Reply

Best practice for isolating a server

duncanbayne
Aspirant

Best practice for isolating a server

Hi,

 

I've installed a telnet server* on a dedicated machine on my LAN.  It's connected to my Netgear DGND3700v2 via Ethernet, and I've set up port forwarding for public access from my static IP address.  So far so good - I can connect to the server from any machine on the public Internet.

 

Being a paranoid sort, I'd like to isolate that machine from the rest of the network in case someone comporomises it.  Ideally what I'd like is to:

 

  • prevent all outbound traffic from that machine to any other machine in the range 192.168.0.*
  • allow inbound Telnet and SSH traffic to that machine
  • prevent any other inbound traffic

What's the best / safest way of achieving this?

 

Yours,

Duncan Bayne

 

* It's actually an old-school BBS server, which offers connection over Telnet.

Message 1 of 3

Accepted Solutions
w3wilkes
Prodigy

Re: Best practice for isolating a server

If this machine were wireless you would be able to define a "Guest" wifi network in the DGND3700v2 to put this Telnet server on. This would allow the machine to use your internet connection, but it would not be able to see any devices on your regular network.

D7000v2 / DGND3700v1

View solution in original post

Message 2 of 3

All Replies
w3wilkes
Prodigy

Re: Best practice for isolating a server

If this machine were wireless you would be able to define a "Guest" wifi network in the DGND3700v2 to put this Telnet server on. This would allow the machine to use your internet connection, but it would not be able to see any devices on your regular network.

D7000v2 / DGND3700v1

View solution in original post

Message 2 of 3
duncanbayne
Aspirant

Re: Best practice for isolating a server

That sounds ideal.  I'll move it from Ethernet to WiFi then, and do that.

 

Thanks Smiley Happy

Message 3 of 3
Top Contributors
Discussion stats
  • 2 replies
  • 4304 views
  • 0 kudos
  • 2 in conversation
Announcements

Orbi WiFi 6E