Linksys Router DMZ / web server question - Routers

This is a discussion on Linksys Router DMZ / web server question - Routers ; I have setup a Linux PC I want to use as a web server. I installed Apache and everything seems to be working inside my network; E.G. all systems are in 192.168.1.X segment. But to really get it on the ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: Linksys Router DMZ / web server question

  1. Linksys Router DMZ / web server question

    I have setup a Linux PC I want to use as a web server. I installed Apache
    and everything seems to be working inside my network; E.G. all systems
    are in 192.168.1.X segment.

    But to really get it on the internet I need to get it outside my router so
    in can see incoming requests. I went to my router and set 192.168.1.102
    in the DMZ zone. As I understand it this should put it outside the firewall
    the router has.
    But since it still has the same IP address, 192..., I don't think it's
    working.
    Will DMZ allow me to put a PC on the internet or do I have to physically
    move it off the router. And if I do this won't my ISP try to charge me more
    it I need two IP addresses since it looks like a NAT address will not work
    for what I want to do.

    thanks, Ed


  2. Re: Linksys Router DMZ / web server question

    Ed in Calif wrote:
    > I have setup a Linux PC I want to use as a web server. I installed Apache
    > and everything seems to be working inside my network; E.G. all systems
    > are in 192.168.1.X segment.
    >
    > But to really get it on the internet I need to get it outside my router so
    > in can see incoming requests. I went to my router and set 192.168.1.102
    > in the DMZ zone. As I understand it this should put it outside the firewall
    > the router has.


    You should be using the "port forwarding" feature (not DMZ) and limiting
    your linux server's exposure to "only" http access.

    Setup correctly, only inbound requests to the ports you specify (e.g.:
    tcp port 80) would be forwarded to your linux server.

    An additional IP address would not be required in such an
    implementation. However, you will likely be violating your ISP's service
    agreement as "most" specify you are not allowed to run servers from a
    residential service.

    I believe the DMZ feature exposes your server to to many more ports and
    would not be desirable.

    Admittedly, I have not read up on the DMZ feature of most of the
    low-dollar routers. Refer to the manual.

    > But since it still has the same IP address, 192..., I don't think it's
    > working.
    > Will DMZ allow me to put a PC on the internet or do I have to physically
    > move it off the router. And if I do this won't my ISP try to charge me more
    > it I need two IP addresses since it looks like a NAT address will not work
    > for what I want to do.
    >
    > thanks, Ed
    >


    Best Regards,
    News Reader

  3. Re: Linksys Router DMZ / web server question


    It looks like from the manual these ports are always open
    to all connections to the router - the internet needs them to work.

    7 (Echo), 21 (FTP), 23 (TELNET), 25 (SMTP), 53 (DNS), 79 (finger), 80
    (HTTP), 110 (POP3)
    119 (NNTP), 161 (SNMP), 162 (SNMP Trap)

    I guess I could port forward all ports to the Linux server but I think it
    having a NAT address
    is still a problem.

    thanks, Ed


    "News Reader" wrote in message
    news:UEPRj.56358$612.49982@read1.cgocable.net...
    > Ed in Calif wrote:
    >> I have setup a Linux PC I want to use as a web server. I installed Apache
    >> and everything seems to be working inside my network; E.G. all systems
    >> are in 192.168.1.X segment.
    >>
    >> But to really get it on the internet I need to get it outside my router
    >> so
    >> in can see incoming requests. I went to my router and set 192.168.1.102
    >> in the DMZ zone. As I understand it this should put it outside the
    >> firewall
    >> the router has.

    >
    > You should be using the "port forwarding" feature (not DMZ) and limiting
    > your linux server's exposure to "only" http access.
    >
    > Setup correctly, only inbound requests to the ports you specify (e.g.: tcp
    > port 80) would be forwarded to your linux server.
    >
    > An additional IP address would not be required in such an implementation.
    > However, you will likely be violating your ISP's service agreement as
    > "most" specify you are not allowed to run servers from a residential
    > service.
    >
    > I believe the DMZ feature exposes your server to to many more ports and
    > would not be desirable.
    >
    > Admittedly, I have not read up on the DMZ feature of most of the
    > low-dollar routers. Refer to the manual.
    >
    >> But since it still has the same IP address, 192..., I don't think it's
    >> working.
    >> Will DMZ allow me to put a PC on the internet or do I have to physically
    >> move it off the router. And if I do this won't my ISP try to charge me
    >> more
    >> it I need two IP addresses since it looks like a NAT address will not
    >> work
    >> for what I want to do.
    >>
    >> thanks, Ed

    >
    > Best Regards,
    > News Reader



  4. Re: Linksys Router DMZ / web server question

    Ed in Calif wrote:
    > It looks like from the manual these ports are always open
    > to all connections to the router - the internet needs them to work.


    Not entirely true.

    >
    > 7 (Echo), 21 (FTP), 23 (TELNET), 25 (SMTP), 53 (DNS), 79 (finger), 80
    > (HTTP), 110 (POP3)
    > 119 (NNTP), 161 (SNMP), 162 (SNMP Trap)


    I have not seen your manual, but I believe you are mis-interpreting it.

    It is more likely that those are the "destination" ports that are open
    on the LAN side of the router.

    In other words, internal hosts can access Internet based resources using
    FTP, SMTP, DNS, HTTP, POP3, and NNTP without additional configuration.

    The other ports (Echo, TELNET, finger, SNMP, and SNMP Trap) may relate
    to management of the router and/or Internet based systems.

    >
    > I guess I could port forward all ports to the Linux server but I think it


    The point of port forwarding is to selectively minimize the ports that
    are forwarded to the internal server.

    > having a NAT address
    > is still a problem.


    No, this is not a problem (as long as your router supports port
    forwarding), this is done every day.

    The port forwarding establishes a rule that says, e.g.: a packet
    received on the WAN interface (sent to the ISP assigned address) with a
    destination TCP port of 80, is to be forwarded to a specific internal
    system (e.g.: 192.168.1.102) at port 80. Your Linux server will then
    respond to the connection request, and serve up its web page.

    Best Regards,
    News Reader

  5. Re: Linksys Router DMZ / web server question

    OK. So Tomorrow then I'm going to open the full range of ports, 0 to 65536
    for 192.169.1.102.

    But what do I tell my users to use as an http:// address to get to me? They
    can't use the NAT address
    can they, every Linksys Router uses those addresses.

    Ed


    "News Reader" wrote in message
    news:8gQRj.56378$612.38853@read1.cgocable.net...
    > Ed in Calif wrote:
    >> It looks like from the manual these ports are always open
    >> to all connections to the router - the internet needs them to work.

    >
    > Not entirely true.
    >
    >>
    >> 7 (Echo), 21 (FTP), 23 (TELNET), 25 (SMTP), 53 (DNS), 79 (finger), 80
    >> (HTTP), 110 (POP3)
    >> 119 (NNTP), 161 (SNMP), 162 (SNMP Trap)

    >
    > I have not seen your manual, but I believe you are mis-interpreting it.
    >
    > It is more likely that those are the "destination" ports that are open on
    > the LAN side of the router.
    >
    > In other words, internal hosts can access Internet based resources using
    > FTP, SMTP, DNS, HTTP, POP3, and NNTP without additional configuration.
    >
    > The other ports (Echo, TELNET, finger, SNMP, and SNMP Trap) may relate to
    > management of the router and/or Internet based systems.
    >
    >>
    >> I guess I could port forward all ports to the Linux server but I think
    >> it

    >
    > The point of port forwarding is to selectively minimize the ports that are
    > forwarded to the internal server.
    >
    >> having a NAT address
    >> is still a problem.

    >
    > No, this is not a problem (as long as your router supports port
    > forwarding), this is done every day.
    >
    > The port forwarding establishes a rule that says, e.g.: a packet received
    > on the WAN interface (sent to the ISP assigned address) with a destination
    > TCP port of 80, is to be forwarded to a specific internal system (e.g.:
    > 192.168.1.102) at port 80. Your Linux server will then respond to the
    > connection request, and serve up its web page.
    >
    > Best Regards,
    > News Reader



  6. Re: Linksys Router DMZ / web server question

    On Tue, 29 Apr 2008 21:25:42 -0700, "Ed in Calif"
    wrote:

    >OK. So Tomorrow then I'm going to open the full range of ports, 0 to 65536
    >for 192.169.1.102.


    NO! Open only those ports necessary, such as port 80 (HTTP) and 443
    (HTTPS). DO NOT OPEN ALL PORTS!

    >
    >But what do I tell my users to use as an http:// address to get to me? They
    >can't use the NAT address
    >can they, every Linksys Router uses those addresses.


    You need to either have yuor users connect using your Internet IP
    address, or get a domain name registered, and in the DNS system. If
    you are on a typical residential dynamic system, without fixed IPs
    then you need to find a DNS provider that will work with your IP
    configuration (a dynamic IP DNS provider, there are many).

    >
    >Ed
    >


  7. Re: Linksys Router DMZ / web server question

    On 2008-04-30 01:25:42, Ed in Calif wrote:

    > OK. So Tomorrow then I'm going to open the full range of ports, 0 to 65536
    > for 192.169.1.102.


    Your web server only responds on one port (typically but not necessarily
    port 80), and that's the only one you need to (should) forward (or "open").
    Opening more than needed is for the ones who really know what they are
    doing (and they probably don't either .

    > But what do I tell my users to use as an http:// address to get to me?
    > They can't use the NAT address can they, every Linksys Router uses those
    > addresses.


    The local addresses (e.g. 192.168.x.x) are just that, local addresses. You
    have to use the IP address you get from your ISP (it's probably shown in
    one of the admin pages of your router). If this address is reasonably
    stable, you may be able to use it as-is, that is, connect to
    http://123.45.67.89 (if that's it .

    Or you can sign up with one of the dynamic IP services (search for "dynamic
    IP") and get a domain name that "follows" your changing IP address. You
    need a piece of software that runs on your server that updates that service
    every time your IP address changes.

    Gerhard

  8. Re: Linksys Router DMZ / web server question

    Ed in Calif wrote:
    > OK. So Tomorrow then I'm going to open the full range of ports, 0 to 65536
    > for 192.169.1.102.


    That is not even remotely what I indicated. My post stated:

    "The point of port forwarding is to selectively minimize the ports that
    are forwarded to the internal server." Then I gave an example where you
    "only" forwarded port 80.

    >
    > But what do I tell my users to use as an http:// address to get to me? They


    Then my post stated: "a packet received on the WAN interface (sent to
    the ISP assigned address)"

    i.e.: http://ISP-Assigned-Address

    > can't use the NAT address
    > can they, every Linksys Router uses those addresses.
    >
    > Ed
    >
    >
    > "News Reader" wrote in message
    > news:8gQRj.56378$612.38853@read1.cgocable.net...
    >> Ed in Calif wrote:
    >>> It looks like from the manual these ports are always open
    >>> to all connections to the router - the internet needs them to work.

    >> Not entirely true.
    >>
    >>> 7 (Echo), 21 (FTP), 23 (TELNET), 25 (SMTP), 53 (DNS), 79 (finger), 80
    >>> (HTTP), 110 (POP3)
    >>> 119 (NNTP), 161 (SNMP), 162 (SNMP Trap)

    >> I have not seen your manual, but I believe you are mis-interpreting it.
    >>
    >> It is more likely that those are the "destination" ports that are open on
    >> the LAN side of the router.
    >>
    >> In other words, internal hosts can access Internet based resources using
    >> FTP, SMTP, DNS, HTTP, POP3, and NNTP without additional configuration.
    >>
    >> The other ports (Echo, TELNET, finger, SNMP, and SNMP Trap) may relate to
    >> management of the router and/or Internet based systems.
    >>
    >>> I guess I could port forward all ports to the Linux server but I think
    >>> it

    >> The point of port forwarding is to selectively minimize the ports that are
    >> forwarded to the internal server.
    >>
    >>> having a NAT address
    >>> is still a problem.

    >> No, this is not a problem (as long as your router supports port
    >> forwarding), this is done every day.
    >>
    >> The port forwarding establishes a rule that says, e.g.: a packet received
    >> on the WAN interface (sent to the ISP assigned address) with a destination
    >> TCP port of 80, is to be forwarded to a specific internal system (e.g.:
    >> 192.168.1.102) at port 80. Your Linux server will then respond to the
    >> connection request, and serve up its web page.
    >>
    >> Best Regards,
    >> News Reader

    >


    Best Regards,
    News Reader

  9. Re: Linksys Router DMZ / web server question

    Got it working now. Thanks for the education.

    Ed

    "News Reader" wrote in message
    news:9Z_Rj.57116$612.13148@read1.cgocable.net...
    > Ed in Calif wrote:
    >> OK. So Tomorrow then I'm going to open the full range of ports, 0 to
    >> 65536 for 192.169.1.102.

    >
    > That is not even remotely what I indicated. My post stated:
    >
    > "The point of port forwarding is to selectively minimize the ports that
    > are forwarded to the internal server." Then I gave an example where you
    > "only" forwarded port 80.
    >
    >>
    >> But what do I tell my users to use as an http:// address to get to me?
    >> They

    >
    > Then my post stated: "a packet received on the WAN interface (sent to the
    > ISP assigned address)"
    >
    > i.e.: http://ISP-Assigned-Address
    >
    >> can't use the NAT address
    >> can they, every Linksys Router uses those addresses.
    >>
    >> Ed
    >>
    >>
    >> "News Reader" wrote in message
    >> news:8gQRj.56378$612.38853@read1.cgocable.net...
    >>> Ed in Calif wrote:
    >>>> It looks like from the manual these ports are always open
    >>>> to all connections to the router - the internet needs them to work.
    >>> Not entirely true.
    >>>
    >>>> 7 (Echo), 21 (FTP), 23 (TELNET), 25 (SMTP), 53 (DNS), 79 (finger), 80
    >>>> (HTTP), 110 (POP3)
    >>>> 119 (NNTP), 161 (SNMP), 162 (SNMP Trap)
    >>> I have not seen your manual, but I believe you are mis-interpreting it.
    >>>
    >>> It is more likely that those are the "destination" ports that are open
    >>> on the LAN side of the router.
    >>>
    >>> In other words, internal hosts can access Internet based resources using
    >>> FTP, SMTP, DNS, HTTP, POP3, and NNTP without additional configuration.
    >>>
    >>> The other ports (Echo, TELNET, finger, SNMP, and SNMP Trap) may relate
    >>> to management of the router and/or Internet based systems.
    >>>
    >>>> I guess I could port forward all ports to the Linux server but I think
    >>>> it
    >>> The point of port forwarding is to selectively minimize the ports that
    >>> are forwarded to the internal server.
    >>>
    >>>> having a NAT address
    >>>> is still a problem.
    >>> No, this is not a problem (as long as your router supports port
    >>> forwarding), this is done every day.
    >>>
    >>> The port forwarding establishes a rule that says, e.g.: a packet
    >>> received on the WAN interface (sent to the ISP assigned address) with a
    >>> destination TCP port of 80, is to be forwarded to a specific internal
    >>> system (e.g.: 192.168.1.102) at port 80. Your Linux server will then
    >>> respond to the connection request, and serve up its web page.
    >>>
    >>> Best Regards,
    >>> News Reader

    >>

    >
    > Best Regards,
    > News Reader



+ Reply to Thread