Search the Community

Hi everybody, I'm working on a project for school about technology and I have to see whether the IT structure of a hotel is functional enough or if things can be updated. As I'm not really knowledgeable about firewalls, switches, routers etc. it would be nice if somebody can review it and give some advice! The hotel is 25hours Hotel The Circle, located in Cologne (Germany). It has 8 floors and 207 rooms. I'm leaving attached the scheme of the IT structure, so it's easier to understand. Any help would be greatly appreciated!!!

Hello there Im curently on the way to upgrade my home network.General Plan is to go 10Gb and replace current Isp router. also i want to use different Van´s in my Home and start self hosting an website. Plan is to do it in 3 steps. 1. install 10gb cards in gaming rig and unraid server. 2. get the contract going with my new ISP. 3. Buy the hardware for the big upgrade. I will attach an network schematic of current and new setup. Now im not sure about how some things will work out, what hardware and software to use and if everything is possible the way i imagine it. 1.When i get my new Isp´s router, i wont need the old network anymore. But if it is possible, it would be great to be able to Loadbalance it and use both for maximum Bandwith. Also i would like that devices from the old Network(my house mates pc´s) still be able to access Samba Shares and WebGui´s from the unraid Dockers. Can Pfsense handle Loadbalancing in the way i imagine it ? And if not, would it be possible to do it with an extra device ? (https://www.amazon.de/TP-Link-TL-R470T-Broadband-LAN-Port-Speicher/dp/B004UC9V8Q?th=1) Or will this device just drop all the packages cause it doesnt know´s the van´s ? 2. Is it possible to direct attach 2 networkcards directly for now if i only need the 10gb connection on these machines? Would this be an Routerless Subnet ? and if yes, do you know if unraid supports it ? Also i was thinking about if i can add the network card to my current balance tlb5 bond but only for conecting to my gaming rig. 3. I want to have 4 Van´s. 1 for trusted Wireless. 1 for IoT and Guest Wireless. 1 for trusted machines(like unraid, gaming rig etc.). 1 only for the Nginx cause i want to isolate it so if someone would be able to get access to my webserver it wouldn´t affect the whole network. Do i need an extra Van for the Webserver ? I will have Port 443 and 80 open for the website. Also port 22/tcp and 3389/tcp are open but only from 192.168.0.0/24. When i redirect incoming port 443 and 80 to my webserver, ist it possible to reach the other ports or simulate an local Ip adress if someone would be to attack my site ? Also on my Unraid machine there are some Ports open and Security is a high concern for me. Main Goal is to protect access to unraid array data and gaming machine/Phones (sensible personal Data). I also think about assigning the Ubuntu Vm in which the Webserver is running an 1Gb network card and plug it directly into the pf sense box, giving it an own van and isolating it that way, but i dont have much pcie to spare 4. The primary Usecase for Van´s is to seperate devices, but is it still possible to let choosen devices comunicate it predefinde ways ? im thinking about having my unraid array in an different van then my gaming rig an laptop but want to be able to access samba shares and connect via ssh to my unraid or vm´s that are running on it. My general thaught process goes in the direction of not blocking all connection completly, more like have a whitelist of services etc. would this make my network vulnerabel again ? Also if i have my printer, ioT etc in an different van, how can i access them ? 5. Is there Hardware i should avoid or something u can recommend for my purpose ? 6. What are the most important/first steps when scuring a home network ? 7. How "dangerous" ist it in general when u are starting to learn networking and hosting etc. and open up Ports ? (by that i mean im not expirienced in that field but want to know what could happen when i start hosting my website) 8. What do you think in general of the layout ? im looking forward to your Opinion !

I recently got a HP business PC, and want to turn it into a server. I want to have file sharing, firewall (like but not limited to PFsense), and to be able to run Minecraft servers on it. Is doing all that on one machine possible? Also the PC comes with win 10 pro, should I change OS? If it is possible what is the best and safest way (security and remote connection wise) to approach this? The specs of the PC are not bad by any means and it is very upgradable. Specs Intel Core i7-9700 3GHz 16 Gbs of ram (15.8 Gbs usable) 64 bit system, x64-based processor On board GPU

Hi, I have problem with my pptp VPN. Bellow there is my config that worked but doesen't work anymore. /ip firewall mangle add action=mark-routing chain=prerouting dst-address-list=Kancl in-interface=bridge1 new-routing-mark=Kancl passthrough=yes src-address-list=XPS /ip firewall nat add action=masquerade chain=srcnat dst-address-list=Kancl out-interface=Kancl src-address-list=XPS add action=masquerade chain=srcnat /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=Kancl pref-src="" routing-table=Kancl scope=30 suppress-hw-offload=no target-scope=10 /routing table add disabled=no fib name=Kancl /interface pptp-client add connect-to=XXX.XXX.XXX.XXX disabled=no name=Kancl user=XXXX /ip firewall address-list add address=192.168.88.254 comment=LAN list=XPS add address=192.168.88.241 comment=WIFI list=XPS add address=92.62.0.0/16 list=Kancl (public IPs) add address=100.64.0.0/10 list=Kancl (public IPs) add address=10.0.0.0/8 list=Kancl (private IPs that is why I am using the VPN) It looks like that the FW rules works based on these graphs. The router is RB5009 on v7.6 (it worked on V7 before) And yes, the VPN is conected 16:39:12 pptp,ppp,info Kancl: authenticated 16:39:12 pptp,ppp,info Kancl: connected 16:39:12 pptp,ppp,info Kancl: using encoding - MPPE128 stateless It just stopped working without any changes. I even looked in my backup from november and the config is same and it worked before and there shoudnt be problem on the end. I can connect via VPN on my PC to that and it works fine. The FW should be OK too (this is not my standart firewall, I reduced it to bare minimum): /ip firewall filter add action=fasttrack-connection chain=forward comment="Fasttrack UDP" dst-port=53 hw-offload=yes in-interface=ether1 protocol=udp add action=fasttrack-connection chain=forward comment="Fasttrack TCP" dst-port=53 hw-offload=yes in-interface=ether1 protocol=tcp add action=accept chain=input comment="accept established,related" connection-state=established,related add action=accept chain=input comment="allow ICMP" in-interface=ether1 protocol=icmp add action=accept chain=input comment="allow SSH" in-interface=bridge1 port=22 protocol=tcp add action=accept chain=input comment="allow Winbox 8291" in-interface=ether1 port=8291 protocol=tcp src-address-list=allowed_to_router add action=accept chain=input comment="CAPSMANAGER Discovery" in-interface=bridge1 port=5246,5247 protocol=udp add action=accept chain=input comment=OpnVPN-PASS dst-port=1194 in-interface=ether1 protocol=tcp add action=drop chain=input in-interface=ether1 I think that the rules are working based on those graphs but it doesent want to go through the nat. I thought that FastTrack could be the problem but removing it doesn't help. If I use the pptp client it doesn't work and I can't even access these IPs 92.62.0.0/16 (public range) and 100.64.0.0/10 even though they are public IPs (these IPs are blocked for some reason). I even tried to disable the FW and that didn't work too.

Hi everyone, I have a Proxmox virtual machine running on OpenSense firewall. The VM has some port-forwarding rules set up for specific ports, but it cannot access those ports on its own public IP address. I have checked the firewall rules on both OpenSense and the VM, and they appear to be correctly configured. Proxmox only has one NIC and is running OpenSense inside a virtual machine, below is the Proxmox configuration and port forwarding rule. I have also tried accessing the forwarded ports from outside the network, and they work perfectly fine. However, when trying to access the same ports from within the network, the connection times out. Has anyone encountered this issue before? Any ideas on what could be causing this and how to fix it? So far, I've run an NMAP scan on both the OpenSense firewall and the Proxmox VM, and everything appears to be correctly configured. However, I'm not sure what other diagnostic data I can provide to help troubleshoot this issue. Scan from an external network: Scan from inside the virtual machine on the same hostname: As you can see, the port forward works properly on other networks but when we check it in NMAP it's `filtered`. This also occurs on Linux virtual machines, while this virtual machine is running Windows Server 2019 disabling the firewall changes nothing. I'm climbing mount stupid here with the searching and forum posts, feel free to ask if you people need any more log files / information! Thank you in advance for your help!

Hello, I've got a small media-server at home which seams to be a widely used target for brute-force attacks. I've tried to secure it a bit with the following tweaks. - Disallow RDP access for admin accounts - Use custom port for RDP - Require strong passwords - Account Lockout on X failed attempts - Scan logs every x min for failed attempts and then block IPs in the firewall I know that I should probably only allow local connections and use a VPN-solution, but I want to be able to quickly and easily connect even from a friends house without any extra hustle. My idea is that I want to block all IPs that's not in my country range as well as block IP's within that range that have x failed login attempts. So, I've setup a firewall rule to block all incoming connections from (placeholder). I then add IPs to the placeholder with a powershell script every x min if the script find 5+ failed login attempts from an IP. .. But how would I go about blocking all incoming connections from an IP that is not within my defined range on-top of that?

We keep hearing how good all the hostings, VPNs (and hosting for VPNs) are good to hide your true identity, protect your privacy, circumvent (geo) restrictions, host minecraft servers, etc.. But what's on the other side? I host a couple services and websites on my personal box (with static IPv4 and a decent upload bandwidth) and it keeps getting hit from all around the world. So I utilize the efficient linux firewall (iptables/ipset + drop rule) to combat those intrusion attempts. Visits from CDN77, M247, hosting companies are pretty frequent. But it's not that straightforward: Skype mailer is using Microsoft's IPs, other website's mailers use Amazon or Google cloud, so I had to unblock those. I even had to unblock OVH to signup here because the LTT mailer is using it. And already last week I get new intrusion attempts from OVH IPs: 192.99.36.177 - - [19/Apr/2020:20:36:22 +0300] "GET /wp-login.php HTTP/1.1" 301 162 "-" "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" 192.99.36.177 - - [19/Apr/2020:20:35:07 +0300] "GET /wp-login.php HTTP/1.1" 301 162 "-" "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" 192.99.36.177 - - [18/Apr/2020:15:23:01 +0300] "GET /wp-login.php HTTP/1.1" 301 162 "-" "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" So how should one act in this situation? I can't block whole IP ranges due to essential services running there, but blocking individual IPs will take forever. I don't want to just sit and watch my log files fill up. P.S. All the firewall and most recent log hits are copied to https://github.com/Commaster/IP-wall . I used to send the abuse logs to the provided "abuse@..." e-mails in the whois reports, but that never yielded any results.

I tried open windows firewall but It just got stuck on this, any ideas?

Hi all, So here's the deal, and hope I won't get too much hate for this. I am looking for a software that can be easily configured to block certain websites in a PC laboratory environment. Short backstory: I want to have the Internet on and available during normal classes. However, during tests, students cheat. By their own admission. And they don't even do it because the test is too hard, they admitedly just do it for the thrills of "fooling the system". This is not to their best advantage. I also do not want to cut all Internet access during tests as this would be absurd. Being a programming test, they should be able to look for and find solutions on the Internet, just like in the real world. However, I would like to block social network and instant messaging apps where they can quickly exchange files and answers. I am aware of the hosts file solution, I have even written a batch file which automatically adds entries to it, however this does not seem to always work for some sites (it blocks Facebook, for example, but GMail somehow still gets through). So I am looking maybe for a firewall type solution which could be easily enabled/disabled and would do the trick. I'd like to add that I'm not trying to be mean: the blocking request also came from several students who feel disturbed by the cheating attitude of some of their colleagues. Thank you all in advance!

Is there a list of what Firewall settings in modem should be? I think the standard one probably isn't good. Also, how does it work to have two Access points with same SSID but they aren't made for mesh use? We have problems with the range of Asus AC1300GPlus or whatever it's name was on 5Ghz network. I am quite sure ISP router had better range but it has other issues. The place is 101 M2. Should I get just another Access point and use or together with the Asus so the hole place is covered, (if another issue with had with it is gone) just replace it with one with better range as just a few meter longer range would be good enough, or should I buy mesh network kit? If replace it with another more powerful one, how do you figure out what the range of them are and if it's better?

Hi, Before I buy a raspberry to do the PiHole setup I have a few questions since I was thinking about buying a new VPN for various reasons. sorry for my low tech skill in this field. I had 1 year of PIA in a humble bundle offer and it was fine except I had to remember to switch it off EVERY time I wanted to play any game or it would get me banned or give me connection issues. now I'm looking into different VPN offers but the question remains: is there a way to filter only Http/Https/torrent/voip/etc.. traffic on the VPN while leaving all Gaming ports (or even specific sources like Steam client browser which I think works on the same http ports) access the internet unbothered? my idea was to buy a firewall, do consumer-grade firewall exists? or can it all be done with a Raspberry without problems? can it be software integrated in my Router? if yes what model do you reccomend? I'm waiting for an upgrade to Fiber Modem soon (this year the ISP says) so I don't want to buy a different modem for now, but maybe I should buy a different one or I can still do everything while keeping the one from my ISP? (I don't know how expensive or common are fiber modem today) this way I can even select websites like my banking and have it unfiltered so even if I use my phone wi-fi I don't set an alarm when they see an access from Switzerland or another country. this way I can leave all the work on the machine and stop having to install the vpn on each computer and mobile at home. how does that work with Alexa and the Fire stick tv? is there something else I should know before going into this? maybe I did not take into consideration something and I will find myself stuck later on. thank you, I hope this is the right forum section

Hi, I have configured a Watch-guard T-10D following the steps in this guide : http://www.watchguard.com/help/docs/wsm/xtm_11/en-us/content/en-us/networksetup/dsl_vdsl_vlan_c.html It works but drops a lot, I then called up my ISP to configure the Watch-guard with them and still i am having the same issues. I have had a Line Test run and it came back as fully passed. I had a broadband test run and again passed. Confused where to go from here HELP PLEASE

Hi everyone, I have an attorney client whose email address was used to contact a customer asking for a wire transfer for a large sum of money. The attorney didn't send it, but rather a malicious person did. My first thought was that some spyware picked up his email credentials and the malicious user combed through his contacts for a target. Also it's a possibility someone was shoulder surfing when he typed in his credentials and wrote down the info. If credentials and sensitive info were stored locally or on the server, maybe his network has been hacked. What would be your first thoughts, reactions, and steps taken in this scenario? Thank you.

Are there any windows firewall ports enabled by default that leave my computer open to malicious hackers.

i have problem with my ftp server. it doesnt work with the firewall. like it blocks it completely.

So I have come across this odd little issue of the Windows Firewall not allowing me to enable it thus not allowing me access to many core apps of Windows 10 including Mail, Calendar, Xbox and Cortana. This has been ongoing and I assume it to be the cause of many other issues like NZXT CAM not logging me in and updated repeatedly failing to install. I have already run Malwarebytes and removed 2 tech support scams and 4 Bitcoin mining malwares. Any and all suggestions at this point will be useful. Thanks in advance!

So my school has very good IT administrators who are quick to spot any faults in their network. They prevent any other software from being installed and block most websites (especially yahoo answers because it's a "social network"). They block proxies almost instantly and even deleted chrome for us because people found ways through. They use wired Ethernet connection which aren't accessible to us otherwise i would connect it to my internet. Even the virtual machines had these restrictions and now they blocked the internet on them. CMD is also blocked as well as control panel and they killed our ability to adjust mouse cursor speeds like wtf. If anybody knows a way i could bypass these restrictions it would be much appreciated. The school runs on windows seven professional. Also please keep the responses semi reasonable because i can't exactly rip the hard drive out and re-format it!

So my school has very good IT administrators who are quick to spot any faults in their network. They prevent any other software from being installed and block most websites (especially yahoo answers because it's a "social network"). They block proxies almost instantly and even deleted chrome for us because people found ways through. They use wired Ethernet connection which aren't accessible to us otherwise i would connect it to my internet. Even the virtual machines had these restrictions and now they blocked the internet on them. CMD is also blocked as well as control panel and they killed our ability to adjust mouse cursor speeds like wtf. If anybody knows a way i could bypass these restrictions it would be much appreciated. The school runs on windows seven professional. Also please keep the responses semi reasonable because i can't exactly rip the hard drive out and re-format it!

Hello All, I am currently looking for a new solution to automatically connect to my network switches/routers and save a copy of my running configurations. I currently have Infoblox NetMRI doing this, but it is not working for all my switches and support is horrible. Frankly I pay a yearly subscription for a device I am not fully utilizing. I am strictly looking for some software to SSH to my boxes and save a copy of the running config file. This cant be done manually as I manage over 250 pieces of equipment. I am open to any suggestions. Networking Equipment I use are Avaya,Juniper and Palo Alto.

Hey guys, I need a FREE firewall that's compatible with Kaspersky anti-virus. It seems like they are all incompatible. I've tried Zone Alarm, Comodo, Windows Firewall Control and none of them seem to be compatible. Anyone know any good free ones that are compatible?

Hi Everyone! I was wondering if I could run Battlefield 1 and play online in Ultra, while in China. 16GB Ram Intel i7-4790K CPU @ 4.00GHz NVIDIA GeForce GTX 970 Samsung Evo 850 SSD I have 3 screens connected. Thanks!

Before anyone gives me a lecture, yes, I know education is important and me doing well is not a problem, and yes, I already spoke to the admin about exceptions and it was a no go. I have a massive gap between classes on my last school day of the week. Usually its long enough that I need to kill time by doing something besides eating and its short enough that I dont have time to go home and come back (usually 4 hours). I would like to play an online match or 2 during this specific break so that I could break up the monotony of classes and give my brain a short break. I have tried a vpn with no luck (believe I tried tunnel bear). I used to tether to my phone and handle it that way, but lately I've been getting piss poor service on campus so thats out. Any alternatives? I assume I need a VPN that can access port 443 or 80.

Just a quick question. I know that routers have built in firewalls, but does that firewall also cover the ethernet ports coming out of the router?

hi, i have a .exe program that i am trying to block internet connection to. I tried blocking the program with firewall with inbound and outbound blocking configurations. It didn't work and i even restart/refresh the computer. Every time i open the program and i look at cmd and type netstat -ano the connection of the program i am trying to block is always establish and from what i heard an establish connection is basically having access to my computer by internet. I was going to try and block the internet connection from the program by modifying the host file in my computer but the program's foreign address is the same as one of my local address and i do not want to block a local address because i do not know what will happen really. What does it mean when a program you have has a foreign address that is also a local address

I'm currently designing a topology for an assignment and I'm wondering whether or not to have more than 1 firewall to act as a failsafe so that if one router goes down the other can take over and to allow more traffic to pass through the network. The firewall between the router and switch is to filter out any external attacks while the firewall between the department switch and switch is to filter out any internal attacks. Some feedback would be great thanks.