Removing a server from the internet

platypus · 3 Jan 2013 at 13:43

I want to lock down a server and remove any internet access to it, whilst maintaining lan access. Is it easiest to do this on the router (eg blacklist its mac address)?

#Chri5# · 3 Jan 2013 at 13:59

What router?

platypus · 3 Jan 2013 at 14:07

Asus Rt56-nu.

tribz · 3 Jan 2013 at 14:40

Assuming your not forwarding ports to it from the router, just remove its gateway IP address on the server.

platypus · 3 Jan 2013 at 15:00

tribz said:
Assuming your not forwarding ports to it from the router, just remove its gateway IP address on the server.

I'm allocating the IP addresses by mac reservation, and setting the ip dynamically on the server so it picks up its gateway automatically.

matthab · 3 Jan 2013 at 16:50

This does depend if you want to block inbound or outbound.

Adjust the firewall rules on the server and by default your router shouldn't allow inbound connections. Id just put a block on the router saying block the IP from making outbound connections.

platypus · 3 Jan 2013 at 19:28

matthab said:
This does depend if you want to block inbound or outbound.

Adjust the firewall rules on the server and by default your router shouldn't allow inbound connections. Id just put a block on the router saying block the IP from making outbound connections.

Both really, I want it completely isolated from the internet. I'll have a play with the firewall.

KIA · 3 Jan 2013 at 20:17

tribz said:
Assuming your not forwarding ports to it from the router, just remove its gateway IP address on the server.

This.

platypus said:
I'm allocating the IP addresses by mac reservation, and setting the ip dynamically on the server so it picks up its gateway automatically.

Give the server a static IP.

platypus · 3 Jan 2013 at 20:48

Ok I'll do that then, cheers

.

aln · 3 Jan 2013 at 21:45

Thats what a firewall is for.

platypus · 4 Jan 2013 at 07:22

KIA said:
This.

Give the server a static IP.

aln said:
Thats what a firewall is for.

Whilst both are options, which is better and why?

tribz · 4 Jan 2013 at 07:50

Removing the gateway IP address deals with the issue at the source whilst using the firewall is a block.

There is nothing wrong with doing both, in fact learning to use your firewall is a good thing but changing to a static IP minus gateway is the first starting point. If at some point you replace your router, you wont accidentally allow it back on the internet.

Avathar77 · 4 Jan 2013 at 07:58

Do you not need windows updates? (assuming it is windows based)

edscdk · 4 Jan 2013 at 08:11

Avathar77 said:
Do you not need windows updates? (assuming it is windows based)

probably a good idea, if an office PC gets a virus it may then hop onto the server using various exploits (if its not patched)

leigh_boy · 4 Jan 2013 at 08:27

i would give it a static ip address i wouldld also say its poor practise to have a server on a dynamic ip.
and then i would do as sugested dont put a gateway in.
unless its a dns server then it will need internet access.

platypus · 4 Jan 2013 at 09:32

Avathar77 said:
Do you not need windows updates? (assuming it is windows based)

I'll probably use WSUS, but yes this is a consideration.

leigh_boy said:
i would give it a static ip address i wouldld also say its poor practise to have a server on a dynamic ip.
and then i would do as sugested dont put a gateway in.
unless its a dns server then it will need internet access.

Aye I just preferred doing that, as the server isn't providing dhcp, so it's not a case that if the server goes down the routing goes down. Still, as its best practice I'll probably switch it over tonight.

leigh_boy · 4 Jan 2013 at 15:22

what is ther servers roll's??

anything I don't mind · 4 Jan 2013 at 15:49

You need to contact AL Gore first and ask for permission