internal ip changes
in [Network and Web]
|
Prev: Wireless in a hotel room XP - Internet Explorer asks for user name
Next: Local Area Connection Network Cable Unplugged
From: VanguardLH on 6 Jan 2010 18:22 Linea Recta wrote: > Few days ago I have been portforwarding ports 20-21 in my router for using > my FTP server. > Thought I had done the job for once and for all and everything worked fine. > Today people again couldn't get into my server. > After looking in the router setup again, it seemed that all by itself the > inernal ip of the PC had changed, so I had to portforward to another ip > again! > > Is this normal? How can I prevent this from happening? > Of course I don't want to mess around with the router setup every single > day! Don't use the dynamic IP address provided by the DHCP server in your router. Instead configure your host's TCP/IP setup to use a static IP address (and one that is outside the IP range handled by the DHCP server in your router). If your router's DHCP server manages IP addresses from 192.168.1.100-200 then use something like 192.168.1.50 for your host. Since you are now using a static IP address that remains the same and doesn't rely on any assignments by the DHCP server in your router, your host always uses that constant IP address. Then use port forwarding in your router to redirect any external connection requests on port 20-21 to the static IP or MAC address for your FTP server's host (some routers can forward based on MAC address, some only let you port forward on an IP address). So just how are you hardening the FTP server host against external attack? Did you even put it in its own subnet in a DMZ managed by the router and which doesn't let that host connect to any other subnets for your intranetwork hosts?
From: Linea Recta on 7 Jan 2010 14:16 "Lem" <lemp40(a)unknownhost> schreef in bericht news:OlnNaNyjKHA.5524(a)TK2MSFTNGP06.phx.gbl... > Linea Recta wrote: >> "Jack [MVP-Networking]" <jack(a)discussiongroup.com> schreef in bericht >> news:OMS0xmljKHA.1540(a)TK2MSFTNGP06.phx.gbl... >>> Hi >>> Some Routers have IP Reservation (aka Static DHCP). If your Router has >>> it, set the IP of the computer that runs the ftp to a reserved IP >>> status. >>> Otherwise, assign to the computer's TCP/IP an static IP that is out of >>> the DHCP Range. >>> Jack (MS, MVP-Networking). >>> >> >> >> Afraid this is very confusing stuff. :-( >> Using a Sitecom WL-174, have a "manual" but it seems to be for experts... >> I found DMZ... do I use that?? >> http://www.sitecom.com/support-product/productid/538#manuals >> >> Also, in Windows XP I have been following this >> http://www.portforward.com/networking/static-xp.htm but it disabled my >> connection altogether. So I undid the changes. >> >> >> > > Let me try. > > You want the computer that runs your FTP server to keep its local (LAN) IP > address. > > There are two ways you can do this: > 1. You can configure the router's DHCP server to always assign the same > IP address to that computer -- but not all routers can be so configured. > 2. You can configure the computer with a static IP address (which has the > effect of ignoring the router's DHCP server). > > If you pick option 2, you have to ensure that the IP address that you > choose will not conflict with an IP address that might be assigned by the > router's DHCP server to some other device on the LAN. > > With only a very quick glance at your manual, it does not appear that your > router has the capability for option 1. > > Look at section 4.2.2 of the manual. In the example shown, the router's > DHCP server is enabled (good) and configured to assign IP addresses in the > range 192.168.0.100 through 192.168.0.201 (that is, it starts with > 192.168.0.100 and will assign up to 101 addresses). Thus, configure the > the computer on which your FTP server is hosted to have a static IP > address between 192.168.0.2 and 192.168.0.99. Remember that when you > configure a static IP address, you also must supply the subnet mask (in > this case, 255.255.255.0) and the Default Gateway address (the *router's* > local IP address; in the manual's example, that would be 192.168.0.1). > > Enter "configure TCP/IP for static addressing" in Help and Support for > directions on setting a static IP address. > Thanks very much. Finally it looks that I succeeded in setting a static IP address today. I used 192.168.0.10 and everything works OK now. I hope things stay this way! -- regards, |\ /| | \/ |@rk \../ \/os
From: Linea Recta on 7 Jan 2010 14:26 "VanguardLH" <V(a)nguard.LH> schreef in bericht news:hi35ve$edo$1(a)news.albasani.net... > Linea Recta wrote: > >> Few days ago I have been portforwarding ports 20-21 in my router for >> using >> my FTP server. >> Thought I had done the job for once and for all and everything worked >> fine. >> Today people again couldn't get into my server. >> After looking in the router setup again, it seemed that all by itself the >> inernal ip of the PC had changed, so I had to portforward to another ip >> again! >> >> Is this normal? How can I prevent this from happening? >> Of course I don't want to mess around with the router setup every single >> day! > > Don't use the dynamic IP address provided by the DHCP server in your > router. > Instead configure your host's TCP/IP setup to use a static IP address (and > one that is outside the IP range handled by the DHCP server in your > router). > If your router's DHCP server manages IP addresses from 192.168.1.100-200 > then use something like 192.168.1.50 for your host. Since you are now > using > a static IP address that remains the same and doesn't rely on any > assignments by the DHCP server in your router, your host always uses that > constant IP address. > > Then use port forwarding in your router to redirect any external > connection > requests on port 20-21 to the static IP or MAC address for your FTP > server's > host (some routers can forward based on MAC address, some only let you > port > forward on an IP address). I think I have achieved that today. > > So just how are you hardening the FTP server host against external attack? That's a good question. For the time being I only have the FTP server on line incidently. > Did you even put it in its own subnet in a DMZ managed by the router and > which doesn't let that host connect to any other subnets for your > intranetwork hosts? From other users I understood not to use DMZ as it is a security hazard. Of course I'd like more advice on how to do that. I'm novice with subnets and other mysterious router options... -- regards, |\ /| | \/ |@rk \../ \/os
From: VanguardLH on 7 Jan 2010 19:50 Linea Recta wrote: > From other users I understood not to use DMZ as it is a security hazard. > Of course I'd like more advice on how to do that. I'm novice with subnets > and other mysterious router options... DMZ might mean different things to different users. It depends on the features available in your router. I used to have one where any host that was connected to the router but allocated to the DMZ meant that host (which is my host) could not connect to any of my other hosts (outside the DMZ). That meant any attack at that DMZ host couldn't result in a compromised host getting connected to my other hosts. Below is the description of the DMZ feature in my Linksys router: DMZ Host The DMZ Host setting can allow one local PC to be exposed to the Internet. If a local user wishes to use some special-purpose service such as an Internet game or video-conferencing, Enable DMZ, fill in the IP address, and click the Save Settings button. Select Disable for DMZ, deactivates this feature. When enabling this setting, the Router firewall protection of the local DMZ host will be disabled. Because you are opening the host to Internet access, the router's firewall is not applied. The host is open to external connections so you don't need to use port forwarding. Obviously this needs to be a hardened host. What I have not tested with this router's implementation of DMZ is if it will block all communications between a DMZ host and all other hosts, hubs, or switches connected to that router. For any DMZ host, I don't want it to connect to or from any other host connected to that same router. If a host in the router's DMZ wasn't isolated from all other hosts connected to that same router, I wouldn't use that router's DMZ feature. Basically you would have a local untrusted network that you don't want to let connect to any hosts in your trusted network. If the router isn't capable of effective DMZ management then I'd not bother using it (and instead use a router appliance, or gateway host with a better firewall, to manage the DMZ and non-DMZ hosts). http://en.wikipedia.org/wiki/DMZ_(computing)
From: Jack [MVP-Networking] on 7 Jan 2010 23:47 Hi The DMZ configuration save one step in the setting of a server by bypassing the need to open ports through the Router's Firewall. It take a little time to learn how to open ports. People who can Not learn, or are too lazy to, solve the need for port opening by using the DMZ. DMZ puts the computer in front of the Router's NAT Firewall. As a result the computer is connected directly to the Internet and have No protection. About port opening through a router, http://www.ezlan.net/routers1.html Jack (MS, MVP-Networking). "Linea Recta" <mccm.vos(a)abc.invalid> wrote in message news:OImqe98jKHA.3476(a)TK2MSFTNGP06.phx.gbl... > > "VanguardLH" <V(a)nguard.LH> schreef in bericht > news:hi35ve$edo$1(a)news.albasani.net... >> Linea Recta wrote: >> >>> Few days ago I have been portforwarding ports 20-21 in my router for >>> using >>> my FTP server. >>> Thought I had done the job for once and for all and everything worked >>> fine. >>> Today people again couldn't get into my server. >>> After looking in the router setup again, it seemed that all by itself >>> the >>> inernal ip of the PC had changed, so I had to portforward to another ip >>> again! >>> >>> Is this normal? How can I prevent this from happening? >>> Of course I don't want to mess around with the router setup every single >>> day! >> >> Don't use the dynamic IP address provided by the DHCP server in your >> router. >> Instead configure your host's TCP/IP setup to use a static IP address >> (and >> one that is outside the IP range handled by the DHCP server in your >> router). >> If your router's DHCP server manages IP addresses from 192.168.1.100-200 >> then use something like 192.168.1.50 for your host. Since you are now >> using >> a static IP address that remains the same and doesn't rely on any >> assignments by the DHCP server in your router, your host always uses that >> constant IP address. >> >> Then use port forwarding in your router to redirect any external >> connection >> requests on port 20-21 to the static IP or MAC address for your FTP >> server's >> host (some routers can forward based on MAC address, some only let you >> port >> forward on an IP address). > > > I think I have achieved that today. > >> >> So just how are you hardening the FTP server host against external >> attack? > > > That's a good question. For the time being I only have the FTP server on > line incidently. > > >> Did you even put it in its own subnet in a DMZ managed by the router and >> which doesn't let that host connect to any other subnets for your >> intranetwork hosts? > > > From other users I understood not to use DMZ as it is a security hazard. > Of course I'd like more advice on how to do that. I'm novice with subnets > and other mysterious router options... > > > > -- > regards, > > |\ /| > | \/ |@rk > \../ > \/os > > >
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: Wireless in a hotel room XP - Internet Explorer asks for user name Next: Local Area Connection Network Cable Unplugged |