Solved

firewall inside of network

Posted on 2016-09-04
9
66 Views
Last Modified: 2016-09-20
one of the computers is a temporary web server.  I had to put it outside of the firewall (DMZ) to make everything work because somehow the uverse router blocks everything even if I open all the ports.  

Since it is now in the DMZ, I want to add some layer of hardware firewall in front of the server.  I am only allowed 1 IP address in the DMZ, its the same as my external address.  So the firewall, router, or whatever I use could not be on the same network as the computer in the DMZ.  It would have to scan packets at the port level regardless of what network it's on.  

I already have the windows 10 firewall on of course.  I guess if I can't make the hardware firewall idea work I would like to add extra security against DoS and other threats on the makeshift server.  

Any ideas?
0
Comment
Question by:icecom4
9 Comments
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 41783935
> somehow the uverse router blocks everything even if I open all the ports.  

technically a firewall behind firewall will be workable, but for your scenario it is not optimal especially if there is only a single host behind the inside firewall.

what's the particular reason blacking everything even if all ports are opened (at where?)?

additionally, the Windows built-in firewall on the computer in DMZ can be enabled for general protection but not for some serious attacks such as DoS.
0
 

Author Comment

by:icecom4
ID: 41783976
I don't really know how uverse is able to stop traffic, but they do.  I opened up all the TCP and UDP ports I need and then later it always stops working, makes me put in DMZ.  This has happened to me with a web, ftp, and gameserver.  I dont know what technology is behind it, perhaps they do this for liability reasons to protect my home network and their equipment, DVR...etc.  

I have a small firewall appliance, but it wants me to assign it an ip address and be on the same network.  In my case, I cant do this.  I was hoping to find something that protects at the physical layer, like maybe a switch that can block ftp and other open ports regardless of the network configuration.
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 41784018
> I opened up all the TCP and UDP ports I need and then later it always stops working,

better post a screenshot showing how you "opened up all the TCP and UDP ports"?
0
 

Author Comment

by:icecom4
ID: 41784205
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 9

Expert Comment

by:Christopher Jay Wolff
ID: 41784231
If Uverse RG is forcing into DMZ it sounds like in the past, that the Uverse RG had been set up to be in bridge mode for someone using router behind router, where all ports get forwarded from the Uverse RG to your personal router that you bought somewhere, that is behind the Uverse RG.  Are you using two routers?

The 22 minute video shows an example of setting up a bridge and getting forced into DMZ.  Please jump to 10:30 time in the video to verify if this is the screen you're referring to.
https://www.youtube.com/watch?v=LZy1C5qHxKc
0
 
LVL 5

Accepted Solution

by:
Gareth Tomlinson CISSP earned 500 total points
ID: 41784311
To get back to the original question, it is possible to deploy a hardware firewall in 2 ways;
traditional routed mode, where the web server has a different address and the firewall will NAT the IP address appropriately
transparent mode, where the web server can keep its address, and the firewall sits between it and the router and has no active IP address (apart from management).
You can still enforce traffic control and even application scanning on the transparent firewall.
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 41784609
do you mean the open ports do not work if you input a large range for ports instead of pointing a DMZ host?
0
 

Author Comment

by:icecom4
ID: 41784770
@ Bing, yes, even if I open up a wide range of ports including port 80 it still does not work, however it did initially and even when I changed nothing, somehow uverse blocked it....shrug.  unless there is a port I am unaware of that needs to be open.  Its a windows server running apache web server and OSQA.  

@ Gareth
which routers have transparent mode?  That might be a solution.  

@Chris
It's not being forced into DMZ, I placed it there to allow the web server to be accessible from outside.  I actually have that nighthawk router but I am using as a wireless AP.  I need both the wifi from uverse and the wifi from the nighthawk because I have a wireless camera system that refuses to work with the nighthawk, so I use uverse wifi only for cameras and everything else on my nighthawk.  However, this is tempting to completely move to the nighthawk.
0
 

Author Closing Comment

by:icecom4
ID: 41806695
thank you!
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now