No announcement yet.

Firewall Question

  • Filter
  • Time
  • Show
Clear All
new posts

  • Firewall Question

    Hi Guys - I was asked to build a Win2K3 server for a small office enviroment. This server has 2 NIC cards; I have one setup for the WAN side, which is connected straight to a Netopia DSL modem, and another for the LAN side. The problem is, during my install, the office didn't have any firewall available, and all my install's were through Windows Wizards; e.g. DNS, DHCP, DC, and VPN. The only protection the computer has is Windows NAT and basic Firewall. I need to add a firewall in between the server and the DSL modem (which is acting just like a simple switch with 5 public IP's) but I'm worried that if I change the WAN side IP, all my settings for VPN, DNS and DHCP will get screwed. What is the best thing for me to do? Can I setup a firewall (say a Cisco PIX) to have the External and Internal IP? If so, how can I do this? Thank you so very much for anyone that can help.

  • #2
    Re: Firewall Question

    can you make a situation scatch?
    i don't really understand you're goal, so if you can make some kind of drawing?
    Technical Consultant

    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"


    • #3
      Re: Firewall Question

      Sorry if my question wasn't really clear. I'll try to make a drawing. But basically, here's the scenario.. During my initial Install - this my setup:

      1. DSL Modem (public IP/WAN) ---> Win2k3 (Configured with the "First Server" wizard) ---> Using the 2nd LAN port (private IP/LAN) ---> Switch ---> Users
      So basically the server is acting as a software NAT and Basic Firewall.

      What I need to do is:

      2. DSL Modem (public IP/WAN) ---> "Hardware Firewall" ---> Win2K3 and so on..

      If I change the public/WAN side IP of the Win2k3 server will it effect the Windows VPN, DNS and DHCP setup?


      Can I add a firewall to the Server and still use the same public IP address that I got from the Modem?
      like this:

      DSL Modem gives Public IP --> Firewall gets the Public IP --> Firewall forwards the same IP to the server ---> Win2k3 uses the IP.

      So instead of the firewall acting as NAT (which I think, will give my server an internal IP), can I just forwad the public IP?

      Thanks a lot for the help!!


      • #4
        Re: Firewall Question

        In general this is how we have our system setup.

        1. Internet connection via ADSL router.

        2. Firewall with External IP address on the router side and internal address (192) on the internal side of the firewall.

        3. DHCP, DNS, DC is handled internally on our internal address with forwarders setup to connect to an external DNS server. DHCP should be issuing IP addresses to your internal clients only, preferably on a 10 or 192 range.

        4. VPN is handled via software provided to us by the firewall company. Raduis is setup so users can authenticate when dialing in.

        So to answer your question yes you can use a "Hardware Firewall" which will sit between your router and your internal network, presumably through a switch of some sort.

        When purchasing a firewall ensure that you get what you require.

        Depending on the size of your network i would definately recommend purchasing a Sonicwall Firewall Appliance, this will provide you with everything you need.


        • #5
          Re: Firewall Question

          > So instead of the firewall acting as NAT (which I think, will give my server an internal IP), can I just forwad the public IP

          That depends on the firewall. Some firewalls allow layer-2 firewalling, which means that it functions as a hub/switch (not: router) but still blocks traffic.

          Note that some modems have a basic built-in firewall, perhaps requiring a firmware upgrade or config change.


          • #6
            Re: Firewall Question

            How about a reliable Software Firewall that works with Windows 2003? Any suggestions?

            I still would like to know what would happen if i changed the Public IP on the server.. say from 71.164.... to 192.168... would this kind of change screw up my settings for DHCP, DNS and windows VPN which was configured using Windows Wizards. Because what I would like to do is add a hardware firewall and use the Internal IP that it will provide as the Public IP of the server.

            Thanks again...