Want to push my home network behind a WRVS4400N DMZ

Similar Messages

• Want to put my WRT54GS behind a WRVS4400N DMZ

  Hello all,
       I've got a pretty typical setup with my DSL modem hooked to my WRT54GS, which is the gateway for my home network, both wired and not.   I have received a block of static IP's from my ISP and I now want to build a DMZ in "front" of my home network.  Here's what I envision:
          Internet
              |
          DSL Modem
              |
          WRVS4400N V.2  (no NAT, no DHCP, intrusion detection and firewall only) static IP on both sides of the router
              |
           DMZ (all static IP)
              |
          WRT54GS (static IP facing the DMS, NAT, DHCP, etc behind the router)
  Does this look like a good design?  Is there anything I need to watch for to "push" my current home lan behind my new DMZ?
  Thanks for the help.
       - Jeff

  OK, I have a complication (I used to know this stuff, really....)  I started mapping out the IP networks and started to configure the WRVS4400N and got lost.
  My ISP gave me a block of static IP's - say 1.2.3.4-19  (16 block).  They reserve 3, so I get to use 13. 
  1.2.3.4 is reserved (probably for their router)
  1.2.3.19 is reserved for broadcast
  1.2.3.18 is reserved for gateway.
  So I tried to set up the 4400N last night and got stuck setting up the routing.  Here's a diagram:
       DSL Modem - 1.2.3.4 (internal) - this is an Actiontec GT701-WG - could be replaced with any DSL modem/router
                |  1.2.3.18 (gateway)
                |
                |  (1.2.3.5 Wan port)
      WRVS4400N - no dhcp, no nat (in router state not gateway), Intrusion and Firewall on - 1.2.3.6 internal
                |  (1.2.3.7 Lan port)
                |
                |------------------------------------------this is where I want to put 1.2.3.8-16 (servers)
                |
                |  1.2.3.17 (Wan Address)
       WRT54GS  - almost default setup
                |  192.168.1.1
                |
  (Home Network)
  The problem I have is that I don't get to pick the IP's that are reserved on the actiontec, and they encompass the entire IP range I've been given.  I want the protection of the 4400 for my servers, but I don't see how to build a route table to form a separate cloud of 1.2.3.5-17.  It's like I'm cascading three routers over only two IP ranges.  Splitting the 1.2.3.x ip range into two subnets doesn't seem to work since the isp grabs both the top and the bottom of the range.
  Can someone help me with the details of setting something like this up?
  ....Alternatively, the reason I am looking to do this is that I want to protect my home net, offer web services from my DMZ, yet be able to let my home net access dmz servers without going out and back in via the internet.  I could set up two VLAN's, one for home, one for the DMZ, both using NAT on two different IP ranges (giving me 3), but I have two problems - I have several servers that I need to service internet requests (not just one DMZ PC) and I want to access the DMZ from the home net directly.  If I set inter-VLAN routing on, I think I'm giving a channel for a hacker to get to my home net.
  So I'd be open to any alternatives.  Functionally, I don't think what I want to do is hard, but getting into the weeds of configuration has my head spinning.
  Thanks again for all the help, it is very much appreciated.
      - Jeff

• How can I set a home network behind a wireless linksys router

  The XP wizard for 'setup a home or small office network' doesn't seem to work when I'm behind the router (it used to work before I had a router - back then I worked with a product called 'access point' which was connected to a second network card on my desktop).
  My layout is normal, I think. Here are the links: 
  modem -- ADSL
  modem -- router
  desktop -- router
  laptop -- router (through wireless).
  I have internet on both computers. The only thing I cannot do is make one computer find the other. 
  Anyone knows what should I do ?
  Thanks,
  Ofer

  ofers wrote:
  The XP wizard for 'setup a home or small office network' doesn't seem to work when I'm behind the router (it used to work before I had a router - back then I worked with a product called 'access point' which was connected to a second network card on my desktop).
  My layout is normal, I think. Here are the links: 
  modem -- ADSL
  modem -- router
  desktop -- router
  laptop -- router (through wireless).
  I have internet on both computers. The only thing I cannot do is make one computer find the other. 
  Anyone knows what should I do ?
  Thanks,
  Ofer
  Make sure both computers have File and Printer Sharing enabled. Also make sure both computers have the same workgroup name. Temporarily disable any software firewalls, such as Norton or McAfee, and see if the computers can see each other.
  A+ Certified, over 15 years of hands on computer and home networking experience...and I still get lost!

• Can't get to home network behind WRV54G using QuickVPN

  Someone please help preserve my sanity.  I have a home LAN with multiple wired and wireless W2K computers on a WRV54G.  I have the QuickVPN client on my W2K laptop.  I have a static WAN address.
  I can remotely connect to the WRV54G using QuickVPN with no problems at all.  The connection seems to be able to stay up indefinately and I can remotely administer the WRV54G and access all functionality.  I can even ping all of the computers on my LAN from the remote connection with great response times.
  What I cannot do is "see" any of the computers on the LAN from the remote connection.  I cannot map to any of the shared drives on the LAN either using machine names or IP addresses.  I have repeatedly attempted to try different settings on the router's VPN setup and I have created user accouonts on the LAN machines for my remote login name and password.  Still no joy.  This is driving me nuts.
  Any help will be greatly appreciated.

  Brickmonkey,
  I'm afraid I don't know how to find the answer you are referring to.  I tride th url you referenced, but linksys says it doesn't exist.  Sorry if I'm a little slow .....

• The great TC isn't friendly in a home network behind a other router.

  Hi everybody,
  I bought the TC 500Gb in april with my new MAc Quad core.
  After unpacking and read some manuals I set it up in the way below.
  I have a Orange livebox router (only two ethernet ports) so normally I connect another Netgear 824 router on it. That's working perfect (not the wireless range that's why I bought the TC). Near my devices I have asus gigabyte switches and working great. I connected my TC on a Asus gigabyte switch and the use of the assistent went allright.
  The TC must reboot after the settings and then the problems are comming.
  The TC reboots and the led indicator Is green.
  I try to go into the configuration again but I can't go in. Time outs after and after again.
  I have reset the TC soft and hard then you can acces the TC sometimes.
  I contacted Apple Support and they helped a bit by hard resetting and connecting the TC straight on my Mac Pro.
  I allready knew that this is working so okay.
  With a bit research I found some default values in the TC.
  He is a router with a starting adres 10.0.1.1 ( I found this out with my airport connection of my Mac Pro).
  The problems are allways there it seems when I change my adress range to 192.168.1.x. then I can't connect him with ethernet. All of my ethernet devices are working good only the TC has problems.
  The wireless setup is good even after reboots and can connect with my Macbook Pro/iphone/Mac Pro.
  And using the Timemmachine is not allways to use. The storage device is once and a while gone.
  I found a workaround without time outs.
  In the Airport configuration menu there is menu item of configuring another base device, after putting in the 192.168.1.TC adres it's alllways good and I come in.
  So very strange.
  I think when you are using routers before the TC it's a crime using the TC.
  Maybe changes the ipadress range to 10.0.1.x then maybe it's good.
  Who has the same problems like I have?
  Configuration problems, timeouts lost connections?
  Message was edited by: Flying Dutchy

  Hi everybody,
  I bought the TC 500Gb in april with my new MAc Quad core.
  After unpacking and read some manuals I set it up in the way below.
  I have a Orange livebox router (only two ethernet ports) so normally I connect another Netgear 824 router on it. That's working perfect (not the wireless range that's why I bought the TC). Near my devices I have asus gigabyte switches and working great. I connected my TC on a Asus gigabyte switch and the use of the assistent went allright.
  The TC must reboot after the settings and then the problems are comming.
  The TC reboots and the led indicator Is green.
  I try to go into the configuration again but I can't go in. Time outs after and after again.
  I have reset the TC soft and hard then you can acces the TC sometimes.
  I contacted Apple Support and they helped a bit by hard resetting and connecting the TC straight on my Mac Pro.
  I allready knew that this is working so okay.
  With a bit research I found some default values in the TC.
  He is a router with a starting adres 10.0.1.1 ( I found this out with my airport connection of my Mac Pro).
  The problems are allways there it seems when I change my adress range to 192.168.1.x. then I can't connect him with ethernet. All of my ethernet devices are working good only the TC has problems.
  The wireless setup is good even after reboots and can connect with my Macbook Pro/iphone/Mac Pro.
  And using the Timemmachine is not allways to use. The storage device is once and a while gone.
  I found a workaround without time outs.
  In the Airport configuration menu there is menu item of configuring another base device, after putting in the 192.168.1.TC adres it's alllways good and I come in.
  So very strange.
  I think when you are using routers before the TC it's a crime using the TC.
  Maybe changes the ipadress range to 10.0.1.x then maybe it's good.
  Who has the same problems like I have?
  Configuration problems, timeouts lost connections?
  Message was edited by: Flying Dutchy

• Acessing Home Network from work

  If i want to access my home network when i'm at work... what all is involoved in that?

  Hi:
  What services are you running? Who do you want to be able to access them? How "tight" do you want your security to be?
  I run a small personal email server at home, along with afp services, vnc, and ssh. To do that, I require all users to tunnel all desired services over ssh protocol 2.
  To do that, basically, I open one single port in the DSL modem and forward that port to the computer hosting those services. You may or may not have to use static IP routing on your internal LAN 192.168 network for port forwarding, depending on how new/fancy your DSL/cable modem is. If you wanted to allow ssh to multiple computers, you'd have to ssh in on a non-standard port on at least one of them, which you can tell the DSL/cable modem to "cross-strap" to port 22 inside the LAN. I don't see why if you came in from the outside on two different ports, that you couldn't cross-strap one port to one of your internal 192.168 IP addresses on port 22, and cross-strap the other port to the second internal 192.168 IP, also port 22.
  Then, add a line to each user's .bash_login files on their remote computers that says something like
  alias phoneHome='ssh -l {homeShortUserName} -L 5901:127.0.0.1:5900 -L 3238:127.0.0.1:3238 -L 5548:127.0.0.1:548 -L2525:127.0.0.1:25 -L 1143:127.0.0.1:143 {yourDomainName}
  Now, each user launches Terminal, types phoneHome and gets an encrypted channel for VNC (first two "-L" port forwards), afp file sharing, smtp mail services, and imap mail services. And it's all encrypted. I would also recommend taking a look at http://www.corsaire.com/white-papers/050819-securing-mac-os-x-tiger.pdf.
  After the user has "phoneHome'd," (s)he can launch Mail, ChickenoftheVNC, or ⌘k in Finder to start AFP. Your users' remote computers' Mail would use 127.0.0.1 as the imap and smtp server, ports 1143 and 2525 respectively, to access the server mail account set up there. To connect afp, the remote user would connect to 127.0.0.1:5548. To connect to vnc session, remote users would connect to 127.0.0.1:5901.
  The hosting Mac (at home) would need to have VNC andARD services enabled (btw, VNC is pre-defined as an "other" "new" service when you add it in SysPrefs Sharing Firewall), and apple file sharing, and remote login (ssh) enabled in the Sharing Services tab. In the firewall tab, you would need to add smtp (port 25 TCP) and imap (port 143) and/or pop (port 110) if you are going to run a mail server. You don't need SSL if you tunnel over ssh. I prefer this approach because if you use public/private key exchange for ssh login (basically, like an automated PGP authentication), that is, to me, way more secure than password authentication, and it's two less ports you need open for universal access.
  To get mail from other smtp servers, I recommend you get mailhop relay by dyndns.com. It costs $40 a year, and whenever anybody sends mail to your domain, it gets routed through them first, where they spam-assassinate it and virus-scan it before forwarding it on to you. The other advantage is that then, when you open port 25 in your router, you can restrict that port to only be accessible to traffic coming from dyndns' several mailhop relay smtp servers' IP addresses. Helps to cut down on the hack attacks by intruders coz a port scan from any other IP address will show the port as closed. MailServe, by cutedgesystems.com, is a GUI frontend for Mac's built-in postfix, and it also includes uw-imap. It lets you get an imap(or pop)+smtp mailserver up and running in literally minutes for only $20.
  If you don't get a static WAN IP address assignment from your ISP, get dyndns.com's DynDNSupdater program (the same guys that have the mailhop services). Then, whenever, your ISP changes your DHCP-assigned WAN IP address, dyndns.com's DNS servers are updated with your new IP address, so your domain name can always be resolved. They offer a number of variations of TLD's for your domain name for free, or you can pay them for a custom one. But I don't have a problem with a domain name like jv.dyndns.org. But they've got a lot of others, like isageek.net and some other goofy ones. There are other programs like DynDNSupdater, but I am only familiar with dyndns. One thing is for certain, to me anyways, and that is being able to operate DHCP from your ISP is better than paying monthly premium for a static IP assignment from your ISP.
  I mentioned mailhop relay earlier -- if you are going to be dynamic WAN IP from your ISP rather than buying a static WAN IP address, and are going to be running that mailserver, and you bought mailhop relay, you will probably find yourself wanting to buy another service from them for as little as $10/yr called mailhop outbound (pricing depends on amount of outbound mail traffic). Outfits like roadrunner.com and aol.com block smtp requests coming from servers whose domain names reverse-dns to dynamic IP space. So your users might not be able to send mail to aol or rr.com people, and others, without a service like this. Still, $10/yr is better than $5-$10/mo for a static WAN IP.
  Digressing somewhat, if you are going to be running your own webserver, open to the public, you'll need to open port 80 on your DSL/cable modem (and in Sys Prefs Sharing Services) and forward that port to the computer hosting the web server, too. And, as Karl said, if running multiple webservers, you'll need multiple ports open in the modem, cross-strapped to port 80 of the appropriate server.
  Last but not least (well, at least last for this post!) I would recommend installing a network intrusion detection system. One is available that comes pre-compiled for Mac OS X client, called HenWen. It is a GUI front-end for Snort, which comes included with HenWen (it's not the most recent version of snort, and it doesn't install snort in the usual default location that snort would, instead being contained within the HenWen application, but I still recommend it). Fairly easy to set up, although since the last version of HenWen came out, snort has added rule sets for spyware, so you need to add a rule for that in HenWen's GUI. Sign up for a free account at snort.org, so you can get the latest NIDS rulesets. It doesn't block bad things before they happen, but at least it lets you know that suspicious activity occurred after the fact -- which is way better than being totally oblivious.
  And I guess I lied, this is actually the last thing: if your work's IT dept is like mine, they keep just about ALL destination ports closed. So you may need to try to telnet {yourDomainName} {port#forDesiredService} just to make sure that your IT dept allows outbound traffic to go to the desired destination ports on your home network, or use Tiger's provided Network Utility to port scan your home's network's desired ports.
  (if this solves your problem, or is actually helpful towards arriving at a solution to your problem, please consider marking this reply as "helpful" or "solved," in addition to, if applicable, marking this question as "answered")
  2001 Quicksilver G4 (M8360LL/A)   Mac OS X (10.4.8)  

• Setting up my home network

  Hi guys,
  I want to setup my home network with my devices and I would like to know the best setup possible.
  I have to configure:
  1X 2TB Time Capsule
  1X Airport Extreme
  2X Aiport Express
  The 2 Express are for speakers in differant rooms.
  I can not link any with ethernet cables. Unfortunately.
  It has to be wireless.
  How I did set it up before was the TC was the master hooked up to the modem and all the other were setup as extende wireless network.
  The result was not very good. Often I have cut and dops form my laptop and with the remote app.
  How would you recommande to set it up?
  Cheers,

  I can not link any with ethernet cables. Unfortunately.
  Have you ruled out powerline adapters? They can sometimes work pretty well, bridging distances that wireless can't.

• HT4199 i resenty up dated my iphone 5, now my phone will not connect to my home network. my kids phones, laptops and macs all connnect to my home network. i have an hotspot router it connects to that but not my homes network, i reset all network setting,

  l resently up dated my iphone 5 and now it want connect to my homes network, i have a hotspot router that it connects fine to. all other devisers connect to the home network, l reset all network setting and reentered password (password is correct) and still no go. whats up with this. Thank Mike

  It's possible your wi-fi router needs to be reset, or the firmware needs to be updated.
  Follow the steps in this article: iOS: Troubleshooting Wi-Fi networks and connections - http://support.apple.com/kb/ts1398

• I want to be able to totally block the FaceTime functionality in my home network.  I would like to do this at the router level.  Does anyone know the hostname or IP address that the FaceTime application uses? Or which port it connects to?

  I want to be able to totally block the FaceTime functionality in my home network so my 4 kids aren't using the Facetime feature- It was easy for Skype just had to enter the work Skype on my Router Security list- and it denies access. I would like to do this at the router level for FaceTime? Only site I find in init.ess.apple.com - is this the startup site for Facetime?   Does anyone know a site I can block, hostname or IP address that the FaceTime application uses? Or which port it connects to?

  I would presume so, but it might be worth your while to experiment and play around with different combinations to see if you can block FaceTime while keeping Game Center open.  Good luck!

• I want to set up a home network to be able to watch my movies and litsen to music across multiple platforms without keeping my laptop connected.

  I want to set up a home network to be able to watch my movies and litsen to music across multiple platforms.  I have movies purchased from itunes as well as movies from my DVD collection that i converted to an .m4v format.  I currently have these movies stored on an external harddrive. To watch a movie on my apple tv I have to ensure my external hard drive is connected to my macbook pro, then play the movie on my macbook pro and "mirror" it to my apple tv.
  Ideally I would like to be able to watch movies from my collection without having to have my laptop on and work from that.  Is it possible to navigate my collection from my Apple TV and play it on my Apple TV.  My macbook pro is the machine I primarily use for work and school it is quite the protological nuissance to have to hook all that up everytime I want to watch a movie.
  My thoughts are that I could take my old dekstop pc, attach an external hard drive to that and make that my "media storage".  If I were to do that would I then be able to watch movies as well as select which movie I want to watch from my library through my apple TV without my macbook pro being in the equation?  Or if I should desire to watch a movie from my library through my Macbook Pro, Iphone 4s, and ipad is that possible?  I basically want to set up my library to be accessible from any of my devices.
  My devices are; the previously mentioned Apple Tv, macbook pro, iphone 4s, ipad 3. I also have a desktop PC running windows 7, xbox 360 and playstation 3 (the xbox and PS3 would be nice if they could too but wouldnt break my heart as they are my roommate's and not mine so I rarely use them.)
  Thank you for any help/advice you guys may have!

  atv's can only access media from
  1. a computer which is turned on running itunes
  2. the internet
  no other options
  and NAS's which say they can work as itunes libs don't work

• I'm currently signed onto my home network and want to go on with another computer but don't remember my password for my network.  Does anyone know where to find this?  It's a password that I set myself, not the one that came with my router.

  I'm currently signed onto my home network and want to go on with another computer but don't remember my password for my network.  Does anyone know where to find this?  It's a password that I set myself, not the one that came with my router.

  It's in your Keychain on the computer you usually use to connect to your network - the "kind" will be "AirPort Network Password".
  Your Keychain can be opened by using the Keychain Access program. It is in your Utilities Folder.
  Open Keychain Access, and type airport in the search field. You will see a number of entries. Choose the one with the name of your wireless network, open it, and check the box next to "show password". Before it reveals itself you will be asked for your login password - the one you use to log in to your MacBook.
  The network password will appear in the box.
  Quit Keychain Access.

• I have a mac mini server which I want to set up for remote access from windows and mac pcs.  How do I do this.  I can access it form my home network OK

  I have a mac mini server which I want to set up for remote access from windows and mac pcs.  How do I do this.  I can access it form my home network OK

  Posted in error.

• I am considering the purchase of an iMac or macbook and want to know whether I can import my iTunes library of  400 albums from my Windows PC over my Home Network?  300 of these albums have been imported from CD's, so would not want to have to do that aga

  I am considering the purchase of an iMac or Macbook and want to know whether I can import my iTunes library of  +400 albums from my Windows PC over my Home Network?  300 of these albums have been imported from CD's, so would not want to have to do that again.

  Just copy the entire /Musci/iTunes/ folder from old computer to /Music/ on new computer.
  The libraries will be identical (date added, ratings, artwork, etc.).
  You can do this easily over the network.

• Want Wired for Internet, Wireless for file transfers on home network

  I live in Dubai where internet in my house is connected straight from an ethernet port in the wall in numerous rooms. I have one wired connection hardwired from port to airport extreme which creates a wireless network for my laptops for internet.. apple tv et al. (home network 10.0.1.1 etc)
  In the other room i have a mac mini which is directly hardwired to a second ethernet port. I use this machine for hard wired internet as its essentially downloading continuously for work.
  Looking at network setting states..
  Wired connection states in network details : (To be used purely for hardwired internet)
  router address of (91.74.X.1)
  and ethernet port ip (91.74.x.21) 
  Wireless connection states in network details : (To be used purely for connection to home wireless network and streaming of files within internal networks)
  Router  (10.0.0.1)
  IP4V address is  (10.0.1.4) 
  Subset mask is 255.255.255.0
  I would like to force the mac mini to only use the wired ethernet connection for surfing/downloading, and also have an IP from the home network (10.0.1.2 etc) purely for file sharing/streaming with other computers on my home network. 
  Is this possible ?

  NAS is the right tool for this job.
  It is expensive but the market leaders.. synology and QNAP have really been doing it for long time and the ability to do file store/sharing and most importantly backup in these is excellent. Pick the best you can afford.. and buy disks that are in the recommended list. ie the cheapest are not always the best.. indeed they seldom are.
  Plan very carefully for rotation of USB drives (easy and cheap now with 4TB single drives). Rotate backups with offsite location on weekly basis.
  I would buy a 4 disk case.. you can use 4x3TB which are the best value at the moment.. that gives you 9TB of storage.. plus redundancy for a dead drive.
  Alternatives are using a Mac Mini as a server.. with a large stack of disks on it.. generally should be thinking thunderbolt if you want speed. Hideously expensive though for now.
  You can buy an Extreme or TC.. either would work well. TC allows you easy TM backups without using your NAS..
  Edit very large files on the computer. ie copy to computer.. edit.. copy back to the NAS.
  Editing very large files over wireless.. not good. Multiply that by mutliple computers.. not even fair.
  Copy a large project to the computer.. work on it.. copy back to the NAS.. in the meantime Time Machine should be able to take care of incremental backups.
  There are heaps and heaps of solutions.. as long as it is logical and easy to you.. and covers what you need.
  Don't skimp.. spending a $1000 for a NAS with disks.. plus extra for the backup disks.. that represents how many day's work for you plus anyone you have helping.. $$$$ ????
  A mini as a server is a good alternative.. You don't need to run server OS.. but share files to the network. Very hard to build the capacity of the NAS though.
  And a Mac Pro is now a joke without internal slots and cages for drives. (nice machine but wrong for this).
  And Apple have nothing in between.. a short tower case.. been missing for a long long time.

• I have a PVR which supports DLNA connected to my home network.  I want to access files on my MacBook from the PVR.  I understand that my MacBook doesn't support DLNA. Is there any 3rd party  software that I can install on my MacBook to provide DLNA?

  Hi,
  Can anyone help me please.
  I have a Personal Video Recorder (Humax HDR-1010S), which supports DLNA, connected to my home network via Wi-Fi. 
  I want to play music from iTunes and view photos from iPhoto from my MacBook (which is also connected to the home network) via the PVR / TV / Home Cinema sound system.  I understand that my MacBook (running OS X Mavericks) doesn't support DLNA server.
  Is there any 3rd party  software that I can install on my MacBook to provide DLNA server?
  Thanks,

  My recollection is that the iPhoto library has some fairly robust protections to prevent inadvertent or even deliberate changes being made that might have unwanted consequences. I'll take alook at my setup and let you know if I can see anything that might help you. Even if you get Serviio to "see" the iPhoto library, it almost ceratinly won't show the album structure and names. What I did is to export each iPhoto album to a standard folder with the appropriate folder name. These I keep on an external backup disc and Serviio can see these without trouble.