Announcement

Collapse
No announcement yet.

Home network visibility problem

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Home network visibility problem

    I've set up a my server recently LINK and managed to hook it up to my home network, although I wanted to be more secure and did the following (I'm gonna ask one thing afterwards):

    One room, 2 high performance PCs (Win7 Ultimate x64 & XP SP2 x86) , 1 entry level server (XP SP2 x86), 1 router with Internet access. All computers have 2 NICs, where the PCs have the first LAN port connected with the router for the Internet and the second LAN connection goes to the server, which has 2 NIC as mentioned above, for data storage access. All computers belong under one group : WORKGRUP by default. The PCs have a manual input of IPs for the connection with the server and thus the server has the IP input as well.

    The initial purpose of not hooking up the server directly to the router, thus eliminating the additional usage of cabling and having direct connection to the outside world for purposes of remote accessibility anytime and anywhere was forged by these rules: 1. Security & Integrity (NO internet access for various reasons, NO LAN access for anyone except those 2 computers for reasons of sustaining the array at the top shape & security reasons), 2. Redundantly Protected Remote Accessibility (Established remote accessibility through Logmein to both PCs, which have enabled Remote Desktop Access by the OS to the server - redundant firewall usage). 3. Sufficient Performance Utilization (Not sharing one single connection for two PC since the server has only 100Mbit NICs, thus preferring two separate 12MB/s connections for each machine - lesser pain).

    This is just a brief description of the whole setup and it works great! And here comes the question: First I thought when I use the same workgroup names for every machine I physically interconnect, I would see them on the LAN. Yes, I see every machine ONLY from the 2 PCs, not from the server or any other outside computer, notebooks for instance - How do I enable seeing the files on my server through the two PCs for outside devices, meaning laptops and other computers? I suppose it has to do with the Internet connectivity sharing withing the windows network settings, could you guys give some advice? Can't reach my PCs for now, so I wasn't able to figure it out myself yet.
    Last edited by Shodan486; 07-14-2011, 03:36 PM.
    Mobo: MSI K8N Master2-FAR CPU: 2x Opteron 265 OC'd @ 2,25GHz RAM: 2x2GB Crucial DDR400 CL3 ECC/Buff. (ECC OFF), VGA: ASUS HD6950 2GB Reference edition FLASHED TO HD6970 HDD: 80GB ATA133 Seagate ,OnBoard: 2xGLAN, 8-Ch. Realtek audio, USB2.0/Firewire, PCIe Physx card PSU: 850W Corsair AX Case: Cooler Master HAF932 + NZXT 5 Fan Controller.

    #2
    Re: Home network visibility problem

    you got it setup in a weird way for the intention of security.

    You need enable filesharing on the server, second you would need to bridge connections or enable ICS on the PC's which defeats your dual cabling security setup to each PC but this would allow notebooks and other pc's on the lan access to your server.

    Frankly what I would have done was drop a gigabit nic or aggregate the two 100mbit nics in the server, then go to the router and block everything for the ip of your server therefore it's secure from the outside but allows people on your lan access. Then to tighten it up more, I would setup it so it requires authentication to access the shares.

    A second way of doing it would be setup a vpn and not allow any lan access on the server but only those who connect via the vpn.

    Windows Xp is not a good server platform, Even though you can make it work like one, it will eventually slow down over time. Use Linux like CentOS/Redhat or Ubuntu Server or Windows server 03/08.

    If you had linux you could of setup samba and done share=user then done a simple hash pass setup, then block the ip from the router. Then you could of use putty to log into the server through the RDP access of your PC's.

    There's so many ways this could be done.

    HTH
    ~Mp

    Comment


      #3
      Re: Home network visibility problem

      Might have misunderstood you completely here but the main problem is that only the win7 machine see all, and the others dont? If that is the case you might want to look into a WINS server to help out with discovery. Also there is a setting on win7 and vista to force it to old mode of netbios/netbeui if thats what you want to use. That might also help out a bit to see the machines.

      Comment


        #4
        Re: Home network visibility problem

        Sounds like your wasting alot of time trying to secure a network way beyond what is called for unless you have alot of information you could be liable for if someone gets to it.
        Nothing wrong with taking caution on a home network but going overboard is a waste of time. Who hires 20 bodyguards to follow them to the bank with a $200 deposit. In the end no matter what you do if someone wants in they will get in.

        Comment


          #5
          Re: Home network visibility problem

          Originally posted by brethin View Post
          Sounds like your wasting alot of time trying to secure a network way beyond what is called for unless you have alot of information you could be liable for if someone gets to it.
          Nothing wrong with taking caution on a home network but going overboard is a waste of time. Who hires 20 bodyguards to follow them to the bank with a $200 deposit. In the end no matter what you do if someone wants in they will get in.
          I agree with this statement.

          Comment


            #6
            Re: Home network visibility problem

            I do understand you Brethin (and seemingly others too) I may have passed the line here a bit with the setup, but I really can't say it was a waste of time by plugging extra 2 cables . There must be a new level of laziness over here I do not know, please enlighten me ...

            Okay, back to the topic. Yes, I knew it had to do with the ICS bridging, did it a long time ago at one LAN party I went to trying to provide Internet connection for guys in which I succeeded, but as I said, logn time ago.

            Diggie - No, the ''high performance'' PCs which are interconnected via the router and have separate connection to the server, it doesn't have to do anything with the OS (I have an old 486 with win95 on it plugged into the router, I can easily see it from Win7). Anyways the problem still resides in the bridge setup to the Internet as mentioned above and by Mad Professor, so I'll set it up in a jiffy when I arrive back home.

            And when speaking of Mad Professor, you state a very interesting proposal - to ''aggregate'' both NICs to the router. So I get it like I connect both cables from the server to the router, somehow acquiring double speed? This also raises one more question in my mind, but i'm gonna embarrass myself - When I have a 100Mbit NIC full-duplexed, does it mean that I have simultaneous 12MB/s for both directions, up and down, thus having total of 24MB/s at the same time?

            Just to summarize why such a ''weird'' setup as proclaimed - Let's say here in Slovakia we can do anything on the internet, download whatever stuff without any possible threat from the authorities due the lack of presence of effective digital copyright. These times eventually will have to go, it's just a matter of time when even us, pure peasants, will have some restrictions / prosecution and stuff that happens out there in the US and western Europe. I'm just getting ready for it, downloading anything that comes into my mind that I really want and get it and of course I want some security. The ''weird'' interconnection I made gives me redundant firewall protection which could not be acheived in a different setup which I am now testing with my little popping trojan I have acquired that is very proactive and it always gets the attention of the security software I use, no matter which one - I just want to have the utmost probability of unsuccessful hack / virus attempts in my network, so that's why I might have crossed some line here . Of course I approve and agree with the VPN solution and IP filtering through my router, but I could extend my options and so I did. I really prefer controlling the server via one of my PCs from the outside world, security (n+1) feeling.
            Mobo: MSI K8N Master2-FAR CPU: 2x Opteron 265 OC'd @ 2,25GHz RAM: 2x2GB Crucial DDR400 CL3 ECC/Buff. (ECC OFF), VGA: ASUS HD6950 2GB Reference edition FLASHED TO HD6970 HDD: 80GB ATA133 Seagate ,OnBoard: 2xGLAN, 8-Ch. Realtek audio, USB2.0/Firewire, PCIe Physx card PSU: 850W Corsair AX Case: Cooler Master HAF932 + NZXT 5 Fan Controller.

            Comment


              #7
              Re: Home network visibility problem

              Sorry Digge for that error up in there.
              Mobo: MSI K8N Master2-FAR CPU: 2x Opteron 265 OC'd @ 2,25GHz RAM: 2x2GB Crucial DDR400 CL3 ECC/Buff. (ECC OFF), VGA: ASUS HD6950 2GB Reference edition FLASHED TO HD6970 HDD: 80GB ATA133 Seagate ,OnBoard: 2xGLAN, 8-Ch. Realtek audio, USB2.0/Firewire, PCIe Physx card PSU: 850W Corsair AX Case: Cooler Master HAF932 + NZXT 5 Fan Controller.

              Comment


                #8
                Re: Home network visibility problem

                http://en.wikipedia.org/wiki/Link_aggregation or known as port trunking

                You have 2x 10/100 full duplex = 400Mbits total.
                200 up and 200 down or 24MB up and 24MB down. The clients or your high performance PCs will only do 12 up and down unless you aggregate the links on them as well. The purpose of the aggregated link is to give you more bandwidth without upgrading to gigabit. This allows you to handle more machines. So if you had two computer that only had one 10/100 nics and the server had two that were bonded you could handle both machines simultaneously.

                If you have a switch or a router and have an Operating system and NICs that supports ethernet bonding. Then you can aggregate the links. Typical residential routers will not have this, business to enterprise will though. You can probably find a switch for cheap, then use an old pc and install pfsense or endian firewall or something of that nature.

                If you find a switch be sure it supports both link aggregation/port trunking and vlans, both will be very useful.

                As for your weird setup, having two machines connected directly to the server using ICS doubles the risk of a breach or infection. If one computer is compromised then they are all compromised. A simple worm can destroy the three machines easily.

                A better way is to have it sit behind a router/firewall and block everything from wan side to server. Aggregate the links for double bandwidth to handle machines on your LAN. Use a Linux Operating System, then install AVG linux or CLAM A/V and set a rule in iptables to deny all and allow only your ip subnet or just put IPs of computers you trust.

                Then if you want to remote into the server from where-ever you are. Just RDP to one of your high performance PC's then from there RDP or putty again to the server. Simple as that.

                Then if you want access to your shares over the internet, use a vpn or hamachi and allow only those ports via the server firewall and router firewall. Then setup a web or ftp but don't open the web/ftp ports on the router firewall. This way you can easily access it using the vpn or hamachi server IP. But then this will allow you to RDP or putty to the server as well, but only if you first connect to the vpn or hamachi first, eliminating the middle man but still secure.

                As brethin said if someone truly wants in, they will find a way, usually exploiting human errors or code.

                Comment

                Working...
                X