How to secure my network without clearOS?

By deep1234
in Smart Home, Network & Security

 Share

Recommended Posts

Mentor

deep1234

Posted
Posted

Hi guys. My current home network setup is I am using ClearOS as a gateway. Two NIC, one end to the ISP modem and the other to a switch that connects to two access points. 

 

The problem is my ISP have upgraded the network to manage high speed internet using specific routers with custom PNP configuration. So, I need to remove the ClearOS gateway that I love so much to use there devices instead. So considering the new scenario, what are my options to secure my network with similar features ? I know about installing firewall software on each PC, but honestly I don't like it.  

 

Please advise me. Thanks,

Experienced

Marujan

Posted
Posted

leave ClearOS behind specific routers

 

+ Endian

+ Zentyal

+ Sophos UTM

 

Mentor

deep1234

Posted
  • Author
Posted
  On 27/11/2016 at 19:30, Marujan said:

leave ClearOS behind specific routers

 

+ Endian

+ Zentyal

+ Sophos UTM

 

Expand  

You mean behind the ISP router or the list you mention? And in what mode are to be connected as if not a gateway?

Experienced

Marujan

Posted
Posted (edited)

ETISALAT?

 

eti.JPG

Experienced

Marujan

Posted
Posted (edited)

no need to protect your modem, just set hard P@55W0RD#$&* for modem

 

Protect internal network from downloading of viruses,black list sites and install speed cache

Grand Master

oldtimefighter

Posted
Posted (edited)

Isn't a dedicated box for a gateway a little overkill on a home network? I'd hate using an ISP that requires the use of their own router/wireless access point. You don't have any control of the router? Firewall? Disable pinging it? How many PCs are on this network?

Mentor

deep1234

Posted
  • Author
Posted (edited)
  On 27/11/2016 at 20:07, oldtimefighter said:

Isn't a dedicated box for a gateway a little overkill on a home network? I'd hate using an ISP that requires the use of their own router/wireless access point. You don't have any control of the router? Firewall? Disable ping? How many PCs are on this network?

Expand  

The dedicated PC is very old machine (Core2Duo) but works great as a gateway. With all the features that it gives me for free, I don't like going online without it. 

 

We have around 10+ devices here at home. I don't have full info on the ISP router, but as far as I know the specs are not so great and that you cant do much on it. 

Experienced

Marujan

Posted
Posted

see image

 

eti.JPG

Grand Master

oldtimefighter

Posted
Posted (edited)
  On 27/11/2016 at 20:16, deep1234 said:

The dedicated PC is very old machine (Core2Duo) but works great as a gateway. With all the features that it gives me for free, I don't like going online without it. 

 

We have around 10+ devices here at home. I don't have full info on the ISP router, but as far as I know the specs are not so great and that you cant do much on it. 

Expand  

I didn't ask about devices but PCs... Unless you are rooting your tablets and phones they aren't much of a security risk compared to your Windows PCs. Most routers have built-in firewalls so I would look into that and if you only have a couple of PCs just employ endpoint security.

Mentor

deep1234

Posted
  • Author
Posted
  On 27/11/2016 at 20:46, oldtimefighter said:

I didn't ask about devices but PCs... Unless you are rooting your tablets and phones they aren't much of a security risk compared to your Windows PCs. Most routers have built-in firewalls so I would look into that and if you only have a couple of PCs just employ endpoint security.

Expand  

I am totally with you, but I like to keep my LAN network connectivity secure. As I said, I have a free old machine with no use. Then install ClearOS which gives me intrusion detection and prevention also a very much improved latency for gaming. Plus more.

 

 

Grand Master

+BudMan MVC

Posted
  • MVC
Posted
  On 27/11/2016 at 19:18, deep1234 said:

The problem is my ISP have upgraded the network to manage high speed internet using specific routers with custom PNP configuration.

Expand  

So why do you have to remove your clearos?  Are you saying they will not provide a public IP anymore to device you put behind their device, and now you have to be behind their nat?  Will they not put their new device into bridge mode and provide you a public IP?

 

If not then just double nat..  Worse case scenario if they do not allow for a "dmz" host then you have to do you port forwards in both places is all. 

 

I would turn off their wifi if they provide it on this new device they are giving you.

 

You end up with this..

 

doublenat.png

 

So you put your 192.168.A.Y address into the isp device dmz host role.  And then just do your port forwards on your clearos box.  Or if they do not support that, then if you want to forward 80 to your network  You would first have to forward in your isp device to clearos wan IP 192.168.A.Y, then forward your box you want to see the 80 traffic say 192.168.B.14

 

While yes it is better to not double nat, but if you must you must.  While it comes with its own possible issues, it does work - and millions of people are doing..  Its just not optimal is all.

 

The issue that hangs most people up on such a setup is their isp devices hands out 192.168.0/24 and then they try and use the same 192.168.0 network behind their router, etc.  As long as you use non overlapping networks you should be fine which is why I labeled them A and B, etc.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.