Close

Results 1 to 7 of 7
  1. #1
    DF VIP Member MartinC's Avatar
    Join Date
    Apr 2015
    Location
    Essex
    Posts
    100
    Thanks
    54
    Thanked:        40
    Karma Level
    73

    Default Server on the Internet - firewall

    I am one of these really annoying people (to some people, looks at dejavu) that likes things just right and secure.

    Going to be putting 1 of my vms or maybe 2 for stuff like plex, minecraft and might host a few Web pages to play with and I am trying to decide which firewall to use.

    I have never used the Microsoft one, in fact it's normally the first thing I turn of on a new server or workstation build, but for home I need something so what are people's thoughts on the windows firewall in win 8.1?

    I also might use a symantec endpoint protection as the firewall seems easy to configure and used it before.

    But if anyone has any thoughts on either or maybe a better solution it would be great to hear it.

  2. #2
    DF Jedi hoponbaby's Avatar
    Join Date
    Nov 2000
    Posts
    1,046
    Thanks
    161
    Thanked:        247
    Karma Level
    300

    Default Re: Server on the Internet - firewall

    I've been using eset smart security on mine for av& firewall

    Thanks to hoponbaby

    MartinC (28th April 2015) 


  3. #3
    DF Super Moderator
    evilsatan's Avatar
    Join Date
    Jul 2004
    Location
    Essex
    Posts
    20,365
    Thanks
    1,195
    Thanked:        3,442
    Karma Level
    1592

    Default Re: Server on the Internet - firewall

    Eset smart security is what I use on my systems (or endpoint security) and file security on my server. Loads to configure, runs nice and light and tends to get the best awards on av-comparatives.

    Thanks to evilsatan

    MartinC (28th April 2015) 


  4. #4
    DF MaSter OurPuma's Avatar
    Join Date
    Jun 2007
    Location
    Oxon, UK
    Posts
    87
    Thanks
    35
    Thanked:        20
    Karma Level
    166

    Default Re: Server on the Internet - firewall

    Well, normally stay clear of the MS firewall unless the traffic is staying on your LAN.

    If your going to be hosting some VM's then I would be buyiing a business class firewall/router so you can log all the traffic going in and out of your home network.

    cisco, sonicwall, watchguard etc

    2 Thanks given to OurPuma

    MartinC (28th April 2015), Over Carl (27th April 2015) 


  5. #5
    DF Super Moderator Over Carl's Avatar
    Join Date
    Apr 2006
    Location
    London
    Posts
    13,197
    Thanks
    4,344
    Thanked:        1,779
    Karma Level
    1321

    Default Re: Server on the Internet - firewall

    Whilst I kinda agree with that approach (if you are doing things properly it's worth considering both the server and network edges as different places with different firewall requirements.

    However if logging is the only requirement you could use virtually any old pile of crap reporting to a syslog server.

    Tbh there's nothing really wrong with the MS product if you also have a decent firewall on your router. The makes mentioned about are considered safe bets.


    You also then get options to roll you own from by getting an old machine with 2 nics and loading one of the various free *nix router dvds. My favourite is pfSense and I know we also have a few smoothwall enthusiasts. These devices are more just serious firewalls than complete IDS systems (although you can add various free packages to pfSense to gain UTM functionality.

    I also used untangle a bit - this was more of a IDS than a firewall. It lacks some of the fine configuration options as my suspicion is that it is primarily aimed at smaller IT teams with massive amounts experience as required to setup and maintain something more complicated, but the lack of config options and their tardy approach to new vuleranbilities (coupled with the forums which consist of a few untangle staff and 2 diehards insisting for every single thing that their approach is perfect and the whole of the rest of the world is wrong), eventually made me loose interest in that project which is a shame as at one point I had 2 installs with full license and had negotiations going on with 2 companies who both needed about 10 installs each with full license.

    I remember looking up something else called Vyatta which I think sits between full blown UTM and a pure firewall but it has been a while since I looked. The thing that put me off that project was that the free version was CLI only, to get GUI (even via browser) you had to pay.

    Notable mentions while on this topic, ipFire, Clark Connect, Mikrotik RouterBoard (these are a bit different where you buy the case, then buy the internals, then buy your license if needed, then set it all up. They are often used by (W)ISP's in 3rd world countries.

    Thanks to Over Carl

    MartinC (28th April 2015) 


  6. #6
    DF VIP Member MartinC's Avatar
    Join Date
    Apr 2015
    Location
    Essex
    Posts
    100
    Thanks
    54
    Thanked:        40
    Karma Level
    73

    Default Re: Server on the Internet - firewall

    What I currently have setup at the moment, is my fibre terminating on a HH5 downstairs, this provides public/dmz wifi for guests and also I plug a single PC in for doing any downloading from the internet, then I have a fairly old WD router plugged into that, which then forms the internal LAN and all my PC, Servers, TVs, hardware all around the house via structured cabling is all plugged into that subnet.

    My plan is to use my new server to lower the amount of hardware that stays on 24/7, hence why I have brought a custom PC with high spec and lots of disk space, it also has 2 NICs, I have created a VM on the server, and hang it off the second NIC, which plugs into the public/DMZ subnet, and then the main NIC plugs into the LAN subnet behind the WD.

    The VM on the DMZ will do all the download and can not access anything on the LAN, everything on the LAN can connect to the DMZ for moving download items off.

    If I choose to host anything like plex or websites I will just create another VM and hang it off the 2nd NIC, for anything local only including the server it self, will just go though the first NIC.

    This should provide suitable protection, but as always I like to be sure and which is why I was wondering what additional firewalls to use where, on the individual VM's and on the Server it self.

    Also replacing the WD router is a possibility to, as I have had it long time and I might change it.

  7. #7
    DF PlaYa AP0ll0UK's Avatar
    Join Date
    Jul 2006
    Location
    Area 51
    Posts
    766
    Thanks
    65
    Thanked:        135
    Karma Level
    222

    Default Re: Server on the Internet - firewall

    I've got a similar server setup whereby the machine is carved up into multiple VMs all hanging off of one NIC [eth1] [that is diconnected], then I have a pfSense vm which bridges eth1 to eth0. eth0 has a TP-Link RJ45 to WiFi adapter connected. The pfSense vm runs on next nothing and doesn't take long to setup.

    I don't have any DMZ / Dirty Vlan but this is likely to change when I replace my shitty Superhub 2 with a custom built firewall / router - search Fleabay for the Alix 2D2 which one device I'm currently looking at for this.

    The Superhub like a lot of home firewall / router solutions is under spec'd, buggy, has built in antenna's and just isn't configurable enough for my liking. I'd also like more detail about how different devices on my network use data and I'd like automate reports on this. Plus as the Lizard shenanigans showed us at the backend of last year, flakey / buggy router firmware can be all it takes for your network to become compromised and used as part of a targeted attack or give someone an easy backdoor.

    The router replacement is going to be a step in the right direction to rationalise my own network and reduce the number of devices, reduce power consumption, shore up defences and future proof things a little. I'll be happy enough with a fully configurable pfSense firewall, my VM server and media server running Linux based firewalls, and the few Windows devices I have running the Windows Firewall. I run Avast and Malwarebytes on the Windows devices and some of the mobiles, plus pfSense will also do AV scanning.

Similar Threads

  1. Windows Server 2012 Firewall
    By Basset in forum PC Software
    Replies: 3
    Last Post: 11th February 2014, 11:11 AM
  2. sharing internet from server question
    By cozzy in forum Internet Connections & VPNs
    Replies: 5
    Last Post: 25th October 2013, 06:36 PM
  3. What is the best firewall/internet security?
    By theodotcom in forum PC Software
    Replies: 12
    Last Post: 24th December 2005, 02:09 AM
  4. Internet Access/Firewall
    By wacky1 in forum Internet Connections & VPNs
    Replies: 0
    Last Post: 3rd June 2004, 05:07 PM
  5. IPv6 Internet Connection Firewall (IPv6 ICF). Should this be installed?
    By GETanner in forum Internet Connections & VPNs
    Replies: 2
    Last Post: 24th July 2003, 11:57 PM

Social Networking Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •