my profile | my password | search | faq & rules | forum home

» Film-Tech Forum ARCHIVE   » Community   » Film-Yak   » Whats the best way to setup a firewall and software for a "home server"?

Author Topic: Whats the best way to setup a firewall and software for a "home server"? Mark Gulbrandsen Resident Trollmaster Posts: 16657 From: Music City Registered: Jun 99 posted 02-10-2008 11:02 AM                     I'm just about finished setting up my home server and need to know what would be the best "Firewall" setup to use on it. Running "Windows 2000 Advanced Server" on the 1550 with a Powervault for storage. "Netapps" is the web based server program running. Also using the deafault port 80 for now unless there is a safer port to switch to for what ever reason... Thanks in advance for any input..... Mark  |  IP: Logged Chris Slycord Film God Posts: 2986 From: 퍼항시, 경상푹도, South Korea Registered: Mar 2007 posted 02-10-2008 12:41 PM                     Define exactly what home server means. Is it behind a router? Is the server only functioning as one for the home network itself (meaning that only trusted computers access it)? If those are both yes, then really a firewall isn't absolutely necessary. In any other case, a firewall that simply opens ports you need and closes the others would suffice.  |  IP: Logged Mark Gulbrandsen Resident Trollmaster Posts: 16657 From: Music City Registered: Jun 99 posted 02-10-2008 01:48 PM                     Yes Chris... there's a simple 8 port D-Link switch involved although I doubt it can be set up to do what I need... this is going to be a server available on the internet through my present DSL service just using the IP address of the server... as well as a home network. So both the wife and I can acccess Photo and Autocad files on the Powervault while at work. The server is a Dell 1550 running Win. 2000 Advanced Server. The Powervault is set up for two sets of Raid 5... 4 drives each. A little eleborate for a home system but the hardware was cheap! I did check with AT&T and they say I am ok to use port 80 for this purpose. Actually reading around I find that most providers block Port 80 but on my service its available. If it turns out that there are problems using Port 80 all I would have to do is go to a different available port anyway so they say. If I can get this thing safely up and running then I may go for a Domain Name Service on it but not right away... P.S. If I need a decent router to set this up properly could you make a reccomendation on one??? Thanks, Mark  |  IP: Logged Scott Norwood Film God Posts: 8146 From: Boston, MA. USA (1774.21 miles northeast of Dallas) Registered: Jun 99 posted 02-10-2008 01:54 PM                        If it's just a web server, then you need to allow port 80 tcp inbound from anywhere and ports greater than 1023 outbound tcp for established connections to anywhere. You also need to allow ICMP type "can't fragment" and you probably want to allow ICMP echo and echo reply as well as time exceededl for troubleshooting purposes. Finish with a "deny all" rule to deny all traffic not explicity permitted.  |  IP: Logged Mark Gulbrandsen Resident Trollmaster Posts: 16657 From: Music City Registered: Jun 99 posted 02-10-2008 02:01 PM                     Scott, Thats all set up in Appserve which is basically a more user friendly version of Apachie. All is loaded and running ok... have not had it on the DLS as of yet. Mark  |  IP: Logged Tim Reed Better Projection Pays Posts: 5246 From: Northampton, PA Registered: Sep 1999 posted 02-10-2008 02:24 PM                       It's prolly a mirror for Phil's Sexx Den.  |  IP: Logged Phil Hill I love my cootie bug Posts: 7595 From: Hollywood, CA USA Registered: Mar 2000 posted 02-10-2008 02:38 PM                  Oh boy! HOW the heck did I get dragged into this? HA!  |  IP: Logged Mark Gulbrandsen Resident Trollmaster Posts: 16657 From: Music City Registered: Jun 99 posted 02-10-2008 04:24 PM                     quote: Tim Reed It's prolly a mirror for Phil's Sexx Den. There's plenty of room there for it!  |  IP: Logged Robert W. Jones Film Handler Posts: 74 From: San Antonio, TX Registered: Mar 2007 posted 02-10-2008 04:37 PM                     Mark, If you have another computer laying around (doesn't have to be super fast state of the art), you can download and install Linux on it, and there is firewall software you can install to kill any ports, protocols and services you don't need (e.g. FTP, SSL, etc.). It's cheap and efficient, put behind the router or in front if you want to enable IP masking. Let your server do it's job on it's own. Rob  |  IP: Logged Brad Allen Jedi Master Film Handler Posts: 688 From: Evansville, IN, USA Registered: May 2000 posted 02-11-2008 07:08 PM                     My two cents, don't use port 80, use a non-standard port above 6000, if it's just you wanting access. Makes is a tad harder for some scripkiddie to find it.  |  IP: Logged

All times are Central (GMT -6:00)

Printer-friendly view of this topic

Hop To: Select a Forum: Category: Operations -------------------- Digital Cinema Forum Film Handlers' Forum Large Format Forum Ground Level Feature Info, Trailer Attachments & REAL Credit Offsets Category: Community -------------------- Film-Yak Film Handlers' Movie Reviews The Afterlife Bob Maar's Joke-A-Thon Category: Classified -------------------- Equipment and Supplies Wanted/For Sale Help Wanted/Seeking Employment Category: System -------------------- Software Beta Testing Forum

The Film-Tech Forums are designed for various members related to the cinema industry to express their opinions, viewpoints and testimonials on various products, services and events based upon speculation, personal knowledge and factual information through use, therefore all views represented here allow no liability upon the publishers of this web site and the owners of said views assume no liability for any ill will resulting from these postings. The posts made here are for educational as well as entertainment purposes and as such anyone viewing this portion of the website must accept these views as statements of the author of that opinion and agrees to release the authors from any and all liability.