shanenin Posted May 14, 2005 Report Share Posted May 14, 2005 I have an extra computer I would like to set up a web server. I am doing this purely as a learning experience. I currently have 4 computers on my home network, one windows and three linux. these computers are running without software firewalls, but the are all firewalled with my linksys wrt54g router, it uses stateful packet inspection. All of these computers are freely exposed to each other using insecure services like windows file sharing, and nfs(unix file sharing). I say insecure, because permissions are set so all computers on the local network have access to each other.I would like to add a fith computer, which will contain my webserver, I am worried this will comprimise my home network. What, if any, would be the safest way to add this computer without causeing my home network insecurity. Quote Link to post Share on other sites
iccaros Posted May 14, 2005 Report Share Posted May 14, 2005 (edited) is this to be an outside web server.. if so it should not be a problem.. create a DMZ on the router and two vlans. one for your computers and one for the websers. the web server will reside in the DMZ vlan. for the DMZ you port forward port 80 to the web sever so your outside address of the router is now your webserver address. I'm sure you have Samba and NFS to only allow clients from its subnet correct?I don't have this router but by its specs should do 5 vlans. Changes since version 1.1.1 follow:Linksys- A Division of Cisco System, Inc.Firmware Date : June 2nd 2004Current Firmware : Version 1.1.4Product Part No : RV082----------------------RV082 Firmware Revision Historyv1.1.4 2004/06/021. In [service management] setting, allow users to define port range overlapped with well-known ports in list.2. In Dual WAN mode, allow users to connect WAN1 and WAN2 to the same remote gateway, even if to the same physical address.3. In Dual WAN mode, solve the problem that failed to install DNS server in LAN.4. Solve the IPSec client-to-gateway handling problem occurs in v1.1.35. Solve the Remote management problem that failed to use port 8080 occurred in v1.1.3 and v1.1.3.1v1.1.3.1 2004/05/251. This version is only for test purpose. It attempts to solve the DNS problem in Argentina.v1.1.3 2004/05/211. Fixed a fatal DNS handling bug occurs in v1.1.2.This bug made DNS related functions, such as IPSec DNS Resolved, DNSName Lookup and DNS proxy, worked abnormally.v1.1.2 2004/05/191. Solved the IPSec problem that tunnel connected but failed to transfer data.2. Enlarge the maximum NAT concurrent sessions to 20000.3. Using the cramfs file system to enlarge the system memory.4. Solved the problem that the WAN interface goes up and down unexpectedly when heavy loaded.5. Modified DNS module in order to solve a DNS problem occurred when connects to specific Name Server.6. Support the Transparent Bridge mode.Purpose: Installing RV082 dose not need to change legacy network settings.7. Allow users to specify DMZ port as an IP addresses range.8. Support the Network Service Detection functionality.Purpose: It detects the connectivity between Router and specified host.It will log messages or remove connection when connection dropped.9. Support the Protocol Binding functionality. It allows users to specify IP or/and service passing through the specified WAN port.10. Remove the Bandwidth Threshold options. Because it got hard to understand when it working together with the Protocol Binding.11. Support the VLAN setting. The stations on the different VLAN group can not communicate with each other.For example: port1~4 set VLAN group as VLAN1, and port5~8 set as VLAN2. The port 1~4 users can access internet and communicate each other, but they can not communicate with port 5~8 users.12. On [Firewall -> General] page, added Restrict Web Features options to block Java/Cookies/ActiveX/…etc,.13. On [Firewall -> Content Filter] page, added Website Blocking by Keywords options.14. Support the DNS Resolved functionality. It allows users to specify the IPSec Remote Security Gateway IP as a DDNS nameDMZ how-tohttp://firewalling.com/linksys/wrt54g-DMZ.htmin the end it would look like this as an exmplesay your outside address was 4.4.4.4then you have yoru computers on vlan 1 192.168.1.0/24and your webserver on vlan2192.168.2.0/31this will give you only one useable address on this subnetas the address will look like thisnetwork from to broadcast192.168.2.0 192.168.2.0 192.168.2.1 192.168.2.1since you only have a network and broadcast address . you only have one useable address. this makes it hard for people to spoof the subnetalso you can load linux on that router and get more functions.http://soapbox.bartsplace.net/article.php/20050203220950714 Edited May 14, 2005 by iccaros Quote Link to post Share on other sites
shanenin Posted May 14, 2005 Author Report Share Posted May 14, 2005 is this to be an outside web serveryupcreate a DMZ on the router and two vlansI am not sure what a vlans is, is this like a 192.168.1, and 192.168.2 : are those seperate vlans? When looking at the dmz feature on my router, it only seemed to allow me to set my dmz computer on the same newtwork. Something just came to me. To get everything on seperated subnets(are 192.168.1 and 192.168.2 different subnets?), will I need to disable dhcp on my router and assign all of my computers manually? Quote Link to post Share on other sites
iccaros Posted May 14, 2005 Report Share Posted May 14, 2005 sorry I forgot to submit my edit.. it has sites to who you how to set it up.also I am not sure about dhcp and vlans with linksys I use monowall (BSD) and it lets me run several diffrent DHCP on diffrent vlans. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.