Network structure –> Server 2k8r2 <--> Livebox <--> Router <--> Other PCs [closed]

by

I have a Livebox connection to the Internet and I have set up my network as follows:

- Livebox <--> Win2k8R2 Server
- Livebox <--> Netgear N150 Router
- Router  <--> Other PCs

Therefore, in my LAN,

- the Livebox has IP address 192.168.1.1,
- the Router 192.168.1.12 (when accessed from the Livebox or the server),
- the Router 10.0.0.1     (when accessed from the PCs connected to the Router),
- the server 192.168.1.2,
- the PCs    10.0.0.x

I was using a previous configuration, which was as follows:

- Livebox <--> Netgear N150 Router
- Router  <--> Win2k8R2 Server
- Router  <--> Other PCs

Everything was simple, and I just had to forward all ports for incoming connection on the Livebox to the Router, and then forward the specific ports to the Server as needed (it must be however noted that any server I use is found on the Win2k8R2 server itself).

In this previous configuration, the IP addresses were as follows:

- Livebox 192.168.1.1
- Router  192.168.1.12 (when seen from Livebox)
- Router  10.0.0.1     (when seen from server & PCs connected to it)
- Server  10.0.0.2
- PCs    10.0.0.x

So now of course, my port-forwarding does not work anymore since the server is not connected (directly) to the Router.

What I would like to know is how do I configure the Livebox and Router to still have the features like before?

From what I understand of networks (which is very limited, btw), I see these options:

  1. Make the router assign IPs like 192.168.1.x (but then I want the forwarding to be done from the router itself, is it possible?)
  2. The forwarding on the router to the server uses IP address 10.0.0.2. I could change it to 192.168.1.2 (Is that even possible, does it work?)
  3. Forward all ports from the Livebox itself to the server, and then manage them there (Is software-based port-forwarding as secure as hardware-based?)

Answer

Your first two options are out because your router’s LAN/NAT no longer applies to your server. Option 3 is what you want.

If the server is connected directly to the Livebox, all you have to do is setup port-forwarding rules to the server. Bang. You’re done. Your router’s port-forwarding rules no longer apply because the server is no longer on the LAN. The Livebox handles your port-forwarding to your server.

If you needed port-forwarding rules to ALSO work on your router and get to your PCs behind it, then you’re looking at Double-NAT: Why is it a bad idea to use multiple NAT layers or is it? which is not a big deal at all, and if the port-forwarding rules are minimal, not even a headache.

As for:

(Is software-based port-forwarding as secure as hardware-based?)

It’s all “software-based” really. The port-forwarding/NAT rules on your Livebox are not in any way fundamentally different than those on your Netgear. Now your Livebox might have less OTHER security than your Netgear (does it have a SPI firewall? etc.), but that’s another topic.

Attribution
Source : Link , Question Author : Yusuf , Answer Author : Community

Leave a Comment