Jump to content

[SOLVED] Will server on router be a security risk to computers also connected to router


Recommended Posts

I have an old computer that I want to install Ubuntu Server Edition 8.04 on. I want to play with running a web server. I've read a lot of info online, and also bought a Ubuntu Server Administratioin book, but I would like to know if I plug this web server into my router, if the other 5 computers that are connected to the router will potentially be at risk. Is this more of a router config issue? The router is just a simple wired only linksys 5 port. There is also an 8 port switch connected because we have printers connected. Most computers connected are Windows XP, and there is one Win2K. There is some file and print sharing going on between the XP computers, in case that is critical info.

You'll only want to place your one server machine in the DMZ as defined somewhere in your routers config.

 

My router will only allow one machine to be in the DMZ. From what I have read online, I thought I was just going to use port forwarding. This is the first time I have heard of DMZ. My router manual is clear that being in the DMZ exposes the server to all ports being forwarded, as opposed to only a limited amount of ports being forwarded via port forwarding. I take it, based on your response, that the DMZ is a safer place to put the server. I will read more about the DMZ vs. port forwarding, but any further advice or information is appreciated. Thank you.

I take it, based on your response, that the DMZ is a safer place to put the server.

 

I took a few minutes to read up on "DMZ vs port forwarding", and it seems that DMZ is definitely worth avoiding if port forwarding can be set up correctly. Although the main advantage of DMZ seems to be ease of getting through the firewall... it seems like the more risky way of setting up the server. Ubuntu Server Edition 8.04 claims to have all ports blocked by default, so perhaps the DMZ is fine. What do you think?

I suppose if your only hosting limited services on the server port forwarding is probably sufficient and the safer option. I usually place any server I need in a DMZ then let the firewall on the DMZ take care of security. I hate playing around with those router interfaces.

 

Before I started using virtual machines I would put a router machine (a base Linux install with NAT/firewall and a couple of NICs) in the DMZ and would have it forward ports/requests to machines on the other side of it. It just meant that everything could be could be controlled via the one Linux machine instead of needing to use my hardware routers interface.

 

These days I pretty much do the same, but instead I'm only using the one machine (the hardware node (HN)) and within it I have a series of virtual machines (VEs). My hardware node sits in the DMZ and hosts only the software needed to run the VEs + iptables (NAT/Firewall). Based on requests sent to the HN I can determine which VEs to expose.

 

But yeah, I'd probably suggest you start with a simple port forwarding scenario.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.