[SOLVED] Setting up a network to expose the Servers at Home to internet (safely and securely)

skgan

Distinguished
Jun 19, 2013
34
1
18,535
Hi,

Want some networking advice!

Setup details: Home network on Nighthawk R7000P router (AC2300). One Dell R740 Server connected to the home network via Netgear XS708Ev2 switch.
Working on a project that requires me to share my Dell R740 server. How do I safely and securely expose the server to someone outside my network (in a different physical location)?

Thanks for the advice/help.
-Skgan
 
Solution
For HTTPS, I would probably port forward. Single port, pretty straight forward. A web server will be an attack target so you need to do appropriate hardening.
3 ways:

1. On router's DMZ if you have nothing secured on that server. Server hacked, no big deal.

2. Use Port Forwarding on router (make a hole), you are typically providing specific service to this user, not open the whole box to him, for example u just want to host an HTTP service, and that's all he can do, HTTP.

3. This is a super user who needs complete access to your box, VPN.
 

skgan

Distinguished
Jun 19, 2013
34
1
18,535
I have not setup anything on the router or on the server. Wanted to know which was the best approach first. All the access the outside person needs is access to the server (Windows Server 2016).
 

kanewolf

Titan
Moderator
I have not setup anything on the router or on the server. Wanted to know which was the best approach first. All the access the outside person needs is access to the server (Windows Server 2016).
Determining what network protocol(s) you want to use is the first thing. You say you have "a project that requires" external connectivity. What protocol will be used? HTTPS? FTP? NFS? VPN? That info is required to make an intelligent choice in connectivity.
 
Setup RRAS (VPN) on the server, and port-forward it from the router. Let the person dial-in into the server, and become on a isolated "network" inside it. Depending on how much you trust that user, you can give him/get (very) limited or administrative rights over the server. Think whether you want to let the user RDP into the server, you're opening a (big) hole into your internal network this way.
 
  • Like
Reactions: skgan