Web server connectivity question. - Connectivity

This is a discussion on Web server connectivity question. - Connectivity ; Hi. What's the best way to connect a web server while keeping the local LAN safe? Is it to remove the server from the network altogether or is there a better way? Thanks....

+ Reply to Thread
Results 1 to 5 of 5

Thread: Web server connectivity question.

  1. Web server connectivity question.

    Hi. What's the best way to connect a web server while keeping the local
    LAN safe? Is it to remove the server from the network altogether or is there
    a better way? Thanks.



  2. Re: Web server connectivity question.

    Normally you would put a good firewall/router between the ISP WAN side of
    the network and you internal LAN, then open up which ever ports are needed
    on the firewall/router. i.e. port 80 for web traffic.


    "jumpman" wrote in message
    news:e4WdneDHBPF8yN3eRVnyvA@pipex.net...
    > Hi. What's the best way to connect a web server while keeping the local
    > LAN safe? Is it to remove the server from the network altogether or is
    > there
    > a better way? Thanks.
    >




  3. Re: Web server connectivity question.

    jumpman ha scritto:
    > Hi. What's the best way to connect a web server while keeping the local
    > LAN safe? Is it to remove the server from the network altogether or is there
    > a better way? Thanks.
    >
    >
    >

    I think the way is to set up a DMZ port on you router/firewall/linux box.
    By setting up a DMZ you can communicate from your LAN to the server but
    internet surfers can't access to your LAN.

    Enrico


  4. Re: Web server connectivity question.

    Adding a PC to the router's DMZ makes ALL its port exposed to the
    internet! (Like removing the firewall completely.)


  5. Re: Web server connectivity question.

    Good practice would be to segment your network. Use another
    router/firewall. Place the router on your lan and connect the webserver
    behind this router/firewall. Make sure not to place this new device in
    front of your switch or all devices will have to make this hop.
    Configure the device to accept only port 80. You will have to forward
    port 80 from your router to the webserver router. This way only port 80
    will be able to get through the second router (inbound,outbound)
    keeping all other traffic seperate from your lan.

    Depending on the type of router you have you could turn of the NAT
    feature and enable bridging. This will allow you to set a public ip on
    any device plugged in to the router. You would then need a firewall
    between the webserver and your router and then another router to
    connect to your main router to service your LAN requests. You will need
    2 public IP's to perform this way.

    psg


+ Reply to Thread