G+_Benjamin Breüner Frost Posted February 5, 2015 Share Posted February 5, 2015 hey, if i want to run a server on one of my computers and port forwards it what is then the best way to secure it and make sure hackers can't get to the rest of my network if they hack the server? or would i be better of having it on another Internet connection? Link to comment Share on other sites More sharing options...
G+_Taylor Graham Posted February 5, 2015 Share Posted February 5, 2015 dmz. keep the server on a separate subnet/vlan, set up firewall rules. Link to comment Share on other sites More sharing options...
G+_Benjamin Breüner Frost Posted February 5, 2015 Author Share Posted February 5, 2015 is there an easy way to do that or do you know of any good guides on how to do it? Link to comment Share on other sites More sharing options...
G+_Taylor Graham Posted February 5, 2015 Share Posted February 5, 2015 Depends on what kind of hardware you're using. Have anything flashed with DDWRT? Padre did an episode at some point about his home network. He had vlans on vlans on vlans. That'd be a good episode to watch. Link to comment Share on other sites More sharing options...
G+_Ben Reese Posted February 5, 2015 Share Posted February 5, 2015 Yeah, but Padre is a bit crazy. Link to comment Share on other sites More sharing options...
G+_Eddie Foy Posted February 5, 2015 Share Posted February 5, 2015 Most routers in the last 10+ years offer a DMZ internal IP. The server should have a static (pointed at that DMZ IP addy), IP, netmask, gateway, etc. Link to comment Share on other sites More sharing options...
G+_Jason Perry Posted February 5, 2015 Share Posted February 5, 2015 As for the keeping hackers out Is to obsessively keep everything up to date. I make sure I update weekly but some people I talk to say it needs to be done daily. Past that close all ports except what you are using and only keep it open al long as you need it open. Another good idea is to restrice access to the region you want to let in. Hope that helps, Cheers Link to comment Share on other sites More sharing options...
G+_Eduardo Sanchez Posted February 5, 2015 Share Posted February 5, 2015 You could go nutso-crazy and build an OpenBSD router/firewall. http://www.bsdnow.tv/tutorials/openbsd-router Link to comment Share on other sites More sharing options...
G+_Ben Reese Posted February 6, 2015 Share Posted February 6, 2015 Really, I think port forwarding would be far more secure than DMZ. The risk comes when that server is compromised and it has access to other devices on your internal network. If you really want to keep your internal network secure, you have to segregate it to its own network. It really depends on how your network is setup, but the simplest way is to use the double NAT topography we typically try to avoid. The first router would get your public IP and have a connection to both your server and your second router. The second router would contain everything else you with to protect. Port forwarding on Router1 gives public access to your server, but the server won't have direct access to anything behind Router2. If you want the simplest setup, just turn on DMZ and point it to the static IP of your server. Link to comment Share on other sites More sharing options...
G+_Mike Hathaway Posted February 6, 2015 Share Posted February 6, 2015 Port forwarding is the best way to go. You are only giving one specific or a couple specific ports access. Then you just secure the service running on that port on the server. Link to comment Share on other sites More sharing options...
Recommended Posts