Server behind router

Discussion in 'other software & services' started by operafox, Dec 11, 2006.

Thread Status:
Not open for further replies.
  1. operafox

    operafox Registered Member

    Joined:
    Feb 21, 2005
    Posts:
    24
    Hi everybody, I'd like to set up a theoretcical tcp/ip network.

    If I use the adress attributed to me by my provider to designate my router, and I want to place some servers behind the router, what adress-type should I give those servers?

    Do I have to subnet-divide the public router's adress, or can I use private adressing blocks? For instance, the workstations on the behind-the-router LAN may be ip 10.0.0.1, 10.0.0.2, and so on. These adresses are not routable over the net, they're only useful on a lan.

    How to make sure that my router will forward incoming traffic to the servers if these have also private adresses? Or is it impossible to do so, and then the only way to succeed would be for the servers to use a subnetted ip deriving directly from the router's public ip?

    The servers I'd like to consider are company servers such as FTP, SMPT, POP, and also VPN so as to make sure laptops from employees will be able to securely connect to the LAN from the Internet.

    Thanks for help, sorry if the question is not very clear. Please let me know in both cases.

    Cheers
     
  2. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    Since you talk about servers, it might be too complex to cover here.
    A router is able to forward network packets to a server by port forwarding, this does mean that the server is visible to anyone on the internet through that port.
    I guess that you could assign different ports to different servers.

    You give the servers a private IP address (10.x.x.x) and you tell the router to forward anything that uses a certain port (5432, for example) to the private address 10.x.x.x.
    In case your IP assigns a dynamic IP to your account, you could setup dynamic DNS.

    This setup is not very secure, I suggest that you do some research for Private Virtual Networks.
    It's also possible to connect to a server behind a router with software like Hamachi, logmein and other remote access solutions.
    These solutions don't require router modifications and are for that reason more safe.

    This subject is so complex and detailed, I didn't cover much, but gave you some hints...
    I hope it helps.
     
  3. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    you could setup a DMZ for your servers
     
  4. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    Only for one server, though.
     
  5. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    Well, I could say that if you're intending to set up company servers you have no business doing so if you don't have a thorough understanding of networking (it seems that you do not). Rather than that, though, I will suggest that you start with the servers themselves - what operating systems do they run, what networking facilities do they provide, etc., etc...?

    Once you know all of the details, consider carefully what networking needs you have for your users, what OSs the client computers will run, how they will (be able to) connect, what they will need to achieve, etc., etc...?

    What about security? Are you aware of the issues/dangers with opening up, say, TCP ports 21, 80 and so on? How are you going to deal with these issues, and protect your network against these dangers? Why host your own FTP server, when ISPs are much better placed, and much better protected, to do this?

    What about the mail server you seem to be considering hosting? What mail server software will you be using? Is POP3 even to be considered at all in this? If you are planning to implement an SMTP server, are you aware of the problems you will have hosting this on a dynamic IP address? What about your (public) DNS records: A, MX, PTR, SPF, etc? What about anti-spam protection (you're going to need it).

    I respectfully suggest that questions about how to forward traffic through your router is the least of your concerns. Be very careful even considering using a domestic-grade router to protect company servers.

    If you are looking to host your own company servers I suggest you seek professional assistance.
     
  6. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    And my response is entirely theoretical, as well. :D
    Whatever you wish.

    No.

    And they would work fine in your LAN. The router will translate packets inbound and outbound between LAN and WAN, no matter if you use 10.x.x.x--that's what a router does. ;)

    If your router is working correctly, you should not have this problem. You should not have to use a subnet based on the router's WAN facing address.

    Then you will need to research the abilities and capabilities of the router you select, as well as the general layout and topology of the network you're working on.

    You would do well to consult a professional if this involves a business, in order to make informed decisions, should you not feel comfortable making them on your own. ;)

    From the nature of your questions, I would strongly advise this course of action.

    Good luck! :)
     
  7. operafox

    operafox Registered Member

    Joined:
    Feb 21, 2005
    Posts:
    24
    Thanks for the answers, guys. I appreciate the advices.

    Any suggestions as to what available literature to read to understand all this stuff better?

    Cheers
     
  8. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,331
    Location:
    West Yorkshire, UK
    I use port forwarding, as DMZ leaves your server totally un-firewalled and un-nated and not even any SPI (like) protection or ddos (or common attack) protection that your router might offer, atleast with port forwarding, your only unprotecting a limited range of ports.
     
  9. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    Well, I presume you have particular server OSs and software in mind. If you tell us what these are, and what you are planning to achieve, we might be in a better position to suggest.
     
  10. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
Loading...
Thread Status:
Not open for further replies.