General Discussion
  >> Fibre Broadband


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User davestubbs
(regular) Sun 12-Jun-11 18:26:06
Print Post

What kit to create a DMZ


[link to this post]
 
My current network has a ST546 bridged to a netgear FVS318 VPN router to create a DMZ and I want to do the same with the FTTC product.

Do I simply need to replace the BT Openreach modem with another VDSL modem that has a built in switch and routing capabilies (are their any ?) or do I keep the BT modem to provide the basic access and then put in another router between that and my VPN router with PPPoE capabilities/firewall and Routing to create the DMZ? (could I use another FVS318 for example).

I have no need for wireless so definately don't want any router with that in it (I have my own dedicated access point for that already on the home network). The router only needs to support 100MB as it's just providing all the DMZ routing to the internet, I've got a dedicated gigabit switch for all the local system networking.

If this seems a little excessive, I should also mention that I had my whole house CAT5 cabled when it was built 8 years ago and have a wiring closet under the stairs with a dedicated comms rack. With 3 servers, 5 workstations, 2 laptops, and any number of phones and other IP enabled devices I need all the infrastructure just to run the family !!
Administrator MrSaffron
(staff) Sun 12-Jun-11 19:04:55
Print Post

Re: What kit to create a DMZ


[re: davestubbs] [link to this post]
 
Why are you wanting to add another router into the chain?

Surely VDSL modem which hands the public IP on to the FVS318 will do everything? Or am I missing something?

Andrew Ferguson, andrew@thinkbroadband.com
www.thinkbroadband.com - formerly known as ADSLguide.org.uk
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User davestubbs
(regular) Mon 13-Jun-11 01:42:07
Print Post

Re: What kit to create a DMZ


[re: MrSaffron] [link to this post]
 
What I have now is a DMZ. All servers I want to be publicly addressable run off the switch ports on the back of my ADSL modem today, and all local workstations and devices run off the back of the VPN router so they are isolated. The ADSL modem has it's own public IP address as the gateway to my network, then the netgear router has one of my 8 IP address, other servers have the other addresses. Everything behind the VPN router is on a private subnet including the VPN endpoint.

So I want to create the same DMZ on the FTTC product. From what I've seen of the BT modem, it only has a single LAN port output which I'm guessing would connect to the WAN port on the Netgear router. This only gives me my local network, not a DMZ so nowhere to connect my public servers to. I would not connect my private network and public network servers to the switch on the VPN router as that's a major security risk.

I've tried to find info on how you configure the BT modem, do you enter the PPPoE config within that modem and does it get it's static IP address configured in there or not. The last post I read indicated that would be the routers job to do the PPPoE logon and therefore get the IP address. This is what I'm trying to work out.

If the modem has all the logon information and takes a single IP address, then all I would need is a switch between the modem and the router so that I can plug all the DMZ networking equipment in there, including the VPN router.

It would help if I had a link to a technical manual for the BT Openreach modem so I can work out what it can or can't do.


Register (or login) on our website and you will not see this ad.

Standard User jchamier
(knowledge is power) Mon 13-Jun-11 05:52:10
Print Post

Re: What kit to create a DMZ


[re: davestubbs] [link to this post]
 
In reply to a post by davestubbs:
So I want to create the same DMZ on the FTTC product. From what I've seen of the BT modem, it only has a single LAN port output which I'm guessing would connect to the WAN port on the Netgear router. This only gives me my local network, not a DMZ so nowhere to connect my public servers to. I would not connect my private network and public network servers to the switch on the VPN router as that's a major security risk.


You'll probably need two home "routers". One to plug into the BT modem and handle the PPPoE login; assuming your chosen FTTC ISP then allocates you a subnet then the public servers would be plugged into this router. One port would then be your VPN router which you give a public IP, and then have your private devices behind.

At the moment the function of your BT modem (on ADSL/ADSL2+) is handled inside an existing router - what BT have done is separate this out and use Ethernet to link the two together.

James - be* pro - on THFB - sync about 17.2mbps - BQM
Standard User davestubbs
(regular) Mon 13-Jun-11 18:52:43
Print Post

Re: What kit to create a DMZ


[re: jchamier] [link to this post]
 
That's what I thought would be the case.

I'm wondering if anyone here has had a bank of IP addresses allocated an how you use those numbers.

When you get a range of IP you can't use all of them, 2 are reserved for broadcast and network identification. So it would be normal to allocate a single IP to identify the network access point (my first router), then the subsequent 6 IP addresses can be used by the local subnet of which the first one would be the inside of the first router (menaing only 5 available addresses to use).

If someone can confirm that's how IP's are allocated for the FTTC product I'd be grateful.

So I'm guessing the BT modem has no configurability at all, if all the logon processing is handled by the router then the modem must be completely transparent and just passes the IP striaght through to the router. Hence there are no manuals available (that I've found) for it.

Sounds pretty clear now then.
Anonymous
(Unregistered)Mon 13-Jun-11 20:08:55
Print Post

Re: What kit to create a DMZ


[re: davestubbs] [link to this post]
 
One of these (dirt cheap on eBay) plus this (beta version) or this (current version) should satisfy your requirements (if you're not averse to the size of the equipment).
Standard User davestubbs
(regular) Thu 30-Jun-11 17:48:11
Print Post

Re: What kit to create a DMZ


[re: davestubbs] [link to this post]
 
OK, I've ordered my FTTC and my hardware. What I've gone for in the end is a pair of Netgear FVS318G VPN firewall routers.

These are 100 times better than the FVS318, and unless you have the v3 hardware in the 318 the WAN port is only 10baseT so wasn't up to the FTTC speeds anyway.

The FVS318G can be configured on two routing modes, NAT and Classic routing which is absolutely perfect to create a VPN. Here's how it will work.

Router 1, PPPoE configured to link to the internet with a Static IP. Configured in Classic router mode so all attached devices require a public IP address on the LAN (DMZ). Servers/devices etc. will go here that will have full IP addressability from the internet.

Router 2, straight WAN IP configured with one of the public IP addresses from the DMZ, WAN port plugged into the LAN port of router 1, then the router is configured in NAT mode so all my workstations etc. are hidden from the nasty hackers by two firewalls. This will also have my VPN tunnels configured as well to connect to my office and my laptop when I'm roaming.

I was really surprised by how different the configurability is of the 318G over the original 318, and what's more it's cheaper generally as well. Bargain.

I've bought them refurbed as well, should be OK, but helps keep the initial costs down a bit.

Edited by davestubbs (Thu 30-Jun-11 17:50:05)

  Print Thread

Jump to