I need to set up either a VPN or a Firewall for a company I work for. I am trying to understand how to set up a firewall right now because it seems to be easier. The one thing I can't understand however is the last four digits at the end of an IP address. (for example: 192.168.1.254:8081).
Okay, so if I needed to connect to a server through a firewall how would I set that up? Is there a way to make the IP range based off of the default gateway of the main router? I know that most secondary routers will make a second local IP range.
It really depends on your specific set up. But if you're behind a NAT firewall then you need to create a port forward on the firewall to listen on whatever port it is and forward it to the IP of the server.
So I am trying to understand this, networking is not my best subject.
A NAT Firewall connects two firewall routers together and port forwarding allows you forward your connection through a second router?
They way I connect to this small server is by entering an IP address into the URL bar. One of them has 8081 at the end of it. Does this mean it is going through a second router? Because it does not have a local IP address.
No, a NAT firewall is used to share a single IP among many devices on a network and is typically used to share an internet connection. If you are trying to connect to a server from the internet you need to configure port forwarding on the firewall to forward the traffic from the public IP of the router to the local IP of the server. If this isn't what you're trying to do then you can ignore this.
No, it may do but it has nothing to do with that. The port number is used to specify which service you are connecting to on a device. So the IP specifies the device and the port number specifies the service. If you're accessing this is a browser then port 8081 is likely a webserver or at least the webui of something.
So if this is to access the server from the internet then you likely need to configure port forwarding on the router/firewall which is connected to the internet. If this is a firewall on an internal network then you just need to make a firewall rule allowing traffic from somewhere (the subnet, IP or IP range, whatever you want) to 192.168.1.254 on port 8081
Right now there are several tiny web servers that my company connects to in order to monitor different thing in different buildings. When I enter the IP address of these servers it brings up webui that tells us how things are running.
However, these servers only have a simple login and password and can be accessed by anyone who knows these IP addresses. They want to better secure these server over a VPN/Firewall but I am unsure how to set this up as I have never set up a VPN or Firewall.
I am trying to learn how to set up a connection to these server through a VPN server in my company.
I think the best thing to do would be to put these servers on a different VLAN and configure the firewall to only allow access to that network from the machines you want to allow access to. Then you could have a VPN server on that network to allow VPN access. But this depends a lot on your network infrastructure. You could also configure a firewall on each server to allow connections only from the machines you want to allow. But you'd probably be better off using better authentication on the servers rather than relying on a firewall.
Hey I know we are all here to help, and I don't mean to sound rude, but it sounds a bit like you might not be the best choice for this job considering this is for a business. Does your company have an IT department?
Again I'm not trying to be mean here, just trying to see the bigger picture of the situation.
Heres how to remember ports. Think of your ip as a highway, then your port is the little exit going only to one place. Many exits can go to one machine or one application, but you get off the highway at some point.
They did not expect this issue to come up, I was not meant to be doing something of this nature. I am an intern in highschool and still learning. Networking was not my best subject but I am trying to get a certification for it in the very near future. I was meant to find small issues with local computers to fix them, but this came up and they needed a solution.
They do not have an IT department, I am actually their first IT person. I know a huge amount about computers but networking is my weakest subject by far, that is why I need so much help.
That is exactly what I am doing. At the moment they don't have any firewall, we are connecting through an unsecured network. That is why they asked for this.
I was told that we would no longer have tech support through a major company that made the program for these tiny servers until we secured them. Me knowing the most about computers in this building, they came to me.
So when you say they log into several servers, it sounds like the servers are off site and not controlled by your company? Do you have access to these servers (beyond your web login portal)? If not, there isn't much you can do because you're not hosting the server.
These servers are indeed off site, when we enter their individual IP addresses we can log into a webui. We have access to these servers 24/7 unless the internet at the location goes out. We can also log in if we connect to the devices via Ethernet.
These devices are connected directly into the main router through ethernet. What I need to to either only access these devices via VPN or block others which it seems to be via Firewall (Most likely hardware). I was also seeing can block connection via mac address filtering using Firewall but I am not sure yet.
When you say these devices are connected directly into the main router through ethernet - where? Like do you physically have access to the off site server? Or did you pay someone to host it?