I am behind a router that is of course firewalled. Internally, in order to see my server and the web pages hosted I have had to add the server IP and alias's www, ftp... to each host file in the various cp's throughout the house. The problem I have encountered here is that my sites appear to be working fine for me but they could be totally unavailable to the world outside my network. In the process of fixing an ftp problem in another thread I think I may have learned something new! It seems I can set up a computer, assign it an internal IP, and then put it in the DMZ? Is this correct? and are there any security issues regarding this DMZ computer and my internal network? e.g. once they are in through the DMZ cp, snooping around and being able to jump onto a cp in my firewalled network. Also, can you use a wild card (*) to cover all alias's in a host file? e.g. 192.168.2.5 *.domain.tld (and this would cover www and ftp)
I would say yes. Afaik most dsl routers only allow to make one IP like a DMZ meaning forwarding the wanted stuff directyl to it. But if you do not have the ability to give that dmz machine another ip from another subnet than your "normal" lan has, the "hacked" DMZ machine can be used to attack the rest of your lan. If the router does not only switch internal packets and also inspect them you could have the possiblity to set firewall rules internally but I think the normal dsl routers won't do that. A real DMZ in my eyes is something between two FWs to splitt the DMZ stuff from the rest of the lan....
I tried... wildcard wouldn't work. It's really only a pain in th2 Windows cps running in the house because you have to manually edit the files. Yast for Windows would be a good thing!
I looked in the router set up and I did not sdee where I could set up another subnet... the set up right now is cable modem to lan router (cabled). my cable modem has extra ports... I will have to check and see if there is a way I can run the test machine direct from it. there is a place for additional static IPs on the lan router... maybe my ISP has an extra IP floating around they'll give me... Thanks for the info!
Instead of editing the hosts file you could set up an internal DNS server and make your systems in your LAN use this DNS server.
lol... I'm afraid to even start the external DNS server for fear of breaking something! Interesting theory though... any HowTos on internal DNS?
You could set up a MyDNS name server: http://www.howtoforge.com/mydns_name_server It's easier to set up and manage than BIND.
I looked through this howto... I didn't see where this would help me set one of my boxes outside my network. Did I miss something? I spoke with my ISP Support the other day and they indicated that I could possibly connect my server (or another box) directly to their modem and use the "useable" IP. When I tried to get a better answer from them they said they did not support network issues. Hopefully you or someone else will see this and can explain it to me. This is what I have as a overall setup: Static IP which includes a Network IP, Gateway IP, Useable IP, and a Broadcast IP. ISP router is an Advent My router is a Belkin F5D7230-4 1 Server box 3 desktops - 2 XP Home and 1 Linux What I want to do is get one of the boxes outside my home network so that when I open one of my web sites via a browser it will do it just as any other computer out there would (and not through my home network via host files). If I understand my ISP support correctly I think they are telling me I could assign the "Useable IP" to one of the boxes and hook it directly to their Advent router in stead of through my Belkin router. Again, hopefully someone that has some solid network knowledge can point me in the right direction.
You can set up a MyDNS server inside your network (for your local workstations) so that that the domains that are on your local web server can be resolved locally. Does this mean you have two public IP addresses and two routers?
Good question! When I had the static setup I supposedly only recieved 1 static IP. In the paperwork there are 4 listed... Network 24.172.189.148 which is the one I use for IP forwarding of my domains Gateway ...149 Useable ...150 Broadcast ...151 The ISP support guy stated I could also use the "first available address" and when I asked him if that was the Useable he said yes but would not get into specifics. I know what Network, Gateway, and Broadcast are for but I have always wondered about the Useable. Any internet info I found on it always referred to an internal class c type network and not class a. As far as routers... my service is cable and the ISP "router" (Advent) is basically a broadband box but it can also serve as a router. When installed it they did say the Belkin was the more secure router so I have a patch cable from the ISP router to my Belkin to the server and other 3 desktops. I was not given any interface ability with the Advent router either.
Interesting site and tool but I am not sure it will help, or you are overestimating my knowledge and ability. I did finally realize I could use the other box I have set up using the Useable IP and use just one of my websites to test the theory. That way I won't interrupt service to the other 2 sites. I'll let you know what happens.
I guess .150 is the IP address you can use, .148 is just the network address, so you cannot use it for hosting purposes.
.148 is the address my server is operating from... each domain I have is pointed to that address. Now for .150... I connected the other server I have to the ISP router and left the local network IP on it and could not access the internet. I then went in and changed the IP to the .150 address (Useable address from the ISP) and then it would access the internet. The pages for The Fractal Farm are already loaded in that server so I went out to where my domains are and changed the IP address to the .150 address and I am waiting to see what happens.
It worked! But the same problem still exists... I can't access my page real-time. It most likely has to do with the fact that the ISP router is in-line with my Belkin. All I know for sure is this network stuff can be a headache sometimes! Good to know that I have an extra IP address though! I guess I am going to have to resolve to the worse case scenario of a box with dial-up on it...
