Can you make a server connects 2 x WAN router NOT on the internet?

Discussion in 'Networking & Security' started by Happy Hopping, Jun 20, 2015.

  1. Happy Hopping

    Happy Hopping [H]ardness Supreme

    Messages:
    6,602
    Joined:
    Jul 1, 2004
    say I have a Cisco RV series router, that c/w 2 x WAN. Can I connect the server to 1 of the WAN, have the internet cable modem connects to the other WAN, and let the users access the server and users going to the internet, and yet prevent people outside to access to the server?

    In other words, is there a way to block all traffic on a router level on the server?

    the server is a file back up server, they want people to drag and drop files to the server for backup, but they don't want hacker to go thru the internet to the server

    anyone?
     
  2. Zepher

    Zepher [H]ipster Replacement

    Messages:
    16,890
    Joined:
    Sep 29, 2001
    Well, the only way to keep a hacker out is to not be on the internet at all.
    Let's say you isolate that backup server so the hacker can't get directly to it, all he would have to do is hack one of the client machines and then he can access the backup server.
     
  3. Happy Hopping

    Happy Hopping [H]ardness Supreme

    Messages:
    6,602
    Joined:
    Jul 1, 2004
    No, the client PC are turn off after 4 pm, they are trying to prevent as much as possible, from 4 pm to 8 am the next morning

    How do I isolate that backup server?
     
  4. Eulogy

    Eulogy 2[H]4U

    Messages:
    2,190
    Joined:
    Nov 9, 2005
    Why are you connecting the file server to the WAN?

    If the server is just hitting a router, then the WAN without a UTM or firewall, you're just begging to be hacked.
     
  5. Happy Hopping

    Happy Hopping [H]ardness Supreme

    Messages:
    6,602
    Joined:
    Jul 1, 2004
    then what you do to make it off from the internet?

    I thought the WAN is protected by the firewall w/i the router box
     
  6. Eickst

    Eickst [H]ard|Gawd

    Messages:
    1,865
    Joined:
    Aug 24, 2005
    The two wan ports are for two separate internet connections. Not for internal computers/devices. It's meant for load balancing or continuity if one of your ISPs is down.

    The RV series has firewall and vpn features built in. Not sure how thorough they are but I do believe Cisco offers subscription stuff for them depending on the model.

    *also, turning your PCs off at night to prevent being hacked is one of the worst security myths out there. If anything it makes you more likely to be hacked since you aren't applying updates on a regular basis at night when users are away. How many users are going to install updates at 8:01am after their pc turns on and they have a report to finish?
     
  7. /usr/sbin

    /usr/sbin Successfully Trolled by Megalith

    Messages:
    3,927
    Joined:
    Jul 18, 2010
    if you don't want the server publicly accessible why not just drop all packets that come from outside you LAN scope? Also, if you are using NAT and nothing is forwarded no one will be able to reach the server from the WAN anyways.
     
  8. sethiano

    sethiano Limp Gawd

    Messages:
    188
    Joined:
    Jul 3, 2014
    ^ this
     
  9. Happy Hopping

    Happy Hopping [H]ardness Supreme

    Messages:
    6,602
    Joined:
    Jul 1, 2004
    Naturally they are using NAT. I'll try your trick and see how it goes, thanks