MiamiDX, ADSL, DMZ and the Amiga..

[Stom]

Afternoon folks,

Got a query regarding ADSL.

At the beginging of May (7th) my local exchange is finally going to be ADSL enabled. So as you can guess I have been looking into the various options for connecting my systems to the net (my Amiga and PC).

I have read up on a few things about the routers having thier own firewalls which can stop certain things like webservers and FTP working. To re-enable these, most routers seem to use port remapping (like I am doing at the moment at home by redirecting port 80 to my PC (amiga gateway) on dial up). This seems like a awkward thing to go back to compared to the 'easyness' of my dialup connection.

However, on my travels about I have seent hat most routers offer a DMZ option which basically shoves all port requests to a set machine on the routers connection (think I have read that right). What I am basically wondering is:

1/ Using DMZ with the Amiga - is it possible?

2/ Are there going to be any big drawbacks to doing so?

3/ I guess I can block all the ports that the router would do via configuring MiamiDX's firewall (all, but the ones I need free)

4/ Recommended routers? I am looking for a 4port switched version, so far I have looked at the DLink DSL504 (iirc) and the Netgear DG814 (or is it DB?)

Any help greatly appreciated,

Sam Thomas
www.amiga-mediator.co.uk
www.stom.org.uk
#Stomshouse on Arcnet

[odin]

Q1 to 3: Don't look at me :-).

Q4: I'd recommend getting an integrated ADSL modem/router/switch. Something like this.

This particular device is for analog adsl and sells for about 130EUR in the Netherlands. Mind you I don't have this thing nor any experience with it.  Just seems like a great solution to me....having all devices in one box.

My father recently got analog ADSL he was supplied with a  Thomson/Alcatel Speedtouch 510 (V4) modem/router. I simply hooked an 8 port switch onto the ethernetport of the modem, plugged 3 computers in the switch and hey presto. A beatifully functioning ADSL LAN.

[Tafka]

Can't really comment on running a webserver as I've never done it.

What I can say though is that my router/firewall is completely configurable.  I.e. you can turn on/off security/firewall/IP NAT and you can add lists of ports that are allowed through the firewall.  (It is one of the SAR703 routers from www.solwise.co.uk).

You can add lists of addresses for forwarding also I think.  Like I said, don't use this as gospel as I've never tried it.

As far as webserving/ftp  is concerned though.  I would say, if you can do it on a PC, you can do it on an Amiga.

Don't know if this helps.  If you want me to try anything at home to test I will.

[Tafka]

BTW, I've got two PC's and the Amiga connected through the router to the ISP.

[Stom]

hmm..ok but not quite what I was after..

Most routers have a option called 'DMZ' which basically like you have said about disables the routers firewall and gives you the option to direct all port querys to a selected machine on the network and then let that machine sort out what it allows and disallows through via a software firewall for example instead of the router/modems hardware firewall.

Cant see any reason as to why it shouldnt work, guess I will see once I get can the ADSL service!

Chers anyhow,
Sam Thomas

[Mad-Matt]

Im using NTL Cable on my Amiga via A Belkin 4-Port router (about £50), although i used the pc to initially setup the modem before plugging router in.

Initial problem was getting the Amiga to stay online, ,as it was using dhcp to get an ip from the router. Solution was to make the IP static (same ip that router issued via dhcp)

Since i use Amiga mostly for irc I chose to make the Amiga IP the one to enter in the DMZ (Since only one ip can be entered on this router)  This disables the router wall for that IP. (was required to make DCC work)

So i use Miami IP Filters to enable/isable ports i wish to use (also this router doesnt seem  toallow port ranges so can only open individual ports via a trigger port).

this method is working ok for me

[JurassicCamper]

Mad-Matt wrote:
Im using NTL Cable on my Amiga via A Belkin 4-Port router (about £50), although i used the pc to initially setup the modem before plugging router in.

Initial problem was getting the Amiga to stay online, ,as it was using dhcp to get an ip from the router. Solution was to make the IP static (same ip that router issued via dhcp)

Since i use Amiga mostly for irc I chose to make the Amiga IP the one to enter in the DMZ (Since only one ip can be entered on this router)  This disables the router wall for that IP. (was required to make DCC work)

So i use Miami IP Filters to enable/isable ports i wish to use (also this router doesnt seem  toallow port ranges so can only open individual ports via a trigger port).

this method is working ok for me

For the belkin 4 port router.... and Miami...

Enter the setup 192.168.2.1 and change your DHCP lease time to anything appart from forever.
Mines currently set at 24Hours.
You always get back the same IP address anyway as this is based up the MAC Address of the  Ethercard you are using. If the MAC address stays the same you'll  get back the same IP.

I would not recommend putting the Amiga in the DMZ, just use the belkin to open what ports you need.
Eg: If you want to run a FTP client open up port 21 and steer it to your Amiga's IP address. . If you want to control your Amiga remotely via telnet open up port 23 etc.

If you have the Amiga in the DMZ and you file share using samba your opening your self up for attack.

Langaurd for the PC is a bit of software aimed for commercial networks. However Its on Kazaa and allows you to scan all 256 pc's on a particular subnet. Its comes back and tells you what clients it found, what ports are open and then at the click of a button takes you to a website that shows you how to explote that open port.
 
Many wanabe hackers use this lots on ADSL / Cable networks.

Believe me keep it out of the DMZ

[Stom]

Great Matt,

Thats pretty much what I wanted to know really :-)

Shame I cant get Cable in my area though, thats why I am having to go for ADSL :-/ (IF I could get cable (telewest in my case) I would have been going for a 1 meg line)

Cable router/modems are much cheaper than thier ADSL counterparts :-/

Will probably end up going for either the DLink504 or the Netgear DB814


Cheers,
Sam Thomas
www.amiga-mediator.co.uk
www.stom.org.uk
#Stomshouse on Arcnet

[Stom]

ah, JurasicCamper..

This is the area I was unsure about if I set the Amiga up as the DMZ server thing.

Not sure now whether to do this or just let the router do its own thing  :-? . If I let the router do it how do I stand on DCC chat and things like that?

Cheers
Sam Thomas

[JurassicCamper]

Your service provider, be it ntl: BT, Telewest, will only let you have 1 IP address for the ADSL / Cable  Modem, this is where the router comes in as it gets assigned your 1 IP address and then uses NAT translations to steer the traffic to the desire local IP address assigned by the router.

Let your router do what is designed to do, route traffic.

You can then network your computers behind the router as they will get IP address on the same subnet using the same subnet mask.

If you can then share drives using samba or windows / netbios. This has to open up ports. TCP or UDP depending on the protocol you are using. Behind the router this OK because your ports are only open to each other behind the router.

If you then put one of these machines in the DMZ your basically saying route all TCP / UDP ports request to the IP address of my router to all machines on in the DMZ. So If you have shared a drive its available for others as well. By keeping it in the DMZ you can then open ports up as and when you need them, so if you find a program is not working becuase it needs a specific port, then open it up.

For Example:

1 Windows PC, 1 Amiga & a Router

Your router will  get assigned an IP address of 80.1.20.12 for example, from your service provider.
Its has a local IP address of 192.168.2.1 used for you to login / its your gateway aswell.

Your router will assign the Amiga an IP of 192.168.2.2
and the PC 192.168.2.3

If you then want to run an FTP server you need to think about how packets will get to it.

If you then wanted to FTP to the Amiga from somewhere on the internet, say work for example What IP address would you use ?

192.168.2.2 or 80.1.20.12.

Well if you use the first you'll most likely end up with with somebody elses PC or Router. If you use 80.1.20.12 your right but,  your router has no FTP server client on it.
FTP uses TCP IP port 21
So you then have to tell the router what to do if it get a requesting coming in on IP 80.1.20.12 / TCP port 21.
You tell it to steer requests to 192.168.2.2.
Same if you want to run apache, just tell the router to steer traffic request to your amiga or PC depending which one has the client running.

Your website would then be http://80.1.20.12

Simple when you get your head round it.

[KennyR]

DCC (chat or send) through a IP-NAT on an Amiga is possible, just a pain to set up at first. AmIRC doesn't know about IP-NAT so you'll have to use TIADCC (perhaps along with a dyndns account) or a script to set your Amiga's internet hostname (which is the big problem, not the firewall). Then redirect a few high ports to your Amiga (say 1050-1055) and dcc should work - after some trial and error.

[JurassicCamper]

@ Stom

One thing to remember some cheasperASDL modems don't have ethernet RJ45 ports and are USB only (Freeserve), so you have to connect it to a computer that support networking over USB. Think of it like MiamiDX built in Serial Driver for an external 56K modem.

Some ASDL Routers dont have USB ports only RJ45.

Your gonna have to connect your modem to your router and if ones usb and the other is RJ45.... well you see the problem.

Best option is for a modem that has a Enternet connector on it.

So it goes:

Coax or Phone Line---Modem---Router---Computers

[rhino]

The router mentioned by Odin in his post is available in the UK from dabs.com, the QuickLinx code is 17P8WS. It is a combined ADSL modem, router and  4 port switch and costs 65UKP including VAT. I've got this model and it's been working well for several months now. I can't say I've run any servers on my networked machines (an Amiga and a PC) but it does have the facility to map single ports or ranges of ports. I'm not sure if it has the DMZ function, if you'd like me to look let me know and I'll check it out.

HTH

Robert

[JurassicCamper]

check ebuyer.co.uk

They start at about £30 these days + they are doing free delivery at the moment .

If you buy a router with a print server like a Baricade from SMC you can use the NetPAR software that was one of the contributions with OS3.9 so they can both share the printer.