iphonogasm Posted June 29, 2011 Posted June 29, 2011 Hi, i have a few questions regarding my server 2008. I have just installed windows server 2008 and am playing around with some stuff, Very Fun Just installed IIS and found how to host my own site. I have a question on VPN and pinging internal hosts but another topic is already posted and am getting help on that, so, Ill shoot! My questions are as follows 1. I setup a FTP server, but cannot connect. I port forwarded port 21 (FTP) to 192.168.1.2 which is my server. Still cant connect to it via a web browser from a remote location. Any ideas on what this could be? 2. For enabling the IIS web server and FTP and also PVN, ive had to port forward 3 ports, 1723, 21, and 80, I though poort forwarding was dangerous? is this the right way? Im sure ive forgotten something! Random question, on my SMC Barrigade G router, it only allows like 10 ports to be forwarded, then says "maximum entries exceeded". any idea on how this can be resolved? I would be most greatful for answers on the above, Thanks!! Quote
ICTCity Posted June 30, 2011 Posted June 30, 2011 Hi, From a remote location, when you type your PUBLIC IP ADDRESS, what is the error message? For example: ftp://my_public_ip_or_domain/ Yes, port forwarding is dangerous, in fact you should put FTP and HTTP server (external services) on a DMZ! Regarding the message of your router, there's nothing you can do I think... it is a limitation. Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
iphonogasm Posted June 30, 2011 Author Posted June 30, 2011 ok thanks could you please roughly explain what a DMZ is? for the FTP i got it working, i had to asssign users to it so they could login Thanks mate! Quote
ICTCity Posted July 1, 2011 Posted July 1, 2011 DMZ (demilitarized zone) is usually created on your network firewall, it isn't on the internet but it isn't on your LAN. Usually here you put all those services which need to be reached from the internet (web server, ftp server, ...). This is the best way for security because once somebody is on a DMZ, he / she can't go to your LAN, actually he / she can't see your LAN because of your firewall is blocking the DMZ. Now, there are some drawbacks, for example if your website must be connected to a database and this database must be used by internal (LAN) users too, you may ask: "hey, should I put the DB on my DMZ or on my LAN"? Actually the best answer is: put your DB on your LAN and through the firewall, create a channel to make a communication from DB and DMZ. I know some people which say that this is not the best solution because of you could exploit that channel to gain access to the DB. For me, it's harder to gain access to the LAN from DMZ instead of having the DB on DMZ. Same story for exchange (mail server). If you need more explanations, feel free to ask :) Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
iphonogasm Posted July 1, 2011 Author Posted July 1, 2011 ok so i just enabled DMZ, put the local IP of my SERVER in, removed all port forwarding and all is working fine!! Another question regarding DMZ, i have a DVR i connect to remotely, and used to have to port forward to open the ports for remote viewing. So im guessing now all i need to do (some how and this is the part im not sure how to do) is setup the port forwarding of the specific port to the correct local IP. For example, in the application i use to connect to my cameras, i will put my remote IP assigned by my ISP. Then it will connect to the SERVER (192.168.1.2) as DMZ is forwarding all connections to the server. Then, somehow i need to forward port 8016 to 192.168.1.100 which is the DVR from the server. so xxx.xx.xxx.xxx >> 192.168.1.2 via 8016 >> 192.168.1.100.. My question is how can i forward ports in my server. Is this a feature or role in server 2008 or would this be routing? Thanks for any help in advance!! Thanks!! Quote
ICTCity Posted July 1, 2011 Posted July 1, 2011 I'm not sure I'm understanding right... You want to see the image from your camera from remote? Usually you can connect via specific software and then, it is able to show you your camera, if not, I think you may have to ROUTE (routing) your traffic using specific port. Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
iphonogasm Posted July 1, 2011 Author Posted July 1, 2011 I'm not sure I'm understanding right... You want to see the image from your camera from remote? Usually you can connect via specific software and then, it is able to show you your camera, if not, I think you may have to ROUTE (routing) your traffic using specific port. basicly i want to run all my port forwarding through my server! not through the router. DMZ is setup on the router. this is for security reasons Thanks Quote
ICTCity Posted July 1, 2011 Posted July 1, 2011 well, this is useless because you need to redirect all the traffic from the internet to your server and something must do this task. Actually a DMZ is on a firewall (regardless if what you have is a router, DMZ is managed by firewall only!). You can redirect all the traffic coming from internet to your DMZ where you have a server which ROUTE traffic in a DMZ, but to do this, you need to have at least 2 NICs on your server. Maybe I'm completely wrong... let me know... Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
iphonogasm Posted July 5, 2011 Author Posted July 5, 2011 Basicly im trying to come up with the safest and most secure option. And i thought port forwarding was a huge security risk? I currently have about 10 ports forwardes 21 FTP 1723 VPN 80 Webserver 2843 (or whatever) RDP xxxx DVR 1 xxxx DVR2 Thanks Quote
ICTCity Posted July 5, 2011 Posted July 5, 2011 Put ftp and webserver on DMZ let the others with port forward Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.