Just Some Questions

[iphonogasm]

Hi, i have a few questions regarding my server 2008.

 

I have just installed windows server 2008 and am playing around with some stuff, Very Fun

Just installed IIS and found how to host my own site. I have a question on VPN and pinging internal hosts but another

 

topic is already posted and am getting help on that, so, Ill shoot!

 

My questions are as follows

 

1. I setup a FTP server, but cannot connect. I port forwarded port 21 (FTP) to 192.168.1.2 which is my server. Still

 

cant connect to it via a web browser from a remote location. Any ideas on what this could be?

 

2. For enabling the IIS web server and FTP and also PVN, ive had to port forward 3 ports, 1723, 21, and 80, I though

 

poort forwarding was dangerous? is this the right way?

 

Im sure ive forgotten something!

 

Random question, on my SMC Barrigade G router, it only allows like 10 ports to be forwarded, then says "maximum entries

 

exceeded". any idea on how this can be resolved?

 

I would be most greatful for answers on the above,

 

Thanks!!

[ICTCity]

Hi,

 

From a remote location, when you type your PUBLIC IP ADDRESS, what is the error message? For example: ftp://my_public_ip_or_domain/

 

Yes, port forwarding is dangerous, in fact you should put FTP and HTTP server (external services) on a DMZ!

 

Regarding the message of your router, there's nothing you can do I think... it is a limitation.

[iphonogasm]

ok thanks could you please roughly explain what a DMZ is?

 

for the FTP i got it working, i had to asssign users to it so they could login

 

Thanks mate!

[ICTCity]

DMZ (demilitarized zone) is usually created on your network firewall, it isn't on the internet but it isn't on your LAN. Usually here you put all those services which need to be reached from the internet (web server, ftp server, ...). This is the best way for security because once somebody is on a DMZ, he / she can't go to your LAN, actually he / she can't see your LAN because of your firewall is blocking the DMZ.

 

Now, there are some drawbacks, for example if your website must be connected to a database and this database must be used by internal (LAN) users too, you may ask: "hey, should I put the DB on my DMZ or on my LAN"? Actually the best answer is: put your DB on your LAN and through the firewall, create a channel to make a communication from DB and DMZ. I know some people which say that this is not the best solution because of you could exploit that channel to gain access to the DB. For me, it's harder to gain access to the LAN from DMZ instead of having the DB on DMZ.

 

Same story for exchange (mail server).

 

If you need more explanations, feel free to ask :)

[iphonogasm]

ok so i just enabled DMZ, put the local IP of my SERVER in, removed all port forwarding and all is working fine!!

 

Another question regarding DMZ, i have a DVR i connect to remotely, and used to have to port forward to open the ports for remote viewing. So im guessing now all i need to do (some how and this is the part im not sure how to do) is setup the port forwarding of the specific port to the correct local IP.

 

For example, in the application i use to connect to my cameras, i will put my remote IP assigned by my ISP.

 

Then it will connect to the SERVER (192.168.1.2) as DMZ is forwarding all connections to the server.

 

Then, somehow i need to forward port 8016 to 192.168.1.100 which is the DVR from the server.

 

so

 

xxx.xx.xxx.xxx >> 192.168.1.2 via 8016 >> 192.168.1.100..

 

My question is how can i forward ports in my server. Is this a feature or role in server 2008 or would this be routing?

 

Thanks for any help in advance!!

 

Thanks!!

[ICTCity]

I'm not sure I'm understanding right...

 

You want to see the image from your camera from remote? Usually you can connect via specific software and then, it is able to show you your camera, if not, I think you may have to ROUTE (routing) your traffic using specific port.

[iphonogasm]

I'm not sure I'm understanding right...

 

You want to see the image from your camera from remote? Usually you can connect via specific software and then, it is able to show you your camera, if not, I think you may have to ROUTE (routing) your traffic using specific port.

 

basicly i want to run all my port forwarding through my server!

 

not through the router. DMZ is setup on the router.

 

this is for security reasons

 

Thanks

[ICTCity]

well, this is useless because you need to redirect all the traffic from the internet to your server and something must do this task. Actually a DMZ is on a firewall (regardless if what you have is a router, DMZ is managed by firewall only!).

 

You can redirect all the traffic coming from internet to your DMZ where you have a server which ROUTE traffic in a DMZ, but to do this, you need to have at least 2 NICs on your server.

 

Maybe I'm completely wrong... let me know...

[iphonogasm]

Basicly im trying to come up with the safest and most secure option. And i thought port forwarding was a huge security risk? I currently have about 10 ports forwardes

 

21 FTP

1723 VPN

80 Webserver

2843 (or whatever) RDP

xxxx DVR 1

xxxx DVR2

 

Thanks

[ICTCity]

Put ftp and webserver on DMZ let the others with port forward