locked
Port forwarding RRS feed

  • Question

  •  I am setting up the trail version of the WHS and am trying to foward some ports to different computers in my network.  Should this be done via the firewall setting directly or do I need to install a handler?  I saw "WHS router Control by GaMeR (WGS)" in the add-in section of downloads, can anyone recommend it?

    Thanks in advance,
    John
    John J. Hughes II
    Friday, September 19, 2008 11:51 AM

Answers

  • Hi John,
    first using WHS as router and for Internet Connection Sharing is not supported.
    I also do not think, that using a Windows PC as router is a good idea. So each attack based on exploits of Windows bugs hammers directly on the last door, while a router gives an additional wall between the bad guys out in the Internet and your server. The risk is not worth to save the bucks for a DSL router usually.

    If you use your WHS as router anyway, you will need a second network adapter, since the first is connected to the DSL modem.
    Check the following KB article:
    http://support.microsoft.com/kb/324286
    "How To Set Up Internet Connection Sharing in Windows Server 2003"

    Routing and RAS is a feature included in Windows Server 2003, but I think that invoking the service would be against the EULA (which I don't have in my hands just now).
    Best greetings from Germany
    Olaf
    Friday, September 19, 2008 1:28 PM
    Moderator
  • [quote]I am worried about computer to computer.  If I use the 100Mb/s router instead of the switch then I lose my 1Gb/s connections.[/quote] I didn't suggest that you do that.  Rather, I suggested that you leave the clients connected to the switch.
    [quote]when I said router to router I was asking if I should hook the router to the switch.[/quote] Yes.
    [quote]I will look at the modems you suggest.[/quote] Those were routers, not modems.  ;)
    [quote]If as you diagram shows I can hook the modem to the switch then I really don't need a router in the modem.] Sorry, bad diagram.  You can't connect a switch to a simple modem.  Modem/router (AKA gateway), yes.  Otherwise, a router must be in between the modem and switch.

    Better diagram:

    ______internet_____
                     |
    ______modem______
                     |
    ______Router_______
               |          |
    ___clients___switch___
                               |
    ____________clients____
    -Chris
    Tuesday, October 28, 2008 12:11 PM

All replies

  • Hi John,
    port forwarding is usually done in the router itself. So check it's manual or help files for detailed guide.
    Since you don't tell us much about your network (i.e. how are you connected to the Internet) there is not much more we can tell you.

    Best greetings from Germany
    Olaf
    Friday, September 19, 2008 12:18 PM
    Moderator
  • I am using the WHS as a router so no using the router won't work.  I have been using an old computer for this and would like to replace it with something that is more useful, I hope.

    Internet <-> cable modem <-> WHS <->  5 computers

    Thanks,
    John
    John J. Hughes II
    Friday, September 19, 2008 12:28 PM
  • Hi John,
    first using WHS as router and for Internet Connection Sharing is not supported.
    I also do not think, that using a Windows PC as router is a good idea. So each attack based on exploits of Windows bugs hammers directly on the last door, while a router gives an additional wall between the bad guys out in the Internet and your server. The risk is not worth to save the bucks for a DSL router usually.

    If you use your WHS as router anyway, you will need a second network adapter, since the first is connected to the DSL modem.
    Check the following KB article:
    http://support.microsoft.com/kb/324286
    "How To Set Up Internet Connection Sharing in Windows Server 2003"

    Routing and RAS is a feature included in Windows Server 2003, but I think that invoking the service would be against the EULA (which I don't have in my hands just now).
    Best greetings from Germany
    Olaf
    Friday, September 19, 2008 1:28 PM
    Moderator
  • Using RRAS is, as Olaf speculates, a technical violation of the EULA, which prohibits activating server roles not provisioned by Microsoft.

    It's also a bad idea for all the reasons that Olaf mentions, and one he didn't. Most routers have a switch built in (admittedly usually no more than 4 ports on consumer equipment), and sometimes a wireless access point as well; using a PC as your router means that you will need separate hardware for those functions.

    I'm not on the WHS team, I just post a lot. :)
    Friday, September 19, 2008 5:22 PM
    Moderator
  • Well yes my current computer which is acting as a router has two network cards in it and so I assume the WHS computer will also.  I normally use the router NAT function in other cases but I was concerned about turning it on in WHS.  I know based on some of the other data that WHS does use the windows firewall, there is some comments about if you muck with you have to reset the allowed ports.  I was just thinking of using that for to do the port forwarding which will work but I was concerned again about it mucking up some built in WHS function.  As I said in my first post I get the impression there is a add in for doing this from the control, was sort of wondering if anybody else had tried it.

    As far as using my cable mode as a router, it does not support any useful functions and I don't want to hook it to my internal switch for obvisous reasons.  The computer I currently use has the firewall installed so it more or less allows me free access on the switch side due to the dual network connection.

    Basically a more detailed account of the current set up would be:

    internet <-> (net 1 computer net 2) <-> switch <-> 5 other compters

    Personally I have found I have more control using Windows as the router then a router and am still not seeing why buying a router to do this would be a better solution.

    Regards,
    John
    John J. Hughes II
    Friday, September 19, 2008 11:58 PM
  • You don't want to do this for reasons of security, mostly. An inexpensive single purpose router is enormously more secure than a Windows server used as your Internet gateway. And since you're likely to have personal information on that server (it is Windows Home Server, after all, so it's a central repository for your digital "stuff" by design) that information is going to be at greater risk.
    I'm not on the WHS team, I just post a lot. :)
    Saturday, September 20, 2008 2:26 PM
    Moderator
  • So let me see here if I put a router and direct the needed ports to the server it is somehow more secure then if I hook the server directly to the internet.  I would hope that with the latest version of Win2K3 which WHS sits on any port not used would be closed (secure by design).  The other ports are exposed either way so equal.

    Also if I use the router method my whole network is exposed via the router rather then just the WHS.  Whereas my WHS has personal information I would think it would be easier to secure one point then six point using the router method.  Especally when some of the other people using the computers in my house hold are rather young.

    And further more where MS releases updates on a regular basics I have not noticed that the router people are so forthcoming if they release updates at all.  Mostly the just expect you to purchase a new one.  Basically I don't trust the router to be secure.

    As a personal opinion I would have to disagree :) but then I might be misunderstanding something here.

    But thanks for the advice.

    Regard,
    John
    John J. Hughes II
    Saturday, September 20, 2008 2:53 PM
  • John J. Hughes II said:

    So let me see here if I put a router and direct the needed ports to the server it is somehow more secure then if I hook the server directly to the internet.  I would hope that with the latest version of Win2K3 which WHS sits on any port not used would be closed (secure by design).  The other ports are exposed either way so equal.

    Also if I use the router method my whole network is exposed via the router rather then just the WHS.

    Not true.  The only piece of equipment that would be exposed is WHS because you would forward only the 3 necessary ports, and only to the server.

    John J. Hughes II said:

    Whereas my WHS has personal information I would think it would be easier to secure one point then six point using the router method.  Especally when some of the other people using the computers in my house hold are rather young.

    All the more reason to use a router.

    John J. Hughes II said:

    And further more where MS releases updates on a regular basics I have not noticed that the router people are so forthcoming if they release updates at all.  Mostly the just expect you to purchase a new one.  Basically I don't trust the router to be secure.

    Uhhh, why do you think MS releases updates every month?  Because of the numerous security holes there are in the OS (and believe me, they will NEVER find/patch all of them).  The reason there are no security updates on the router is because it's hardware and there are no holes to be patched.  It's more secure by design.

    John J. Hughes II said:

    As a personal opinion I would have to disagree :) but then I might be misunderstanding something here.

    But thanks for the advice.

    Regard,
    John


    John J. Hughes II



    Saturday, September 20, 2008 4:42 PM
    Moderator
  • John J. Hughes II said:
    And further more where MS releases updates on a regular basics I have not noticed that the router people are so forthcoming if they release updates at all.  Mostly the just expect you to purchase a new one.  Basically I don't trust the router to be secure.

    Routers are also getting firmware updates, at least those from well known brands. Some can be set to update themself automatically, on others you have to download and apply the updates yourself.
    But the main benefit of a router is - it is a different system than Windows. So the most Windows targeted exploits from the network do not work on the router with a different operating system.
    And even if a router is taken over by a hacker, he is still not on your PCs (if they have the firewall on) and the operating system on the router is limited in its capabilities.
    So - as with every Internet connection - the connection with a router between cannot give you 100% security, but it is much more secure than the direct connection to the Internet. (Imagine the firewall service on your Windows PC crashing or temporary disabled by a mistake - and your security is gone.) With a router you have 2 walls in this case.
    Best greetings from Germany
    Olaf
    Saturday, September 20, 2008 8:47 PM
    Moderator
  • ok, so assuming that I decide to go the router route...  how do I get there from here?

    At the moment I have half dozen computers hooked to a 1Gbit power connect router which can be switched to managed mode but does not have firewall or port forwarding and can't directly connect to the cable modem.  The cable modem seems to have the option to connect to upto 32 computer per the directions but does not seem to have firewall in it and the cable company has to enable that feature.  Currently I use a computer to route the data which will be removed in your suggestion.

    Ok so mostly from what I have seen of cable modem with routers the routers are only 10/100 which is too slow for what I am doing.

    Would I get a cable modem and hook it to the current router and then use port forwarding?  Does it need a router, basically hook router to router?

    Suggestion of a cable modem that does this would be helpful.  I know how it should work and can more then likely set it up but finding a cable modem that supports the functions I need seems to be more of a problem.

    Regards,
    John
    John J. Hughes II
    Tuesday, October 28, 2008 1:01 AM
  • I'll start with your speed concern:
    Assuming that you leave all of your machines connected to the switch (and, why wouldn't you?),  a 'lowly' 10/100 router will not slow your internet connection down one bit (assuming that you don't buy total ____. ;) )
    Reason:  your internet connection likely doesn't even hit 10Mb/s down.  The client machines will continue to happily talk to each other over their existing 1Gb/s connection.

    Do you also need / want wireless capabilities?  If so, the tried-and-true Linksys WRT54G (better:  'GL version) gets the job done, and for a nice price.
    If you absolutely must have Gigabit LAN ports on it, the D-Link DIR-655 is a fine piece of hardware.  More expensive, yes.  But, nice.

    Setup goes like this:
    internet > modem > router > switch > clients
    ............................................> clients

    If you need (or want) more control over the network than is possible with most consumer-level routers (but, don't want to pay enterprise-level prices), and (especially) if you have some older (read: kinda obsolete) hardware laying around, then also consider putting together a Smoothwall (in place of the router.)  'Tis quite simple to set up (actually, quite a bit easier than RRAS is), is rock-solid stable, and free.

    One thing that I don't get from your last post:  you mention connecting two routers in series - why?  Only one is needed, and two can complicate setup - greatly.
    -Chris
    Tuesday, October 28, 2008 3:56 AM
  • Cuppie, No I am not worried about speed from the internet, as you say 10Mb/s is max until something improves a lot.

    I am worried about computer to computer.  If I use the 100Mb/s router instead of the switch then I lose my 1Gb/s connections.

    I may have mis-spoke, when I said router to router I was asking if I should hook the router to the switch.  If as you diagram shows I can hook the modem to the switch then I really don't need a router in the modem.  What I basicaly need is firewall and port forwarding and it needs to be conectable to the switch or have a 1Gb/s router/switch in it.

    I will look at the modems you suggest.

    Regards,
    John
    John J. Hughes II
    Tuesday, October 28, 2008 11:02 AM
  • [quote]I am worried about computer to computer.  If I use the 100Mb/s router instead of the switch then I lose my 1Gb/s connections.[/quote] I didn't suggest that you do that.  Rather, I suggested that you leave the clients connected to the switch.
    [quote]when I said router to router I was asking if I should hook the router to the switch.[/quote] Yes.
    [quote]I will look at the modems you suggest.[/quote] Those were routers, not modems.  ;)
    [quote]If as you diagram shows I can hook the modem to the switch then I really don't need a router in the modem.] Sorry, bad diagram.  You can't connect a switch to a simple modem.  Modem/router (AKA gateway), yes.  Otherwise, a router must be in between the modem and switch.

    Better diagram:

    ______internet_____
                     |
    ______modem______
                     |
    ______Router_______
               |          |
    ___clients___switch___
                               |
    ____________clients____
    -Chris
    Tuesday, October 28, 2008 12:11 PM
  • Thanks Cuppie
    John J. Hughes II
    Tuesday, October 28, 2008 12:28 PM