Link to home
Start Free TrialLog in
Avatar of icecom4
icecom4Flag for United States of America

asked on

firewall inside of network

one of the computers is a temporary web server.  I had to put it outside of the firewall (DMZ) to make everything work because somehow the uverse router blocks everything even if I open all the ports.  

Since it is now in the DMZ, I want to add some layer of hardware firewall in front of the server.  I am only allowed 1 IP address in the DMZ, its the same as my external address.  So the firewall, router, or whatever I use could not be on the same network as the computer in the DMZ.  It would have to scan packets at the port level regardless of what network it's on.  

I already have the windows 10 firewall on of course.  I guess if I can't make the hardware firewall idea work I would like to add extra security against DoS and other threats on the makeshift server.  

Any ideas?
Avatar of bbao
bbao
Flag of Australia image

> somehow the uverse router blocks everything even if I open all the ports.  

technically a firewall behind firewall will be workable, but for your scenario it is not optimal especially if there is only a single host behind the inside firewall.

what's the particular reason blacking everything even if all ports are opened (at where?)?

additionally, the Windows built-in firewall on the computer in DMZ can be enabled for general protection but not for some serious attacks such as DoS.
Avatar of icecom4

ASKER

I don't really know how uverse is able to stop traffic, but they do.  I opened up all the TCP and UDP ports I need and then later it always stops working, makes me put in DMZ.  This has happened to me with a web, ftp, and gameserver.  I dont know what technology is behind it, perhaps they do this for liability reasons to protect my home network and their equipment, DVR...etc.  

I have a small firewall appliance, but it wants me to assign it an ip address and be on the same network.  In my case, I cant do this.  I was hoping to find something that protects at the physical layer, like maybe a switch that can block ftp and other open ports regardless of the network configuration.
> I opened up all the TCP and UDP ports I need and then later it always stops working,

better post a screenshot showing how you "opened up all the TCP and UDP ports"?
If Uverse RG is forcing into DMZ it sounds like in the past, that the Uverse RG had been set up to be in bridge mode for someone using router behind router, where all ports get forwarded from the Uverse RG to your personal router that you bought somewhere, that is behind the Uverse RG.  Are you using two routers?

The 22 minute video shows an example of setting up a bridge and getting forced into DMZ.  Please jump to 10:30 time in the video to verify if this is the screen you're referring to.
https://www.youtube.com/watch?v=LZy1C5qHxKc
ASKER CERTIFIED SOLUTION
Avatar of Gareth Tomlinson CISSP
Gareth Tomlinson CISSP
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
do you mean the open ports do not work if you input a large range for ports instead of pointing a DMZ host?
Avatar of icecom4

ASKER

@ Bing, yes, even if I open up a wide range of ports including port 80 it still does not work, however it did initially and even when I changed nothing, somehow uverse blocked it....shrug.  unless there is a port I am unaware of that needs to be open.  Its a windows server running apache web server and OSQA.  

@ Gareth
which routers have transparent mode?  That might be a solution.  

@Chris
It's not being forced into DMZ, I placed it there to allow the web server to be accessible from outside.  I actually have that nighthawk router but I am using as a wireless AP.  I need both the wifi from uverse and the wifi from the nighthawk because I have a wireless camera system that refuses to work with the nighthawk, so I use uverse wifi only for cameras and everything else on my nighthawk.  However, this is tempting to completely move to the nighthawk.
Avatar of icecom4

ASKER

thank you!