Re: DMZ / Firewall question

Thanks for the reply
It's a Netgear FVX318. We want a PC connected to it's DMZ port so we can
upload files to it from the LAN PCs and so that external customers can
access those files..
Mike


"Chuck" <none@xxxxxxxxxxx> wrote in message
news:483e02dpvrco33t7jv9nldbprrau6me3l9@xxxxxxxxxx
On Thu, 2 Mar 2006 09:00:28 -0000, "Mike Lloyd-Jones" <mike@xxxxxxxxxxx>
wrote:

Hi
Not strictly related to XP, but maybe someone can help ?

Have a Netgear DSL modem/router with a DMZ port.
LAN side of the router has a number of XP PCs.
We want to connect a PC to the router so it is publicly accessible to the
Internet for customers to download files.

Guess we have 2 options:

1) Port forwarding to allow FTP or whatever through, directed to that PC.
Problem here is that since the PC is still connected to the LAN this opens
up a potential security risk to the rest of the network

You are correct. NAT routers are great security when all that you do is
surf
the Internet. When you need to run an Internet server from a NAT router
LAN,
you have to open a hole in the router, and this will indeed expose your
LAN.

2) Connect the PC to the DMZ port on the router. This keeps it secure, but
we still need to be able to copy files to this from the LAN side (for
customers to download). Can a route generally be configured from the LAN
to
the DMZ which is "one-way" so that we can copy files up to DMZ computer
but
no access the other way?

On most NAT routers (and here the model of the Netgear might be useful)
the
"DMZ" is really just a virtual server port, protected by the firewall
components
(if your router has any such), and connected openly to the rest of the
LAN. No
routing or firewall rules are necessary, or are possible.

In most domestic DSL LANs, you will find it best to host any server
offsite.
# Security, as noted above, is not easily done with a typical DSL modem /
router.
# Asynchronous DSL, which is what most DSL is, provides for most bandwidth
to
support surfing of the Internet (downward bandwidth). What little
bandwidth in
the other direction (upward) is generally taken up by surfing, and if any
surfing is going on the upward bandwidth (which is what your customers
will
depend upon for their downloads) is unlikely to be available in any
reliable
amount.
# Some DSL services explicitly prohibit servers for this reason.

In short, you can connect a server to your modem / router. Depending upon
the
model, you may or may not be able to do this without exposing your LAN.

--
Cheers,
Chuck, MS-MVP [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.


.

Relevant Pages

  • Re: DMZ / Firewall question
    ... Have a Netgear DSL modem/router with a DMZ port. ... LAN side of the router has a number of XP PCs. ...
    (microsoft.public.windowsxp.network_web)
  • Re: DMZ / Firewall question
    ... Have a Netgear DSL modem/router with a DMZ port. ... LAN side of the router has a number of XP PCs. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Firewall and DMZ topology
    ... After seeing this topic go on for some time why not have a router with 2 ... The other would have your firewall and then DMZ. ... traffic with a source add from the DMZ going to a dest of your LAN. ... >Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ...
    (Security-Basics)
  • Re: DMZ / Firewall question
    ... Have a Netgear DSL modem/router with a DMZ port. ... LAN side of the router has a number of XP PCs. ... In most domestic DSL LANs, you will find it best to host any server offsite. ...
    (microsoft.public.windowsxp.network_web)
  • Re: DMZ / Firewall question
    ... In most cases, a router is one-way, so that you should be able to access the DMZ pc from the LAN. ... Have a Netgear DSL modem/router with a DMZ port. ...
    (microsoft.public.windowsxp.network_web)