Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 116
  • Last Modified:

firewall inside of network

one of the computers is a temporary web server.  I had to put it outside of the firewall (DMZ) to make everything work because somehow the uverse router blocks everything even if I open all the ports.  

Since it is now in the DMZ, I want to add some layer of hardware firewall in front of the server.  I am only allowed 1 IP address in the DMZ, its the same as my external address.  So the firewall, router, or whatever I use could not be on the same network as the computer in the DMZ.  It would have to scan packets at the port level regardless of what network it's on.  

I already have the windows 10 firewall on of course.  I guess if I can't make the hardware firewall idea work I would like to add extra security against DoS and other threats on the makeshift server.  

Any ideas?
0
icecom4
Asked:
icecom4
1 Solution
 
bbaoIT ConsultantCommented:
> somehow the uverse router blocks everything even if I open all the ports.  

technically a firewall behind firewall will be workable, but for your scenario it is not optimal especially if there is only a single host behind the inside firewall.

what's the particular reason blacking everything even if all ports are opened (at where?)?

additionally, the Windows built-in firewall on the computer in DMZ can be enabled for general protection but not for some serious attacks such as DoS.
0
 
icecom4Author Commented:
I don't really know how uverse is able to stop traffic, but they do.  I opened up all the TCP and UDP ports I need and then later it always stops working, makes me put in DMZ.  This has happened to me with a web, ftp, and gameserver.  I dont know what technology is behind it, perhaps they do this for liability reasons to protect my home network and their equipment, DVR...etc.  

I have a small firewall appliance, but it wants me to assign it an ip address and be on the same network.  In my case, I cant do this.  I was hoping to find something that protects at the physical layer, like maybe a switch that can block ftp and other open ports regardless of the network configuration.
0
 
bbaoIT ConsultantCommented:
> I opened up all the TCP and UDP ports I need and then later it always stops working,

better post a screenshot showing how you "opened up all the TCP and UDP ports"?
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
icecom4Author Commented:
0
 
Christopher Jay WolffWiggle My Legs, OwnerCommented:
If Uverse RG is forcing into DMZ it sounds like in the past, that the Uverse RG had been set up to be in bridge mode for someone using router behind router, where all ports get forwarded from the Uverse RG to your personal router that you bought somewhere, that is behind the Uverse RG.  Are you using two routers?

The 22 minute video shows an example of setting up a bridge and getting forced into DMZ.  Please jump to 10:30 time in the video to verify if this is the screen you're referring to.
https://www.youtube.com/watch?v=LZy1C5qHxKc
0
 
Gareth Tomlinson CISSPNetwork and Security ManagerCommented:
To get back to the original question, it is possible to deploy a hardware firewall in 2 ways;
traditional routed mode, where the web server has a different address and the firewall will NAT the IP address appropriately
transparent mode, where the web server can keep its address, and the firewall sits between it and the router and has no active IP address (apart from management).
You can still enforce traffic control and even application scanning on the transparent firewall.
0
 
bbaoIT ConsultantCommented:
do you mean the open ports do not work if you input a large range for ports instead of pointing a DMZ host?
0
 
icecom4Author Commented:
@ Bing, yes, even if I open up a wide range of ports including port 80 it still does not work, however it did initially and even when I changed nothing, somehow uverse blocked it....shrug.  unless there is a port I am unaware of that needs to be open.  Its a windows server running apache web server and OSQA.  

@ Gareth
which routers have transparent mode?  That might be a solution.  

@Chris
It's not being forced into DMZ, I placed it there to allow the web server to be accessible from outside.  I actually have that nighthawk router but I am using as a wireless AP.  I need both the wifi from uverse and the wifi from the nighthawk because I have a wireless camera system that refuses to work with the nighthawk, so I use uverse wifi only for cameras and everything else on my nighthawk.  However, this is tempting to completely move to the nighthawk.
0
 
icecom4Author Commented:
thank you!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now