WRT54G v. 8.1 DMZ question.

Similar Messages

• ConfigMgr 2012 R2 and DMZ Questions

  I am working with a client who's security team has been a challenge.  They do not want to open any of the RPC Dynamic Range ports needed for communication between certain roles on the Primary Site server and a server they want setup in one of their
  DMZ's. 
  They have a domain in the DMZ and all devices are a member of that domain.  We successfully setup a management point but can't publish since the ports from the primary site server to a DC in the DMZ are not open.  We placed a DNS service locator
  record in the DMZ and when we manually install the clients add the DNSSUFFIX and point to the MP in the DMZ.  The clients are reporting at this point.  However, they are not getting any software updates since the DP can't install and we don't allow
  failover to any other DP.
  The client has said that there has to be other solutions.  The solution we are using isn't best practice I know that.
  I guess there are three solutions here, correct?
  1.  Open DMZ site ports for clients to communicate only to ConfigMgr Server.  (Not secure)
  2.  Keep current design of MP/DP/SUP in DMZ?
  3.  Put a secondary site in DMZ?
  I have two questions about 2 and 3.  Why should we add the SUP?  Shouldn't the client talk to the Management Point and the management point sends the request to the SUP on the ConfigMgr?   So can't we ditch that extra SUP?  
  Also, even if we put a secondary site in the DMZ, we will still run into port issues since the client is refusing to open RPC Dynamic port ranges?
  Kristopher Turner | Not the brightest bulb but by far not the dimmest bulb.

  Yes 3 is out ConfigMgr wise.
  I would not call 1 insecure though. Open ports are not insecure, that's a myth perpetuated by those who don't know what a port is. Network security is about controlling the traffic and securing the endpoints. Ultimately, that may be a battle you won't win
  though because of political reasons and the perpetuation of myths in network security and the purpose of DMZs.
  Option 2 is what most/nearly all folks go with. If one port is open, you may as well open them all because security wise there is no true difference so any resistance here is ignorance. As long as the traffic is confined to a single endpoint, the port its
  using makes no difference and the level of security comes down to, as mentioned, the security posture and controls in place on that endpoint itself -- who cares that the traffic has a data field set to 80 or 443 or 1024 as long as the target is well controlled, "secured", and
  monitored.
  There ultimately aren't any other ways (besides 1 and 2) to accomplish this using only ConfigMgr proper. The ports required are well documented on TechNet so there's no magic to make these go away.
  Another architectural solution however is to use reverse proxy. This is a twist on choice 1 except that all client traffic passes through the reverse proxy instead to reach the internal site systems.
  Jason | http://blog.configmgrftw.com

• Want to put my WRT54GS behind a WRVS4400N DMZ

  Hello all,
       I've got a pretty typical setup with my DSL modem hooked to my WRT54GS, which is the gateway for my home network, both wired and not.   I have received a block of static IP's from my ISP and I now want to build a DMZ in "front" of my home network.  Here's what I envision:
          Internet
              |
          DSL Modem
              |
          WRVS4400N V.2  (no NAT, no DHCP, intrusion detection and firewall only) static IP on both sides of the router
              |
           DMZ (all static IP)
              |
          WRT54GS (static IP facing the DMS, NAT, DHCP, etc behind the router)
  Does this look like a good design?  Is there anything I need to watch for to "push" my current home lan behind my new DMZ?
  Thanks for the help.
       - Jeff

  OK, I have a complication (I used to know this stuff, really....)  I started mapping out the IP networks and started to configure the WRVS4400N and got lost.
  My ISP gave me a block of static IP's - say 1.2.3.4-19  (16 block).  They reserve 3, so I get to use 13. 
  1.2.3.4 is reserved (probably for their router)
  1.2.3.19 is reserved for broadcast
  1.2.3.18 is reserved for gateway.
  So I tried to set up the 4400N last night and got stuck setting up the routing.  Here's a diagram:
       DSL Modem - 1.2.3.4 (internal) - this is an Actiontec GT701-WG - could be replaced with any DSL modem/router
                |  1.2.3.18 (gateway)
                |
                |  (1.2.3.5 Wan port)
      WRVS4400N - no dhcp, no nat (in router state not gateway), Intrusion and Firewall on - 1.2.3.6 internal
                |  (1.2.3.7 Lan port)
                |
                |------------------------------------------this is where I want to put 1.2.3.8-16 (servers)
                |
                |  1.2.3.17 (Wan Address)
       WRT54GS  - almost default setup
                |  192.168.1.1
                |
  (Home Network)
  The problem I have is that I don't get to pick the IP's that are reserved on the actiontec, and they encompass the entire IP range I've been given.  I want the protection of the 4400 for my servers, but I don't see how to build a route table to form a separate cloud of 1.2.3.5-17.  It's like I'm cascading three routers over only two IP ranges.  Splitting the 1.2.3.x ip range into two subnets doesn't seem to work since the isp grabs both the top and the bottom of the range.
  Can someone help me with the details of setting something like this up?
  ....Alternatively, the reason I am looking to do this is that I want to protect my home net, offer web services from my DMZ, yet be able to let my home net access dmz servers without going out and back in via the internet.  I could set up two VLAN's, one for home, one for the DMZ, both using NAT on two different IP ranges (giving me 3), but I have two problems - I have several servers that I need to service internet requests (not just one DMZ PC) and I want to access the DMZ from the home net directly.  If I set inter-VLAN routing on, I think I'm giving a channel for a hacker to get to my home net.
  So I'd be open to any alternatives.  Functionally, I don't think what I want to do is hard, but getting into the weeds of configuration has my head spinning.
  Thanks again for all the help, it is very much appreciated.
      - Jeff

• WRT54GS router to WET54G bridge question, bridge connect to a wired router?

  Hello Everyone,
  I have a Wireless-G LAN set up using a WRT54GS router.  The existing wireless devices on the LAN are 2 PCs, a TiVo unit (using the TiVo wireless adapter), and 2 WET54G wireless bridges.  One bridge connects by ethernet wire to a LAN printer.  The other bridge connects by ethernet wire to a Sony BDP-S550 Blu-Ray player.
  The security is WPA2-AES.  so far all of that works OK, believe it or not, though I grew a lot older making it happen.
  Now here's what I'd like to do: I'd like to add another wired LAN device where the second WET54G bridge connects to the Blu-Ray player.  The bridge only has one ethernet wire connection, so I have to come up with some other way to get the two devices connected to the wireless LAN.
  I have two other LinkSys devices kicking around here that I can use.  One is a BEFSR41 wired Router.  The other is a WAP54G wireless Access Point.   If I can use one or both of those somehow, I won't have to buy another device.  That's the agenda so far.
  Right now it looks like this:
  WRT54GS Router wireless to WET54G Bridge wire to WAN input of BEFSR41 Router wires to the two LAN devices.
  I'm having trouble making this work, assuming it can even be done.  Can I get this config to work, or do I have to add the Access Point where the bridge is now, or.... ?
  Thanks for your time,
  Big Al Mintaka
  Solved!
  Go to Solution.

  You already have a network working with your existing devices. What you are trying to include in your network is possible and can be done. Instead of connecting the cable from the WET54G to the WAN port on the router, connect the cable the LAN port on the router. Disable the DHCP  and change the lan ip in the range of your existing network. It should work.

• Airport Express DMZ Question

  My APE is set to have create a new network and is connected to my westell router via ethernet. On my westell router, if i were to put the APE into a DMZ, would that put every device that uses my APE's network into the DMZ too?

  I haven't worked with a Westell router, but a DMZ setting on other routers is there to allow another router to connect to the network. All of the devices connected to that second router would be in the DMZ.

• WRT54G ver 6 Port forwarding question

  Howdy... I just purchased the WRT54G ver 6 router to replace my old wired one that was fried after losing power one night... plugged into a $60 surge protector... but I digress... I have 2 PCs plugged into this router... neither are wireless. I host a website and so I setup the router to forward port 80 to the webserver... The loading of images has become incredibly slow. Probably 3 to 4 Xs as slow as the old router... If I plug my cable modem into the pc direct it seems fine, so I dont see a bandwidth issue or upload problem... Seems to be at the router and more specific where the router is forwarding the request. Has anyone run into this? Are there settings on the router somewhere that I can tweak?

  Try to lower your MTU settings.
  "When you have eliminated the impossible, whatever remains, however improbable, must be the truth."

• IP lease via DHCP on WRT54G v7

  Hi. I have a small question on DHCP setup on WRT54G model (v7). The question itself: Is there any way to force DHCP to give out specified IPs to PCs with certain MAC addreses?

  The feature you described is called "DHCP reservation" and it is available in some Linksys routers, such as the WRT300N.  However, as best I can tell, your router does not have this feature.
  However, you can manually assign any computer (or other network device) a fixed LAN IP address.  After you do this, it will always have the same address on your network.   Linksys has some specific rules about assigning fixed LAN IP addresses, and you must follow them carefully:
  Rules for using fixed LAN IP addresses on Linksys routers:
  With Linksys routers, a fixed (static) LAN IP addresses must be assigned in the device that is using the address. So you need to enter the fixed address in the computer or printer, not in the router.
  When using a Linksys router, any fixed LAN IP address must be outside the DHCP server range (typically 192.168.1.100 thru 192.168.1.149), and it cannot end in 0, 1, or 255.
  Therefore any fixed LAN IP address would normally need to be in the range of
  192.168.1.2 thru 192.168.1.99 or
  192.168.1.150 thru 192.168.1.254
  assuming you are still using the default DHCP server range.
  Also, in the computer, when you set up a static LAN IP address, you would need to set the "Subnet mask" to 255.255.255.0 and the "Default Gateway" to 192.168.1.1 and "DNS server" to 192.168.1.1
  It is also important that no two devices on your network be set to the same static LAN IP address.

• Lag spikes while gaming, probably due to wireless network

  While gaming online, I get lag spikes, or as I like to call them, due to the nature of what happens, warping, every so often. By warping I mean I do something, my screen shows it, but the action never got sent across the server. So if I were to move right during a warping event, it'd show me that I moved right but then in a second I'm back where I was. (I hope that makes sense)
  As for what I've done to try to rectify this problem:
  Reset the router
  Open up all necessary ports (actually I just enabled DMZ, which would open all ports)
  I would have updated the drivers for my wireless adapter, but this problem also occurs when I'm gaming online on a console connected to the wireless network so I highly doubt the drivers would be the problem.
  As for my router's model number, it's WRT54G.
  Now, for the question I have. Would switching to a WIRED network fix this problem? (despite that pinging from a wireless connection then pinging from a wired connection was consistent)  If so, why? (the why would be to convince my dad, as he believes that due to the consistency in the pinging attempts (only 3-4 packets lost out of 100 when pinging to Google) the problem couldn't be due to the wireless network)
  Many thanks for your time.

  You should try to upgrade your router's firmware, reset and then re-configure your router...
  Download the router's firmware from here 
  Follow these steps to upgrade the firmware on the device : -
  Open an Internet Explorer browser page on a computer hard wired to the router...
  In the address bar type - 192.168.1.1...Leave the Username blank & in Password use admin in lower case...
  Click on the 'Administration' tab- Then click on the 'Firmware Upgrade' sub tab- Here click on 'Browse' and browse the .bin firmware file and click on "Upgrade"...
  Wait for few seconds until it shows that "Upgrade is successful"  After the firmware upgrade, click on "Reboot" and you will be returned back to the same page OR it will say "Page cannot be displayed".
  Now reset your router :
  Press and hold the reset button for 30 seconds...Release the reset button...Unplug the power cable from your router, wait for 30 seconds and re-connect the power cable...Now re-configure your router...
  Adjust the Wireless Settings after re-configuring the router - 
  Open an Internet Explorer browser page on your wired computer(desktop).In the address bar type - 192.168.1.1 and press Enter...
  Leave username blank & in password use admin in lower case...
  For Wireless Settings, please do the following : -
  Click on the Wireless tab
  -Wireless Network mode should be mixed...
  -Provide a unique name in the Wireless Network Name (SSID) box in order to differentiate your network from your neighbours network...
  - Set the Wireless channel to 11-2.462GHz...Wireless SSID broadcast should be Enabled and then click on Save Settings...
  Please make a note of Wireless Network Name (SSID) as this is the Network Identifier...
  For Wireless Security : -
  Click on the Sub tab under Wireless > Wireless Security...
  Change the Wireless security mode to WEP, Encryption should be 64 bit.Leave the passphrase blank, don't type in anything...
  Under WEP Key 1 type in any 10 numbers please(numbers only and no letters eg: your 10 digit phone number) and click on save settings...
  Please make a note of WEP Key 1 as this is the Security Key for the Wireless Network...
  Click on Advanced Wireless Settings
  Change the Beacon Interval to 75 >>Change the Fragmentation Threshold to 2304, Change the RTS Threshold to 2304 >>Click on "Save Settings"...
  Now see if you can locate your Wireless Network and attempt to connect...See if you face the same problem...

• Connection XI to the Internet

  Dear Guru's
  We have to connect our XI server to the Internet and we are thinking about the following 2 solutions:
  1./ Proxy server with a local adapter engine both in the DMZ which will be connected the Central instance of the XI server behind the DMZ.
  2./ Not using a local apter engine but using only a proxy, which is placed in the DMZ (and connect this proxy to the XI server behind the DMZ)
  questions:
  1./ Which solution should we use ?
  2./ Are there other solutions available ?
  3./ Can a proxy handle all protocols ?
  cheers
  Richard

  hi ,
  it will be helpful to u
  http://help.sap.com/saphelp_nw04/helpdata/en/02/265c3cf311070ae10000000a114084/content.htm
  regards,
  kumar.

• Exchange Edge Server - 2010 (helpdesk to view queue viewer)

  Setup - Exchange Server Edge 2010 running in DMZ
  Question: Created a local account for Helpdesk team, allowed RDP permission to them, they unable to view Queue Viewer, getting an error message "couldn't find the enterprise organization container'
  What permission do i need to give to local account to view queue viewer, need info on power shell command to use to provide them access.
  I am sure RBAC would play a role here, command info, pls assist.
  Thanks
  Inderjit

  Hello Inderjit
  Unfortunately we cant use RBAC on EDGE server
  On Edge Transport servers, RBAC isn't used to control permissions. The local Administrators group is used to control who can configure
  Exchange features on the local server.
  https://technet.microsoft.com/en-in/library/dd297943(v=exchg.141).aspx
  https://technet.microsoft.com/en-in/library/aa996854(v=exchg.141).aspx
  sandip

• Cable Modem to Computer to Router??

  I just bought the WRT54GS and I have a question.  I have a desktop and a cable modem.  The cable hooks up to the computer via USB.  The modem is connected to the cable stud on the wall and obviously the AC adapter.  How do I connect this router to my computer if the cable modem connects via a USB cable instead of a network cable?  I'm confused and new at this so can anyone help me out?

  Does your modem have an ethernet port?  If not, then you need to get a new modem that does have an ethernet port.  Your ISP should be able to supply you with this type of modem, for a modest price.
  If your modem has an ethernet port, stop using the USB port, then connect an ethernet wire from the modem to the Internet port on the WRT54GS.
  Message Edited by toomanydonuts on 03-15-2008 01:32 AM

• WRT54GS V6 access question.

  Just set up the network.
  WRT54GS with a Wireless-G USB adapter
  2nd pc is linked and working great!
  Question is: How do I access the 2nd pc from the 1st pc?
  I click on my computer > network places > view computer work groups.
  When I click on the 2nd pc it ask for a password. Where would I find the password to access the 2nd pc? I checked the Easylink advisor but can't find anything.
  Anyone know? I would like to transfer files from one pc to the other.
  Message Edited by asgrafxx on 02-10-200712:09 PM

  Hi… This is the login password for you PC and nothing do with your router or adapter. If you have setup any account on this computer such as administrator or any other, you can provide login credentials for the same and access the shared resources on that PC.

• WRT54G ver8.00.03 questions PLEASE HELP

  Im using the WRT54G ver.8.00.03 router as a wired router. I was wondering if I can use this router for xbox 360 live? I hooked it up to my xbox 360 and paid for xbox live and I did the xbox live test and everything came back as good to go. The system logs me in as online but when I go to find games in the lobbie it shows theres no online games to play...I need help. One guy wrote a review for the wrt54g ver8.00.03 and put this "it comes with a dmz which means it is perfect for xbox live just put you xbox on static ip and just place in the dmz and have unobstructed gaming online." I dont know what this means or how to do it.....can somone help me figure out this problem? PLEASE

  check the IP address of the computer, check the default gateway, mostly it should be in the range of 192.168.1.1, open an internet explorer page, type in http://192.168.1.1 or whatever your default gateway is, it will ask you for a username and password, if you have the password setup for the router when you configured the router for the first time with the cd then put in that password or if you have not change the password then the default password should be "admin", leave the username blank or empty, clicking ok will take you to the setup page of the router, on the top of the router's setup page, you will see a TAB which will say APPLICATION & GAMING, click on that and right under that tab, you will find DMZ as a sub tab. select it to be enable, and put the static IP that you have given to your playing console under this DMZ tab and click on SAVE SETTINGS, and enter the world of your dreams.
  Regards,
  Router_Support

• RV082 DMZ Configuration Question - Point to Point

  Hello,
  We have 2 offices in different countries both using the RV082 router.  Currently both offices have an internet connection on WAN1 and that is working fine.
  We are adding a Point to Point circuit between the two offices, and my question is on the RV082 configuration on each side.
  I was going to configure WAN2 in DMZ mode on each router, then connect the point to point circuit to the WAN2 port.  On the China side, the DMZ IP will have to be a private address (192.168.177.1), while the DMZ port on the San Diego side will be a public IP. 
  We need internal computers to be able to go to the internet normally through WAN1, but also go through WAN2 if they are trying to reach the other network.  I will be adding routes on each RV082 for this.
  Is there anything wrong with this configuration?  Do I need to change the routers from Gateway to Router mode?  Does it matter if the DMZ WAN2 port has a private IP address?
  Any advice or tips are greatly appreciated!
  Thank you in advance,
  Eric

  Thanks Tom but that thread is not exactly what I was looking for.  Mainly I just want to know if the RV082 can act as a fully functioning router with the two WAN ports going to different networks.  So the LAN side would hit the router, look at the routing table and know which WAN port to go out of.  Using the DMZ seems like it will work, but I have never tried it so I wanted to throw it out there and see if anyone has done this before.

• WRT54GS MTU Question

  Hi. I owned a WRK54G for a few years and just replaced it with a WRT54GS. I'm not too knowledgeable in the area, but I've been wondering what a good MTU to start off with would be. I have most of the other settings down.

  The Optimum Online website didn't have any info. So, I found a FAQ for Optimum Online on dslreports.com They stated that an MTU value of 1500 should be used as well, so I'll go with them. I have another noob question thats been bothering me. I realized that I purchased version 6 of the router, while the newest version is 7. Looking at Wikipedia, I see that version 7 has a faster clock speed. I won't be using third party firmware, so does it matter?