Home file server - keep off internet, lan only?

[hippovsmouse]

If I have a small basic windows-based home file server or nas, how could I keep it off the internet, while allowing it lan access only? I see no reason to have that machine on the internet.

Thanks

 

[Elixer]

Depends on the unit & how you set things up.

 

[PhIlLy ChEeSe]

You'll need a mother board in your main computer with dual NIC'S or a router, or...........

 

[hippovsmouse]

It's connected to my router so I can remote into it/share the drive on my small network etc
Just see no need to have it on the internet

 

[hippovsmouse]

ok here's what I did:

on the "server" I opened my firewall and blocked outbound tcp, blocked udp- except I made a rule to allow udp on port 3389 (remote desktop port)
blocked icmp & icmpv6

went into properties for ip and changed the default gateway to something on a different subnet (machine can't get an ip from my router now)

remote desktop and shared network drive both seem to work fine.

do I need to set any rules in my router?

Did I do it right? Advice appreciated

 

[Ketchup]

All I did was:

Static IP address on the server.
Standard subnet.
No default Gateway.

Works fine for me, and available anywhere on the local network through remote desktop, shared folders, and other apps needed for tablets, etc. You will want to reserve the ip address on your router, so that it doesn't waste time trying to dish out the ip address to another device.

 

[dave_the_nerd]

I see no reason to have that machine on the internet.

Downloading software patches.

By all means, firewall it so that nobody from the outside world can get TO it, but it should probably still have the ability to get out onto the internet itself.

 

[frowertr]

Downloading software patches.

By all means, firewall it so that nobody from the outside world can get TO it, but it should probably still have the ability to get out onto the internet itself.

+1

 

[Ketchup]

+1

I don't miss it personally. And with my configuration, it take all of 5 seconds to re-configure and get Windows Updates. But since I am not on the Internet, I don't need most of them. I usually let it update once a year just in case there might be a usability update in the mix.

As far as other programs, I just get them off one of the others and put them in a shared folder if the server needs to run them.

 

[frowertr]

And that's fine if that works for you. Nothing wrong with doing it that way. Myself, I'd forget in about a month or two's time what I did to "lock down" the computer from the Internet. Would make for a frustrating 15 minutes or so trying to remember the steps I need to undo.

 

[hippovsmouse]

Why does it need internet access for windows updates? It's just a file server, I assume keeping that machine off the net helps to secure it.


The only thing is (I hadn't thought about this before) if I wanted to set up an ftp server or something, to share some files to myself when i'm not at home - I couldn't do it from the server directly, I would have to use a 2nd old computer I have, access the files I want to share to myself from that 2nd computer via the network, then set up the ftp on that 2nd computer.

So disallowing internet on the server may secure it more, but necessitates another computer if I want to share some of those files to myself over the internet.

This is just an (interesting) learning exercise for me, so I'm enjoying the learning rather than finding it frustrating

 

[frowertr]

Why does it need Internet access for Windows Updates? Well unless you are running a WSUS server, it needs access for those updates. Of course, you don't have to ever update the OS. That's up to you.

I find it too restrictive for myself but if it works for you then rock on.

 

[Ketchup]

Sure, having it on local only is a sacrifice, so it is up to you how far you want to go with it.

There is free online storage all over the place (onedrive, for example), so you could always use something like that for data you want to share, if you don't want to necessarily open an access point to your server.

 

[hippovsmouse]

Sure, having it on local only is a sacrifice, so it is up to you how far you want to go with it.

There is free online storage all over the place (onedrive, for example), so you could always use something like that for data you want to share, if you don't want to necessarily open an access point to your server.

I'd just as soon not use a cloud service.
Maybe better to keep the file server offline, and use an old laptop or computer to be the ftp server? I have an old laptop I can use - I set up the ftp and browsed via network to the files on the server that I want to share to myself on the ftp, it seems to work fine.

It's either that, or run the ftp on the server directly