Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

firewall inside of network

Posted on 2016-09-04
9
Medium Priority
?
101 Views
Last Modified: 2016-09-20
one of the computers is a temporary web server.  I had to put it outside of the firewall (DMZ) to make everything work because somehow the uverse router blocks everything even if I open all the ports.  

Since it is now in the DMZ, I want to add some layer of hardware firewall in front of the server.  I am only allowed 1 IP address in the DMZ, its the same as my external address.  So the firewall, router, or whatever I use could not be on the same network as the computer in the DMZ.  It would have to scan packets at the port level regardless of what network it's on.  

I already have the windows 10 firewall on of course.  I guess if I can't make the hardware firewall idea work I would like to add extra security against DoS and other threats on the makeshift server.  

Any ideas?
0
Comment
Question by:icecom4
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 41783935
> somehow the uverse router blocks everything even if I open all the ports.  

technically a firewall behind firewall will be workable, but for your scenario it is not optimal especially if there is only a single host behind the inside firewall.

what's the particular reason blacking everything even if all ports are opened (at where?)?

additionally, the Windows built-in firewall on the computer in DMZ can be enabled for general protection but not for some serious attacks such as DoS.
0
 

Author Comment

by:icecom4
ID: 41783976
I don't really know how uverse is able to stop traffic, but they do.  I opened up all the TCP and UDP ports I need and then later it always stops working, makes me put in DMZ.  This has happened to me with a web, ftp, and gameserver.  I dont know what technology is behind it, perhaps they do this for liability reasons to protect my home network and their equipment, DVR...etc.  

I have a small firewall appliance, but it wants me to assign it an ip address and be on the same network.  In my case, I cant do this.  I was hoping to find something that protects at the physical layer, like maybe a switch that can block ftp and other open ports regardless of the network configuration.
0
 
LVL 37

Expert Comment

by:bbao
ID: 41784018
> I opened up all the TCP and UDP ports I need and then later it always stops working,

better post a screenshot showing how you "opened up all the TCP and UDP ports"?
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Author Comment

by:icecom4
ID: 41784205
0
 
LVL 9

Expert Comment

by:Christopher Jay Wolff
ID: 41784231
If Uverse RG is forcing into DMZ it sounds like in the past, that the Uverse RG had been set up to be in bridge mode for someone using router behind router, where all ports get forwarded from the Uverse RG to your personal router that you bought somewhere, that is behind the Uverse RG.  Are you using two routers?

The 22 minute video shows an example of setting up a bridge and getting forced into DMZ.  Please jump to 10:30 time in the video to verify if this is the screen you're referring to.
https://www.youtube.com/watch?v=LZy1C5qHxKc
0
 
LVL 5

Accepted Solution

by:
Gareth Tomlinson CISSP earned 2000 total points
ID: 41784311
To get back to the original question, it is possible to deploy a hardware firewall in 2 ways;
traditional routed mode, where the web server has a different address and the firewall will NAT the IP address appropriately
transparent mode, where the web server can keep its address, and the firewall sits between it and the router and has no active IP address (apart from management).
You can still enforce traffic control and even application scanning on the transparent firewall.
0
 
LVL 37

Expert Comment

by:bbao
ID: 41784609
do you mean the open ports do not work if you input a large range for ports instead of pointing a DMZ host?
0
 

Author Comment

by:icecom4
ID: 41784770
@ Bing, yes, even if I open up a wide range of ports including port 80 it still does not work, however it did initially and even when I changed nothing, somehow uverse blocked it....shrug.  unless there is a port I am unaware of that needs to be open.  Its a windows server running apache web server and OSQA.  

@ Gareth
which routers have transparent mode?  That might be a solution.  

@Chris
It's not being forced into DMZ, I placed it there to allow the web server to be accessible from outside.  I actually have that nighthawk router but I am using as a wireless AP.  I need both the wifi from uverse and the wifi from the nighthawk because I have a wireless camera system that refuses to work with the nighthawk, so I use uverse wifi only for cameras and everything else on my nighthawk.  However, this is tempting to completely move to the nighthawk.
0
 

Author Closing Comment

by:icecom4
ID: 41806695
thank you!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question