getting a firewall appliance and port blocking? corralling

Problems with the Windows version of XAMPP, questions, comments, and anything related.

getting a firewall appliance and port blocking? corralling

Postby jmichae3 » 21. March 2013 09:27

I want to corral (localize) my web server traffic within my router.
I also want to add some localized special TLD domains without dots to existing internet DNS Server entries, for debugging purposes.
An example would be http://barco this would be localized tomy network and not go outside, neither the DNS entry nor the web trafdfic.
I realize now that this is not possible without some DNS server software of some sort.
I also understand that this is not possible with Dynamic DNS because it requires a service and it is internet-based and probably (?) would not work for a firewalled LAN.

the firewall appliance seems like it would be best placed
  • as a replacement for the router or
  • between the router's internet jack and the modem

how do I do this?
I had thought earlier that I could simply block outgoing port 80 (or was that incoming port 80?) I confused. no matter how I look at it, the TCP HTTP protocol as defined in the volumes "TCP/IP Illustrated" shows that the protocol is BIDIRECTIONAL as with all of the TCP protocols. they are request+acknowledge. in HTTP's case, you send a GET request over port 80, and you get back a response from the HTTP server which includes a status code. the response is what gives you the page (and possibly some log info). OK. given this info:
how am I possibly supposed to make a localized web within my network BEHIND the firewall appliance, if
  • I have to block incoming+outgoing ports on the firewall appliance for this to work, essentially stopping all HTTP traffic
  • but I want to be able to access the internet from machines within the LAN behind the router?
  • the server is on one of the machines and would be listening separate NIC. I am thinking of changing the port number to something like 8080 to solve the problem.
  • the ISP doesn't want server traffic coming over their wires. this is what I am trying to prevent at all costs. no noise.
  • I would like to also provide localized FTP Client+Server access as well over this network. but I do not know how to exactly block the ports. I am thinking of changing the port numbers to do this. what alternate port ranges are available for FTP and FTPS?
  • I still want to use FTP clients over the internet so I can download programs/files or upload my sites, via the machines in the LAN behind the router.


I think I am coming toward a solution but I could use some help fleshing it out.
so I would need to
  • block incoming and outgoing port 8080
  • block incoming port 80, hoping this doesn't block some sort of device like TV or blu-ray player or phone or magic jack or skype?
  • block incoming and outgoing new version of port 20-21 and 990-991 (whatever they are supposed to be)
  • block incoming port 21 (or is it 20)? don't want anybody getting in

the firewall on modern routers isn't very good. can't really block incoming+outgoing ports like you can with a firewall appliance.

unfortunately, the firewall appliance doesn't have a very high speed. the internet will be going faster than these things do. that needs to change. the average is 25Mbps. I think that's aiming for the bare minimum. there should be a blazer of a proc in there. hmmm - phones might be more powerful. :-/
-------------------------
Jim Michaels
jmichae3
 
Posts: 39
Joined: 12. November 2007 09:41
XAMPP Version: 1.8.2-3
Operating System: win7-64-sp1-ult-retail

Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 51 guests