Hardened network using RT-AC88U

[Travis Moore]

I have bought a server for the purpose of web/game hosting from home, I would like to set up the server to be isolated from the rest of my network for protection from malicious attacks. The only options I see listed are Guest Network, which only seems to apply to wireless devices, and DMZ.

Does anyone have experience setting up an Asus RT-AC88U for safe hosting?

 

[drtweak]

Are you looking to completely segerate it form the rest of your network or have it be on the same network but safe from other PC's?

 

[Travis Moore]

Are you looking to completely segerate it form the rest of your network or have it be on the same network but safe from other PC's?

I am looking to have it be on the same network, but segregated. A seperate subnet or guest network would be fine, but it would need to be hard wired, and the guest network menu only seems to have options for wireless devices.

 

[drtweak]

well a separate subnet or guest network sounds like it won't be on the same network (at least IP wise)

I was going to say flash DDWRT onto it as i have done that with a few RT-N66U's but the one you have isn't supported.

All DMZ does it forward all incoming traffic to that one IP address. To me it sounds like you may either 1) have to get a router that does VLANs or 2) Get a second router to put behind it to put it on its own network.

Any reason for trying to segregate it?

 

[Travis Moore]

well a separate subnet or guest network sounds like it won't be on the same network (at least IP wise)

I was going to say flash DDWRT onto it as i have done that with a few RT-N66U's but the one you have isn't supported.

All DMZ does it forward all incoming traffic to that one IP address. To me it sounds like you may either 1) have to get a router that does VLANs or 2) Get a second router to put behind it to put it on its own network.

Any reason for trying to segregate it?

I don't think I understood your question, a seperate subnet would stop it from talking to other network devices, but still allow me to get to WAN traffic for hosting.

I want it segregated for the eventuality that my server falls under attack, when hosting it's usually a matter of when, rather than if you get attacked while hosting game servers.

 

[drtweak]

well a separate subnet or guest network sounds like it won't be on the same network (at least IP wise)

I was going to say flash DDWRT onto it as i have done that with a few RT-N66U's but the one you have isn't supported.

All DMZ does it forward all incoming traffic to that one IP address. To me it sounds like you may either 1) have to get a router that does VLANs or 2) Get a second router to put behind it to put it on its own network.

Any reason for trying to segregate it?

I don't think I understood your question, a seperate subnet would stop it from talking to other network devices, but still allow me to get to WAN traffic for hosting.

I want it segregated for the eventuality that my server falls under attack, when hosting it's usually a matter of when, rather than if you get attacked while hosting game servers.

lol i'm CCNA Certified I know about networking.

So if you want it fully segregated from your main network then you either need a Router that can do VLan's or you need to put another router behind it to put it on a seperate subnet. Only issue with that is now you have a double NAT.

The ASUS Router is not designed to do that. It is a normal consumer router. If you had a router that either 1) Could be flashed with DDWRT (I have and made 3 different VLANs for this client of mine using a ASUS RT-N66U) 2) Is more low end enterprise like Cisco, SonicWall,UniFi that have the ability to do all of those and do what you want it to do.

 

[Travis Moore]

well a separate subnet or guest network sounds like it won't be on the same network (at least IP wise)

I was going to say flash DDWRT onto it as i have done that with a few RT-N66U's but the one you have isn't supported.

All DMZ does it forward all incoming traffic to that one IP address. To me it sounds like you may either 1) have to get a router that does VLANs or 2) Get a second router to put behind it to put it on its own network.

Any reason for trying to segregate it?

I don't think I understood your question, a seperate subnet would stop it from talking to other network devices, but still allow me to get to WAN traffic for hosting.

I want it segregated for the eventuality that my server falls under attack, when hosting it's usually a matter of when, rather than if you get attacked while hosting game servers.

lol i'm CCNA Certified I know about networking.

So if you want it fully segregated from your main network then you either need a Router that can do VLan's or you need to put another router behind it to put it on a seperate subnet. Only issue with that is now you have a double NAT.

The ASUS Router is not designed to do that. It is a normal consumer router. If you had a router that either 1) Could be flashed with DDWRT (I have and made 3 different VLANs for this client of mine using a ASUS RT-N66U) 2) Is more low end enterprise like Cisco, SonicWall,UniFi that have the ability to do all of those and do what you want it to do.

I was afraid that was going to be the answer I got, I'll probably end up getting a different router capable of setting up a VLAN if I can't make this setup work. Thank you for your time and help.