Hey guys, I'm looking for a packeteer that acts as a switch or bridge but inspects all throughcoming packets and drops them if they don't comply with a grant-rule.
In particular, we have three servers with a direct connection to internet. We'd like to block all traffic except incoming on port 80 (www) and 5900 (vnc). Internally (behind the packeteer) the servers must be able to communicate with windows networking, oracle replication and wddx.
I'm not looking into software solutions, only hardware. Maybe some of you guys know exactly what I'm looking for. I was thinking putting each server behind a broadband router so that they're protected by NAT, and port forward 80 and 5900. Not sure if it's the best solution though. Would require 1x router for each server too..
Adv. network question
-
STRESSTEST
- DBB DemiGod
- Posts: 6574
- Joined: Sun Nov 21, 1999 3:01 am
Duh.
My eye caught this thing from DLink
http://www.dlink.com/products/?pid=141
It's exactly what I need and it's quite cheap, but it's like nowhere available here in Belgium
My eye caught this thing from DLink
http://www.dlink.com/products/?pid=141
It's exactly what I need and it's quite cheap, but it's like nowhere available here in Belgium
What about the Linksys BEFSX41? Should be pretty similar to that D-Link model, and might be available over there....Tricord wrote:Duh.
My eye caught this thing from DLink
http://www.dlink.com/products/?pid=141
It's exactly what I need and it's quite cheap, but it's like nowhere available here in Belgium
Edit: Product Info, Purchase Info (it's the one one the right side on the bottom)
-
Testiculese
- DBB Material Defender
- Posts: 4689
- Joined: Sun Nov 11, 2001 3:01 am
I would, but we pay rackspace per 1U and that would turn out to be really expensive.Ferno wrote:use an older machine for a firewall.
Pleb, thanks for the info but I have three servers each with their own public IP. The DLink firewall I mentioned supports multiple public IP's, the Linksys one doesn't. I'd need one for each server, which is pushing a little bit
Fair enough.Tricord wrote:Pleb, thanks for the info but I have three servers each with their own public IP. The DLink firewall I mentioned supports multiple public IP's, the Linksys one doesn't. I'd need one for each server, which is pushing a little bit
I didn't read all the specs. Never run into a router supporting multiple external IPs before, but surely there's another out there. Wouldn't think that D-Link would come out with anything like that that wouldn't be soon followed by one of the other big players. (Looks like the Linksys RV016 might meet your needs, but it's a bit overkill, and probably even more expensive than buying three routers.
)The linksys thing is really the ticket.
What it can do is have multiple public IP's on the WAN port, and it can be configured to map the entire port range of such a public IP address to a private IP, much like concurrent DMZ. I can configure the three public IP's, map each one to the corresponding server's internal IP, and then block all incoming traffic to those IP's except for port 80. Since the DLink supports incoming VPN connections, we can set up a secure VPN tunnel to the internal network in which the servers are connected and do all our FTP/VNC and oracle remote control things, without having to open any port publicly.
I've ordered it with several suppliers. The first who delivers sells
What it can do is have multiple public IP's on the WAN port, and it can be configured to map the entire port range of such a public IP address to a private IP, much like concurrent DMZ. I can configure the three public IP's, map each one to the corresponding server's internal IP, and then block all incoming traffic to those IP's except for port 80. Since the DLink supports incoming VPN connections, we can set up a secure VPN tunnel to the internal network in which the servers are connected and do all our FTP/VNC and oracle remote control things, without having to open any port publicly.
I've ordered it with several suppliers. The first who delivers sells
