Hello,
I have a Livebox connection to the Internet and I have set up my network as follows:
- Livebox <--> Win2k8R2 Server
- Livebox <--> Netgear N150 Router
- Router <--> Other PC's
Therefore, in my LAN,
- the Livebox has IP address 192.168.1.1,
- the Router 192.168.1.12 (when accessed from the Livebox or the server),
- the Router 10.0.0.1 (when accessed from the PC's connected to the Router),
- the server 192.168.1.2,
- the PC's 10.0.0.x
I was using a previous configuration, which was as follows:
- Livebox <--> Netgear N150 Router
- Router <--> Win2k8R2 Server
- Router <--> Other PC's
Everything was simple, and I just had to forward all ports for incoming connection on the Livebox to the Router, and then forward the specific ports to the Server as needed (it must be however noted that any server I use is found on the Win2k8R2 server itself).
In this previous configuration, the IP addresses were as follows:
- Livebox 192.168.1.1
- Router 192.168.1.12 (when seen from Livebox)
- Router 10.0.0.1 (when seen from server & PC's connected to it)
- Server 10.0.0.2
- PC's 10.0.0.x
So now of course, my port-forwarding does not work anymore since the server is not connected (directly) to the Router.
What I would like to know is how do I configure the Livebox and Router to still have the features like before?
From what I understand of networks (which is very limited, btw), I see these options:
1. Make the router assign IP's like 192.168.1.x (but then I want the forwarding to be done from the router itself, is it possible?)
2. The forwarding on the router to the server uses IP address 10.0.0.2. I could change it to 192.168.1.2 (Is that even possible, does it work?)
3. Forward all ports from the Livebox itself to the server, and then manage them there (Is software-based port-forwarding as secure as hardware-based?)
Thanks in advance for taking the time to read this, and answering.
Yusuf
-
Your first two options are out because your router's LAN/NAT no longer applies to your server. Option 3 is what you want.
If the server is connected directly to the Livebox, all you have to do is setup port-forwarding rules to the server. Bang. You're done. Your router's port-forwarding rules no longer apply because the server is no longer on the LAN. The Livebox handles your port-forwarding to your server.
If you needed port-forwarding rules to ALSO work on your router and get to your PCs behind it, then you're looking at Double-NAT: http://serverfault.com/questions/121212/why-is-it-a-bad-idea-to-use-multiple-nat-layers-or-is-it which is not a big deal at all, and if the port-forwarding rules are minimal, not even a headache.
As for:
(Is software-based port-forwarding as secure as hardware-based?)
It's all "software-based" really. The port-forwarding/NAT rules on your Livebox are not in any way fundamentally different than those on your Netgear. Now your Livebox might have less OTHER security than your Netgear (does it have a SPI firewall? etc.), but that's another topic.
Yusuf : Thank you very much for this answer scraft; however, option 3 would mean directing all ports of the Livebox to the server and managing the filtering there; is that a good idea? Does it not make the network more vulnerable? Or is the filtering good enough in Win2k8R2?scraft3613 : Can't you just filter individual ports you need from the Livebox to the server? That way you only open up what ports you need. The only vulnerability (the open ports) would be the same vulnerability you were dealing with in your previous setup.Yusuf : There seems to be a limit to the number of ports you can open on the Livebox, whereas there does not seem to be this limit on the Netgear.Yusuf : huh, afterall it seems I was just trying to complicate things that were in fact very simple; I just had to use my router as an access point and forward the ports from the Livebox like you said. I forwarded ranges of ports instead of 1 by 1, so that solved the limit of the Livebox.. Thanks for your time and comprehensionscraft3613 : Glad to hear you got it solved, you're quite welcome.From scraft3613
0 comments:
Post a Comment