Page 1 of 1

Adv. network question

Posted: Mon May 10, 2004 4:24 am
by Tricord
Hey guys, I'm looking for a packeteer that acts as a switch or bridge but inspects all throughcoming packets and drops them if they don't comply with a grant-rule.

In particular, we have three servers with a direct connection to internet. We'd like to block all traffic except incoming on port 80 (www) and 5900 (vnc). Internally (behind the packeteer) the servers must be able to communicate with windows networking, oracle replication and wddx.

I'm not looking into software solutions, only hardware. Maybe some of you guys know exactly what I'm looking for. I was thinking putting each server behind a broadband router so that they're protected by NAT, and port forward 80 and 5900. Not sure if it's the best solution though. Would require 1x router for each server too..

Posted: Mon May 10, 2004 9:24 am
by STRESSTEST
fi er wall

Posted: Mon May 10, 2004 9:36 am
by Tricord
Duh.

My eye caught this thing from DLink
http://www.dlink.com/products/?pid=141

It's exactly what I need and it's quite cheap, but it's like nowhere available here in Belgium :(

Posted: Mon May 10, 2004 9:44 am
by Plebeian
Tricord wrote:Duh.

My eye caught this thing from DLink
http://www.dlink.com/products/?pid=141

It's exactly what I need and it's quite cheap, but it's like nowhere available here in Belgium :(
What about the Linksys BEFSX41? Should be pretty similar to that D-Link model, and might be available over there....

Edit: Product Info, Purchase Info (it's the one one the right side on the bottom)

Posted: Mon May 10, 2004 10:23 am
by Testiculese
Hahaha DLink..that's like drinking American beer.

Correct solution, incorrect manufacturer. :)

Posted: Mon May 10, 2004 10:57 am
by Ferno
use an older machine for a firewall.

Posted: Mon May 10, 2004 11:27 am
by Tricord
Ferno wrote:use an older machine for a firewall.
I would, but we pay rackspace per 1U and that would turn out to be really expensive.

Pleb, thanks for the info but I have three servers each with their own public IP. The DLink firewall I mentioned supports multiple public IP's, the Linksys one doesn't. I'd need one for each server, which is pushing a little bit ;)

Posted: Mon May 10, 2004 1:41 pm
by Plebeian
Tricord wrote:Pleb, thanks for the info but I have three servers each with their own public IP. The DLink firewall I mentioned supports multiple public IP's, the Linksys one doesn't. I'd need one for each server, which is pushing a little bit ;)
Fair enough. :) I didn't read all the specs. Never run into a router supporting multiple external IPs before, but surely there's another out there. Wouldn't think that D-Link would come out with anything like that that wouldn't be soon followed by one of the other big players. :)

(Looks like the Linksys RV016 might meet your needs, but it's a bit overkill, and probably even more expensive than buying three routers. :))

Posted: Tue May 11, 2004 3:23 am
by Tricord
The linksys thing is really the ticket.

What it can do is have multiple public IP's on the WAN port, and it can be configured to map the entire port range of such a public IP address to a private IP, much like concurrent DMZ. I can configure the three public IP's, map each one to the corresponding server's internal IP, and then block all incoming traffic to those IP's except for port 80. Since the DLink supports incoming VPN connections, we can set up a secure VPN tunnel to the internal network in which the servers are connected and do all our FTP/VNC and oracle remote control things, without having to open any port publicly.

I've ordered it with several suppliers. The first who delivers sells ;)

Posted: Tue May 11, 2004 6:59 am
by Plebeian
hehe, looks like I was wrong again. Glad that one works out for ya (and obviously isn't insanely expensive; I didn't check for prices, just guessed based on what I'm used to seeing the "professional" sorts of routers go for).

:D

Posted: Tue May 11, 2004 2:08 pm
by Tricord
It's around €220. Much more expensive than what it costs in the US, but hey, this is Belgium. We pay more all the time ;)