAT before?

    I was asking about the DC stuff, just to review your TCP/IP settings on the server, since you have to have it on a static IP address.

    Examle,
    Server IP
    192.168.1.11
    Subnet 255.255.255.0

    Gateway
    192.168.1.254 (assuming that's the LAN IP your router is at)

    DNS
    192.168.1.11 (Server should only use itself as the one and only DNS server, unless you're running DNS on another DC on your LAN if you have more than 1 server)

    WINS (if you're running that for Win9X clients)
    192.168.1.11 (if your do run WINS on that same box)

    Any/all Win 2K/XP based clients should use the server running DNS as their onw and only DNS server.
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  11. #11
    Junior Member
    Join Date
    Apr 2002
    Posts
    25
    Yes, it was working before doing the bridge to the win2kserver, actually it's working now, but the server is unsecure. The example you mentioned is very similar to what we have.

  12. #12
    Mad Overclocker m4a2t0t's Avatar
    Join Date
    Apr 2001
    Location
    Phoenix AZ
    Posts
    3,962
    Put in a firewall between sites and setup VPN connections between them.
    Will Work For FSB

Similar Threads

  1. LAN & Cable Modem NIC's
    By bazza in forum Networking Forum
    Replies: 0
    Last Post: 07-28-02, 04:53 PM
  2. New CD Copy Protection out!!!
    By terrancelam in forum General Discussion Board
    Replies: 4
    Last Post: 12-03-01, 11:03 PM
  3. Lan Party went VERY bad!
    By ColdFusion in forum General Discussion Board
    Replies: 16
    Last Post: 08-20-01, 09:32 AM
  4. how do i install my: 10base/100basetx network adapter (lan card)
    By cyberdude in forum General Broadband Forum
    Replies: 8
    Last Post: 11-20-00, 08:30 PM
  5. Church LAN ADSL HIGH SPEED 6MPS L@@K
    By cytech in forum Network Security
    Replies: 3
    Last Post: 03-19-00, 05:15 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •