Solved

Vigor ADSL router, Win2k Server

Posted on 2003-12-10
6
532 Views
Last Modified: 2010-03-17
We have a small network at work consisting of about 16 PCs and one server (Win2k server). We used to have an ISDN modem for our Internet connection which was connected directly to the server. We have Sophos virus checker on the server, plus a firewall.

Now we have broadband and the company who set it up have plugged it into the fax line, fair enough. But this line is far away from the server and it is plugged into the ethernet network. That now means that anybody can bypass the fileserver (ie the proxy) and connect directly to the ADSL router. Which also means bypassing the firewall and virus scanner. While we have set up the PCs to use the proxy server, we can't guarantee that the "clever" ones amongst us will never change it to suit them.

An additional problem we now have is that we have a custom designed software fault tracking system which is accessible by us and by our customers via the internet. The database is off-site on another server. The software here is supposed to connect through port 3306. And it does... most of the time. However, it is very slow. Somebody managed to frig it so that it connects directly to the router and it is lightening fast. However, we're now back to the bypassing-the-firewall-and-virus-checker problem.

The connection speed is 2Mbps, in theory 4x faster than mine at home, yet slower in practise.

So my questions are:
1. How can we stop people connecting directly to the router?
2. How can we configure the router to only accept requests from the proxy server?
3. How can we block ports like MSN Messenger if (2) can't be done (I know how to do it on Win2kServer, but somebody is bypassing it)
4. Any ideas why the proxy server would slow things down to a crawl?

Many thanks

Geoff M.
0
Comment
Question by:gmayo
  • 3
  • 3
6 Comments
 
LVL 7

Accepted Solution

by:
Robing66066 earned 500 total points
ID: 9915069
1.  There are a couple of ways to do it, depending on what you have available.  The best way is to segment the connection between the proxy and the router.  You can do that one of two ways.

A.  Run a cable from the router to the proxy.  Plug the router directly into the proxy.  (easy enough)
B.  Set up a VLAN that the router and the outside interface of your proxy server is a member of, but no one else.  

2.  Yes, depending on the brand of router you are using.  You can set up an Access Control List on a good router that tells it to only accept packets from your proxy server.  How you implement that will differ depending on the router you are using.

3.  Once you have everyone using your proxy, simply set it up to refuse that traffic on the proxy.   (Sounds like you already know how to do this, once problem 1 is fixed.)

4.  Hardware/software misconfigurations and problems aside, it could be that the application uses a port that your proxy isn't expecting and has a hard time dealing with.  I would try opening up the proxy completely, and allowing full access between the two devices.  If it is still slow, you need to look somewhere else for the problem.  If the speed problem goes away, you need to sniff the communication to see what ports it is *really* using.

Good luck!
0
 
LVL 8

Author Comment

by:gmayo
ID: 9915184
Hi,

Thanks for replying. (A) is a problem as we're in an old church and it would mean digging up approx 100 yards of solid stone - not feasible unfortunately!

How do I do (B)? Does this involve subnet masks or anything like that? My eyes tended to rest when the lecturers at Uni went on about that sort of thing...

2. I do seem to remember an ACL on the router - it's a Vigor 2600. If there is, then that should solve (A/B) presumably.

3. Yep

4. Without knowing too much about Win2k Server, I have set up specific filters to allow connections to and from this port. But I'll give your suggestion a go tomorrow.

Many thanks

Geoff M.
0
 
LVL 7

Expert Comment

by:Robing66066
ID: 9915233
VLAN's are usually part of your switch configuration.  You can usually set them just through the port commands same as you would set a speed or duplex.  Check your manual for the exact process, but if you are able to set ACL's, then you don't have to worry about that anyway.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 8

Author Comment

by:gmayo
ID: 9915282
Okay, thanks. I've never had to do that sort of thing before. I'm a programmer, not a network administrator, but since we're a small company, *somebody* (ie me) has to do it!

Geoff M.
0
 
LVL 7

Expert Comment

by:Robing66066
ID: 9915671
No sweat.  Just do it after hours cause if you accidentally isolate your users from the server using VLAN's, you may have to dodge rotten vegtables for the rest of the day...

Good luck!
0
 
LVL 8

Author Comment

by:gmayo
ID: 9938218
Hmmm. The server supplier says get in touch with the people that installed the router. The people that installed the router say get in touch with the IT support people. The IT support people say get in touch with the server supplier. Great.

I wasn't able to try some things mainly because of a lack of time. I was wrong about bypassing the proxy, it seems you cannot do that anyway.

But thanks for the help, it may well be useful in the future!

Geoff M.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ASYNC Bandwidth (cable modem) Theoretical Speed Limit 5 94
Comcast Dualband Gateway/ Router Doubt 11 120
How measure internet bandwidth usage 5 90
Internet Speed Test 5 101
Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now