Task
Setting up a HotLan?
Hello, hope everyone is doing well.
Goal: I would like to setup a hot lan for a server (game server) for others to administrate. I have a box that I don't use and rather than spend time configuring an administrative account with server privileges on a flat network, I thought it would be quicker to just segregate this server with a hotlan vlan since it supports nat for security. I'm only comfortable doing gui things by the way. I never could get ssh configured I don't believe on my gateway. The server in question is Windows Server 2019. How would I go about this?
*Questions*
1. I only have one IP address from my ISP through dhcp. Would I set up ddns to that particular server for remote rdp and configure my clear DNS as such? Is this how myself and the remote users will access this box?
2. Is there a more secure way to setup rdp through maybe openvpn to this server? I have OpenVPN on my clearos firewall/gateway configured under a clearos domain, but I think that would give access to my whole network under my clearos ddns? Would I install open vpn on the server to use a the separate ddns address?
3. VLAN is set as follows (example). I never configured a vlan, but I know the principles
Home network: 192.168.0.1
Hot vlan: 192.168.1.2
4. I have a layer-3 switch as well. Do I need to configure a port for this vlan or any other config I should consider on this switch?
5. I do have the ability to put in a 3rd network card in my ClearOS box. I thought a vlan would be easier. The issue I have had in the past of adding this 3rd network card post ClearOS install and config is it changes my NIC assignments and messes with my network. I can't recall but, I think it changes my ability to remotely access clear.
Thank you! Sorry for the questions but I'm getting pretty rusty in the IT department.
Goal: I would like to setup a hot lan for a server (game server) for others to administrate. I have a box that I don't use and rather than spend time configuring an administrative account with server privileges on a flat network, I thought it would be quicker to just segregate this server with a hotlan vlan since it supports nat for security. I'm only comfortable doing gui things by the way. I never could get ssh configured I don't believe on my gateway. The server in question is Windows Server 2019. How would I go about this?
*Questions*
1. I only have one IP address from my ISP through dhcp. Would I set up ddns to that particular server for remote rdp and configure my clear DNS as such? Is this how myself and the remote users will access this box?
2. Is there a more secure way to setup rdp through maybe openvpn to this server? I have OpenVPN on my clearos firewall/gateway configured under a clearos domain, but I think that would give access to my whole network under my clearos ddns? Would I install open vpn on the server to use a the separate ddns address?
3. VLAN is set as follows (example). I never configured a vlan, but I know the principles
Home network: 192.168.0.1
Hot vlan: 192.168.1.2
4. I have a layer-3 switch as well. Do I need to configure a port for this vlan or any other config I should consider on this switch?
5. I do have the ability to put in a 3rd network card in my ClearOS box. I thought a vlan would be easier. The issue I have had in the past of adding this 3rd network card post ClearOS install and config is it changes my NIC assignments and messes with my network. I can't recall but, I think it changes my ability to remotely access clear.
Thank you! Sorry for the questions but I'm getting pretty rusty in the IT department.
In Gateway
Share this post:
Responses (6)
-
Accepted Answer
My apologies Nick, I haven't been in IT in awhile. A regular cable would do? I may purchase a dumb switch eventually for this hotlan, but I think this is the only server I want in the hotlan. I did configure openvpn for windows. It's kind of a pain, but perhaps wouldn't be for you. The config uses many linux attributes. I have to admit openvpn is very streamlined and easy with the COS module.
Nick Howitt wrote:
Many (most) NICs and switches support automatic crossover (MDIx, I think) so it is unlikely you will need a crossover cable. -
Accepted Answer
-
Accepted Answer
Thanks for your response Nick! Adding another NIC card maybe with just a crossover cable may be a good idea. I'm pretty sure I was messing around with adding a NIC for another project while on v. 7 that I noticed this but it was a very early version.
Nick Howitt wrote:
1 - port forward the relevant ports to the game server
2 - yes, use rdp through OpenVPN and don't port forward. You can access the server directly by its LAN IP address. If you want to use FQDN you have to do a bit more. It would give people access to the whole LAN. You could set up OpenVPN to your windows server but I don't know how. You will need to port forward OpenVPN through ClearOS.
3 - Those are not good subnets especially if you want to use OpenVPN as they are too common. For OpenVPN, the local and remote subnets need to be different, but most home routers I've seen use one or the other of yours.
4 - possibly for it to be VLAN aware, but and you want to create a separate LAN. If you use a dumb switch then the NIC in your server needs to support being configured with a VLAN tag. Some do, some don't.
5 - In older versions of ClearOS which used ethX NIC identities adding a NIC could change things. Now, at least in ClearOS 7 and possibly 6, adding another NIC should not change existing NIC assignments. -
Accepted Answer
1 - port forward the relevant ports to the game server
2 - yes, use rdp through OpenVPN and don't port forward. You can access the server directly by its LAN IP address. If you want to use FQDN you have to do a bit more. It would give people access to the whole LAN. You could set up OpenVPN to your windows server but I don't know how. You will need to port forward OpenVPN through ClearOS.
3 - Those are not good subnets especially if you want to use OpenVPN as they are too common. For OpenVPN, the local and remote subnets need to be different, but most home routers I've seen use one or the other of yours.
4 - possibly for it to be VLAN aware, but and you want to create a separate LAN. If you use a dumb switch then the NIC in your server needs to support being configured with a VLAN tag. Some do, some don't.
5 - In older versions of ClearOS which used ethX NIC identities adding a NIC could change things. Now, at least in ClearOS 7 and possibly 6, adding another NIC should not change existing NIC assignments. -
Accepted Answer
-
Accepted Answer
Update:
I just read in order for openvpn to use a hotlan it has to manually be added. The instructions call for ssh. So, I got ssh working however ClearOS has completely blocked my LAN machine that I use to access Clear via ssh because of too many wrong password attempts. I don't know if it was because I was copying and pasting the password into putty. That particular machine is now blocked from even accessing the internet. I don't know how to unblock it.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »