The UK Home Automation Archive

Archive Home
Group Home
Search Archive


Advanced Search

The UKHA-ARCHIVE IS CEASING OPERATIONS 31 DEC 2024

Latest message you have seen: Re: OT : emergency - Hard disk failure


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Home Automation - Firewalls



I've done everything you want (except Tivo) from behind my Intertex
firewall/router. Don't bother with DMZ - I just set up rules for
everything behind it (CCTV server, IIS, Comfort, FTP etc). Seems to be
OK and not had any problems so far. I also have sub domain names
pointing to these such as:

Security.mydomain.com  - for CCTV server
Home.mydomain.com  - for Exchange web access and links through to
Comfort etc

Each one was set up by Chris Bond as he hosts my domains - each one just
points to one of my IP addresses then my router takes care of forwarding
the traffic to the relevant box on my local (NAT) network.

For Bit Torrent and Peer to Peer file sharing, you'll probably also want
to open up certain ports and forward the traffic to a particular PC.
This does then leave you open to attack - so I also run a software
firewall on the PC's inside the network as well.

I'm no expert as you know but this seems to work well and I've (touch
wood and prays to all known deities!) not had any problems so far.

Paul

-----Original Message-----
From: Mark McCall [mailto:lists@xxxxxxx]
Sent: 23 March 2004 23:15
To: ukha_d@xxxxxxx
Subject: [ukha_d] Home Automation - Firewalls

As broadband nears a reality I'm continuing to look into security for my
home network. I have done a little reading and this is my (simplistic)
understanding so far.

1. I need a firewall
At this stage I plan to buy a router/firewall box

2. Anything "Public facing" should go on the De-militarised Zone
(DMZ)
Whilst I have nothing that needs to be open to the public I will need
access
to some things from the outside like my CCTV server, TiVo, Comfort etc.
I'm
unsure whether those systems need to be on the DMZ or not?

I've read that the DMZ interface should really be a separate interface
(in
the case of a PC acting as a router that would be a 2nd NIC).  Does this
mean that a hardware router/firewall isn't as secure?  I've also read
the
term Virtual LANs (VLANs), supported by the Vigors for example, which
seems
to have some security advantages?

I have placed my broadband order with Eclipse and have applied for a
batch
of static IPs which I hope to assign to some of the various boxes
mentioned
above as well as possibly running my own email server.  How do I got
about
this?

As you can see I have lots of thoughts going round in my head (some of
them
doubtlessly wrong).  I need someone with experience of this to tell me
the
right way to go about all this.

In fact, as this will doubtless be of interest to lots of people now,
and in
the future, I'd like to put all the info on a page for the website.

All help / comments appreciated.

Thanks

M.




UK Home Automation Meet 2004 - BOOK NOW!
http://www.ukha2004.com

http://www.automatedhome.co.uk

Member Offers - http://www.freeranger.co.uk/ukha

Home | Main Index | Thread Index

Comments to the Webmaster are always welcomed, please use this contact form . Note that as this site is a mailing list archive, the Webmaster has no control over the contents of the messages. Comments about message content should be directed to the relevant mailing list.