Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19
Firewalls vs routers
Results 1 to 3 of 3

Thread: Firewalls vs routers

  1. #1
    Senior Member
    Join Date
    Apr 2002
    Posts
    417

    Firewalls vs routers

    Hi,

    I have a winNT domain running at work on a LAN(this really isn't a windows Q). Some users bought a linksys router to isolate themselves from the rest of the network and block out certain ports. however the router issues internal ips to the machines and now they can't see the rest of the domain. I was wondering if hardware firewalls issue internal IP or can they just block out ports and still let the machines under it still use 'real' IP's?

    **If anyone knows why they can't see the domain, feel free to let me know.**

    I really don't want to use individual firewalls for each machine.

    thanx

  2. #2

    Re: Firewalls vs routers

    A hardware firewall will only dish out IPs if it has DHCP server capabilities. The reason you cannot see the boxes on his side of the router is that they are probably on a seperate subnet or are not passing SMB traffic properly. Before throwing firewalls and routers on the network, you should really have a good understanding of how they work and how they will effect your overall domain structure. Sticking a plug-and-play router onto a corporate LAN and expecting it to work will only cause frustration and headaches. I think what you need to do is strip the router of all its extra capabilities. Turn off NAT, turn off DHCP, then create a seperate subnet for those users on the other side of the router and update all your LAN's routing tables so that those routers know how to get traffic to that side of the domain. Then, only after all traffic is running and your routing works right (you can ping all parts of the lan), build an access control list on the router as to what type of traffic you want to block, incoming as well as outgoing.

    If your talking of a shelf-bought lynksys router, you should probably get rid of it, then build a router from linux and block ports with iptables, or get router that allows you to build a good access control list).

  3. #3
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760

    Re: Firewalls vs routers


    Hi,

    *I have a winNT domain running at work on a LAN(this really isn't a windows Q). *Some users bought a linksys router to isolate themselves from the rest of the network and block out certain ports. *however the router issues internal ips to the machines and now they can't see the rest of the domain. *I was wondering if hardware firewalls issue internal IP or can they just block out ports and still let the machines under it still use 'real' IP's?

    **If anyone knows why they can't see the domain, feel free to let me know.**

    I really don't want to use individual firewalls for each machine.

    thanx
    You probably dont have all of the networking settings right. For a LAN to talk to each other (espcially in windows) you first off need to be on the same subnet. If you are all using routers to isolate different groups, you are essentially subnetting your LAN up.

    In this case, what you want to do is something similar to this:

    For your lan issue out IP's to the routers in a range like 192.168.0.0/16 and for each router increment the first zero for the internal IP's. If you ahve the PC's setup with the gateway being the router, you will be able to talk to 'outside' or other subnets.

    This situation you descibe is rather ... odd. If you want the best network security, subnet each department and the servers on each their own subnet. And have a gateway of some sort connect them together. One linksys can handle that.

    Subnet --\
    Subnet -- Gateway -> Internet/VPN
    Subnet --/

    Email me if you have any further questions at andrew.schott@amerivoice.com

    I do this crap for a living

Similar Threads

  1. A Tale of Two Routers
    By GhostDawg in forum Linux - Hardware, Networking & Security
    Replies: 2
    Last Post: 06-06-2006, 06:58 AM
  2. Connecting Two Wireless Routers
    By stryder144 in forum Linux - Hardware, Networking & Security
    Replies: 4
    Last Post: 04-10-2006, 09:21 PM
  3. A Tale of 2 Wireless Routers
    By coltrane in forum General Chat
    Replies: 5
    Last Post: 10-21-2005, 12:10 PM
  4. Firewalls
    By imported_n00b in forum Linux - Software, Applications & Programming
    Replies: 2
    Last Post: 10-10-2004, 04:21 AM
  5. firewalls
    By gorn in forum General Chat
    Replies: 6
    Last Post: 05-31-2004, 10:26 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •