firewall Spyware removal internet speed test web security service free software and tips


Go Back   Web Security > Internet Security > Computer Security
Reload this Page WinSvr2k3 as NAT Router & VPN Gateway, iy my config secure?
FAQ Members List Search Today's Posts Mark Forums Read

Computer Security Covers issues surrounding security such as firewalls, intrusion detection systems, badware, browser security and more.

Advertisements

WinSvr2k3 as NAT Router & VPN Gateway, iy my config secure?

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 03-16-2008,
Junior Member
  
Join Date: Mar 2008
Posts: 2
Default WinSvr2k3 as NAT Router & VPN Gateway, iy my config secure?
Hi,
I run a windows server 2003 as NAT router for a PPPoE Internet connection, and as a VPN gateway to access my home LAN over the Internet from PC's on my university.

My LAN setup is quite extraordinary, I have a Hardware Router+4port Switch+WLAN accesspoint+DSL Modem in one device (zyxel p600) that is the property of my ISP and can not be configured by me.
The device is configured as a Bridge it provides DHCP and DNS, and appears by default as the standard gateway, however it does not provide any routing capabilities, any PC that want to access the Internet have to establish a PPPoE connection (Up to 5 simultaneous connections are allowed, every one with a different Dynamically assigned Extern IP address).
Since I use 4 of the 5 Connections for VM's that require different extern IP's, I have only one connection left for regular Internet usage, so I have setup a routing server (on witch also the VM's are running).

The PC that acts as a router have only one physical NIC and is connected to the p600 over LAN and uses a PPPoE connection to access the Internet, a secondary PC (the one I'm usually working on) is also connected directly, the rest 4 other connects over the WLAN.

I head some troubles setting this up,
1st. was that that the "Routing & RAS" wizard does not allow a NAT&VPN config with only one NIC, though NAT with PPPoE only or VPN only works ok,
To get it to work I head to setup NAT&VPN giving it a virtual NIC as the one for the web during the setup process, than after it I head to manually replace in the config with a PPPoE dial in connection as seen in the NAT only config.
2nd. was that the P600 is by default set up as the standard gateway, and I head to set the server IP manualy as the standard gateway on the PC's.
3rd. VPN clients couldn't resolve the names of PC's inside the LAN (excepted the server itself) to bypass this I head to setup an DNS and enter the server IP manually in the properties of the VPN connection on the remote PC, as well as setting up the host names to point to curtain LAN IP's.

Due to the 1st and 2nd problem (the 3rd appeared when all was almost done and was easy to solve) I started a thread on a network related German board I know, but instead of help in setting up my desired config i get advices to buy extra hardware or a old PC to run as HW Firewall (IPCop), or comments that the config would be tremendously insecure and even some that it could never work with only one NIC in the server and so on.
Since obviously some if this comments about the feasibility ware plain wrong (my setup works just fine after applying 2 small tricks), I presume the comments about the security deficits are most likely also incorrect, since I can activate in the "Routing & RAS" settings a Firewall for the PPPoE connection and a on line port scan does not revealed any open ports excepted the exceptions I added manually to the FW or set up as forwarded to a PC inside the LAN (VNC for my workstation for example or PPPtP on the server). But since the board have quite a good reputation, at least in Austria, I wanted to consult my setup for its security some ware else, and this board looked just right.

So what is your expert opinion on my setup is it secure? Are there any problems that may bring trouble?

Kind regards
Owen Burnett
Reply With Quote
  #2 (permalink)  
Old 03-21-2008,
AMPC's Avatar
Administrator
  
Join Date: Jan 2007
Posts: 1,415
Default Nessus and security configurations
Hi Owen,

That is some setup you have there

I have not played with RAS for many years now but when I did, I had a similar issue with ISA about having only one nic and did something with setting up the Microsoft loopback NIC (something like that (perhaps same as your virtual nic?)). Once this was installed (it comes with the OS), then everything seemed to work fine. I apologize I don’t remember it all.

On your third option, could you modify the lmhosts / hosts file instead?

I wish I could be of more help to you, but it sounds like you have it all though out.

One thing I would do to test my security is download Nessus and make sure your setup is really secure. Professional security consulting companies simply use Nessus to perform the audits and re-label the reports. The software is free and the very best on the internet today.

Best regards,

Jim.
Reply With Quote
  #3 (permalink)  
Old 03-21-2008,
Junior Member
  
Join Date: Mar 2008
Posts: 2
Default
Hi Jim,

So my setup does not have any obvious security problems, tats good to hear,
because of only one NIC or similar.

I'll try Nessus tomorrow, to look for the less obvious ones.

as about the name resolving issue I thing I'll stick to the DNS server, it's easyer to maintain than a hosts file on every PC I use on the university.

Kind regards,
Owen.
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


All times are GMT -5. The time now is .

Audit My PC - Sitemap - Top

Powered by a CPU
vBulletin® v3.8.4, Copyright ©2000-2009, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.3.2 © 2009, Crawlability, Inc.