I need to set up either a VPN or a Firewall for a company I work for.
I am trying to understand how to set up a firewall right now because it seems
to be easier. The one thing I can't understand however is the last four digits
at the end of an IP address. (for example: 192.168.1.254:8081).
Can some explain this to me? Thank you!
That's the port number. You need to set an IP (or IP range) and port (or port range) when making a firewall rule.
Okay, so if I needed to connect to a server through a firewall how would I set that up?
Is there a way to make the IP range based off of the default gateway of the main router?
I know that most secondary routers will make a second local IP range.
It really depends on your specific set up. But if you're behind a NAT firewall then you need to create a port forward on the firewall to listen on whatever port it is and forward it to the IP of the server.
So I am trying to understand this, networking is not my best subject.
A NAT Firewall connects two firewall routers together and port forwarding allows you
forward your connection through a second router?
They way I connect to this small server is by entering an IP address into the URL bar.
One of them has 8081 at the end of it. Does this mean it is going through a second router?
Because it does not have a local IP address.
Thank you so much for your help.
No, a NAT firewall is used to share a single IP among many devices on a network and is typically used to share an internet connection. If you are trying to connect to a server from the internet you need to configure port forwarding on the firewall to forward the traffic from the public IP of the router to the local IP of the server. If this isn't what you're trying to do then you can ignore this.
No, it may do but it has nothing to do with that. The port number is used to specify which service you are connecting to on a device. So the IP specifies the device and the port number specifies the service. If you're accessing this is a browser then port 8081 is likely a webserver or at least the webui of something.
So if this is to access the server from the internet then you likely need to configure port forwarding on the router/firewall which is connected to the internet. If this is a firewall on an internal network then you just need to make a firewall rule allowing traffic from somewhere (the subnet, IP or IP range, whatever you want) to 192.168.1.254 on port 8081
So if I set the default gateway of both firewalls to the same address then it would act as one network?
Or would I need a VPN server in between?
And would this work over the internet? These firewalls will be in two different locations
I'm not really sure what you're trying to do.
Right now there are several tiny web servers that my company
connects to in order to monitor different thing in different buildings.
When I enter the IP address of these servers it brings up webui
that tells us how things are running.
However, these servers only have a simple login and password and
can be accessed by anyone who knows these IP addresses. They want
to better secure these server over a VPN/Firewall but I am unsure
how to set this up as I have never set up a VPN or Firewall.
I am trying to learn how to set up a connection to these server through
a VPN server in my company.
I think the best thing to do would be to put these servers on a different VLAN and configure the firewall to only allow access to that network from the machines you want to allow access to. Then you could have a VPN server on that network to allow VPN access. But this depends a lot on your network infrastructure. You could also configure a firewall on each server to allow connections only from the machines you want to allow. But you'd probably be better off using better authentication on the servers rather than relying on a firewall.
I'm not really sure.
Because of the type of servers these are, using better authentication on them
is not an option. The manufacturer recommends using a firewall/VPN
Thank you for your help! If I need more I will post here.
I will look into it a bit more.
Hey I know we are all here to help, and I don't mean to sound rude, but it sounds a bit like you might not be the best choice for this job considering this is for a business. Does your company have an IT department?
Again I'm not trying to be mean here, just trying to see the bigger picture of the situation.
Heres how to remember ports. Think of your ip as a highway, then your port is the little exit going only to one place. Many exits can go to one machine or one application, but you get off the highway at some point.
What type of firewall are you using?
It sounds like you're wanting to make a site to site connection, is that correct?
They did not expect this issue to come up, I was not meant to be doing something of this nature.
I am an intern in highschool and still learning. Networking was not my best subject but I am trying
to get a certification for it in the very near future. I was meant to find small issues with local computers
to fix them, but this came up and they needed a solution.
They do not have an IT department, I am actually their first IT person. I know a huge amount about
computers but networking is my weakest subject by far, that is why I need so much help.
That is exactly what I am doing. At the moment they don't have any firewall, we are
connecting through an unsecured network. That is why they asked for this.
I was told that we would no longer have tech support through a major company that
made the program for these tiny servers until we secured them. Me knowing the most
about computers in this building, they came to me.
That helped a lot, Thank you!
So when you say they log into several servers, it sounds like the servers are off site and not controlled by your company? Do you have access to these servers (beyond your web login portal)? If not, there isn't much you can do because you're not hosting the server.
These servers are indeed off site, when we enter their individual IP addresses
we can log into a webui. We have access to these servers 24/7 unless the
internet at the location goes out. We can also log in if we connect to the
devices via Ethernet.
These devices are connected directly into the main router through ethernet.
What I need to to either only access these devices via VPN or block others
which it seems to be via Firewall (Most likely hardware). I was also seeing
can block connection via mac address filtering using Firewall but I am not
sure yet.
When you say these devices are connected directly into the main router through ethernet - where? Like do you physically have access to the off site server? Or did you pay someone to host it?