server with hardware firewall

[coolxm]

hi

I want to have a minecraft server hosted from my home for my friends and me, for security reasons i would like to add a firewall in between them, the particular one is a zyxel zywall 35, an old one i got from a company.

i was able to portforward the right port to the internet but now i need to add a firewall rule and its not working, i have tried alot but it wont work,

atached is the gui of the machine

 

thanks,
Coolxm

[GSN]

Hi There!

 

Firstly, are you running the Minecraft Server on your Windows PC? If so, if its a private server for your friends, you don't really need to add a hardware firewall into the mix, this could cause more issues than it solves. Maybe if you're running a public server then this would be necessary, but apart from that, you're better off just port-forwarding in your normal router settings and relying on the SPI firewall built-in.

 

The mix of both software (Windows Firewall (ADV)) and SPI (Router) will likely be sufficient for a private server, just make sure that if you're sharing out your IP address in public forums that you have sufficient protection.

 

For more help configuring SPI and Hardware firewalls, please feel free to message me or reply to this topic.

[coolxm]

5 minutes ago, GSN said:

Hi There!

 

Firstly, are you running the Minecraft Server on your Windows PC? If so, if its a private server for your friends, you don't really need to add a hardware firewall into the mix, this could cause more issues than it solves. Maybe if you're running a public server then this would be necessary, but apart from that, you're better off just port-forwarding in your normal router settings and relying on the SPI firewall built-in.

 

The mix of both software (Windows Firewall (ADV)) and SPI (Router) will likely be sufficient for a private server, just make sure that if you're sharing out your IP address in public forums that you have sufficient protection.

 

For more help configuring SPI and Hardware firewalls, please feel free to message me or reply to this topic.

Yea its just that i'll also use it for some of my other stuff and my dad want it to be safe, is it possible to turn it of on one port (i mean physical ethernet port)? i dont want to put the router outside of the firewall cause my sisters will also use it and they dont know much about tech and are pretty much virus magnets

 

[GSN]

2 minutes ago, coolxm said:

Yea its just that i'll also use it for some of my other stuff and my dad want it to be safe, is it possible to turn it of on one port? i dont want to put the router outside of the firewall cause my sisters will also use it and they dont know much about tech and are pretty much virus magnets

 

The only reason I made my previous statement on the matter is that a hardware firewall requires some advanced configuration that can be a pain to your interconnected devices on your network.

 

To run a hardware firewall properly, you really need to put your broadband modem/router into Modem-Only mode, plug in the hardware firewall using Ethernet, configure the firewall to monitor incoming and outgoing connections and then plug a Wireless AP into it (providing the HFW supports DHCP).

 

This way, all of your connections are being routed through the firewall, wireless and wired, making your network more secure and impervious to attack from the WAN.

[coolxm]

4 minutes ago, GSN said:

The only reason I made my previous statement on the matter is that a hardware firewall requires some advanced configuration that can be a pain to your interconnected devices on your network.

 

To run a hardware firewall properly, you really need to put your broadband modem/router into Modem-Only mode, plug in the hardware firewall using Ethernet, configure the firewall to monitor incoming and outgoing connections and then plug a Wireless AP into it (providing the HFW supports DHCP).

 

This way, all of your connections are being routed through the firewall, wireless and wired, making your network more secure and impervious to attack from the WAN.

ok so ive looked into somethings, if i put the ethernet port in wich the server is plugged in to a dmz port would that help?

[GSN]

4 minutes ago, coolxm said:

ok so ive looked into somethings, if i put the ethernet port in wich the server is plugged in to a dmz port would that help?

If you follow my above instructions, you can't go far wrong. You can try the use of the DMZ port but this won't do much good for securing the rest of your network, you really need to make the firewall the first point in your network after the WAN modem to make the most of it.

[coolxm]

Just now, GSN said:

If you follow my above instructions, you can't go far wrong. You can try the use of the DMZ port but this won't do much good for securing the rest of your network, you really need to make the firewall the first point in your network after the WAN modem to make the most of it.

yes it is there is already a firewall set up for my home network self its just to restricted to put a server on and now i rerouted from a switch in front of the old firewall to one i do have control over, now i have my server plugged right into it and a router in another ethernet port. The whole network has been setup now i only need to open the port for the server, the whole reason i did all this effort in the first place

thank you,
Coolxm

[coolxm]

ok the dmz didnt work i cant connect with teamviewer anymore

9 minutes ago, GSN said:

If you follow my above instructions, you can't go far wrong. You can try the use of the DMZ port but this won't do much good for securing the rest of your network, you really need to make the firewall the first point in your network after the WAN modem to make the most of it.

 

[GSN]

4 minutes ago, coolxm said:

yes it is there is already a firewall set up for my home network self its just to restricted to put a server on and now i rerouted from a switch in front of the old firewall to one i do have control over, now i have my server plugged right into it and a router in another ethernet port. The whole network has been setup now i only need to open the port for the server, the whole reason i did all this effort in the first place

thank you,
Coolxm

Running Firewalls on top of Firewalls is never a good thing, you'll get too many conflicts in rules and policies between them. Pick a firewall and rely on just the one. If the one you have control over is working fine then go ahead and use that one, 9/10 you're pretty secure on your home network anyway, people don't typically try to penetrate home networks.

[coolxm]

1 minute ago, GSN said:

Running Firewalls on top of Firewalls is never a good thing, you'll get too many conflicts in rules and policies between them. Pick a firewall and rely on just the one. If the one you have control over is working fine then go ahead and use that one, 9/10 you're pretty secure on your home network anyway, people don't typically try to penetrate home networks.

ok ill use a splitter, one goes to the server and one goes to the firewall wich then goes to all my consoles and stuff

[coolxm]

2 minutes ago, GSN said:

Running Firewalls on top of Firewalls is never a good thing, you'll get too many conflicts in rules and policies between them. Pick a firewall and rely on just the one. If the one you have control over is working fine then go ahead and use that one, 9/10 you're pretty secure on your home network anyway, people don't typically try to penetrate home networks.

thanks

[GSN]

Just now, coolxm said:

ok ill use a splitter, one goes to the server and one goes to the firewall wich then goes to all my consoles and stuff

Much better way of doing it, if you're going to use multiple firewalls then splitting your network into zones will make management of both far easier. Let me know how you get on and if you need any help configuring.

[coolxm]

On 8/14/2019 at 12:39 AM, GSN said:

Much better way of doing it, if you're going to use multiple firewalls then splitting your network into zones will make management of both far easier. Let me know how you get on and if you need any help configuring.

So ive been streaming on my server and someone already tried to ddos me,

I think the router and my isp took the brunt of it since im connected with my dad's buisness internet service so i think that helped but i would still like to add that firewall in there cause it has ddos protection

[coolxm]

2 hours ago, coolxm said:

So ive been streaming on my server and someone already tried to ddos me,

I think the router and my isp took the brunt of it since im connected with my dad's buisness internet service so i think that helped but i would still like to add that firewall in there cause it has ddos protection

FIXED IT

i have it done