1. Home
  2. Networking Firewalls
  3. setup? 2-routers(Belkin & D-Link), Lan1(web serv), Lan2(secure ntwk)

setup? 2-routers(Belkin & D-Link), Lan1(web serv), Lan2(secure ntwk)

Desired configuration: I want to have a secure private network at the same time run a web server. I don't think it would be wise to have the web server on the same subnet as my private network. It seems if someone hacked into the web server they could hack into my private network.

Note: I am thinking I need to use seperate subnets for LAN1 and LAN2 for security.

Internet Router1 LAN1 Router2 LAN2

Internet: DSL dynamic Router1: Belkin 4-port cabel/DSL gateway router F5D5231-4 LAN1: web server Linux Router2: D-Link DI-524 AirPlus Wireless Router Switch LAN2: Trusted (I hope) private network with win2000 or Linux boxes

Objective:

  1. Keep LAN2 secure from hackers
  2. Use LAN1 only for the Linux Web server.
  3. LAN1 can't see LAN2.
  4. Users on LAN2 can use the web for browsing, email, ftp etc.
  5. All systems share one DSL connection (Internet)

Question: How do I configure these routers.

Thanks! db

Reply to
db
Loading thread data ...

A different way is to use Smoothwall on an old pc with (3) nic cards

1 - internet 2 - your network 3 - web server

db wrote:

Reply to
gene martinez

Yea, but a method that's easier and more stable is the dual NAT router method:

INTERNET

WAN ROUTER 1 Forwarding to LAN based on public services offered. LAN ROUTER 1 (192.168.10.1/24) | | WEB/Public Services | WAN ROUTER 2 (fixed IP in Router 1's LAN) LAN ROUTER 2 (192.168.11.1/24) Protected network with no forwarding

Reply to
Leythos

The option seems the best:

Questions:

I assume that ROUTER1 uses static IP assignments for the WEB/Public Services. But it's ok to let ROUTER2 use DHCP for the protected network?

Should I activate NAT at ROUTER1, 2, or both ?

Which ROUTER do I activate the Routers firewall? I think that ROUTER2 would have the firewall activated - correct?

Reply to
db

Neither router has to use DHCP, but you might as well enable it.

Any service you want to be able to find easily must always have a fixed IP - that means your web server should be at 192.168.10.10 as an example.

The WAN port of Router 2 should have a fixed IP of 192.168.10.2 as an example - this will enable you to forward from router 1 to router 2 with certainty if needed.

Both, the routers work to protect you by means of NAT, they are NOT really firewalls.

Neither router is a firewall, sure, there is some marketing hype about them being firewalls, but it's just marketing hype/BS.

Reply to
Leythos

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.