I also want to add some localized special TLD domains without dots to existing internet DNS Server entries, for debugging purposes.
An example would be http://barco this would be localized tomy network and not go outside, neither the DNS entry nor the web trafdfic.
I realize now that this is not possible without some DNS server software of some sort.
I also understand that this is not possible with Dynamic DNS because it requires a service and it is internet-based and probably (?) would not work for a firewalled LAN.
the firewall appliance seems like it would be best placed
- as a replacement for the router or
- between the router's internet jack and the modem
how do I do this?
I had thought earlier that I could simply block outgoing port 80 (or was that incoming port 80?) I confused. no matter how I look at it, the TCP HTTP protocol as defined in the volumes "TCP/IP Illustrated" shows that the protocol is BIDIRECTIONAL as with all of the TCP protocols. they are request+acknowledge. in HTTP's case, you send a GET request over port 80, and you get back a response from the HTTP server which includes a status code. the response is what gives you the page (and possibly some log info). OK. given this info:
how am I possibly supposed to make a localized web within my network BEHIND the firewall appliance, if
- I have to block incoming+outgoing ports on the firewall appliance for this to work, essentially stopping all HTTP traffic
- but I want to be able to access the internet from machines within the LAN behind the router?
- the server is on one of the machines and would be listening separate NIC. I am thinking of changing the port number to something like 8080 to solve the problem.
- the ISP doesn't want server traffic coming over their wires. this is what I am trying to prevent at all costs. no noise.
- I would like to also provide localized FTP Client+Server access as well over this network. but I do not know how to exactly block the ports. I am thinking of changing the port numbers to do this. what alternate port ranges are available for FTP and FTPS?
- I still want to use FTP clients over the internet so I can download programs/files or upload my sites, via the machines in the LAN behind the router.
I think I am coming toward a solution but I could use some help fleshing it out.
so I would need to
- block incoming and outgoing port 8080
- block incoming port 80, hoping this doesn't block some sort of device like TV or blu-ray player or phone or magic jack or skype?
- block incoming and outgoing new version of port 20-21 and 990-991 (whatever they are supposed to be)
- block incoming port 21 (or is it 20)? don't want anybody getting in
the firewall on modern routers isn't very good. can't really block incoming+outgoing ports like you can with a firewall appliance.
unfortunately, the firewall appliance doesn't have a very high speed. the internet will be going faster than these things do. that needs to change. the average is 25Mbps. I think that's aiming for the bare minimum. there should be a blazer of a proc in there. hmmm - phones might be more powerful. :-/