I think it might be time for some equipment overhauling on the network in general.

So you l447 h4x0rz can more quickly get into my network, here's a quick description of how things are set up.

The broadband comes in through the media converter (an unaddressable from my end box, and near as I can tell, invisible via IP, so it's probably only MAC addressable by the provider). This connects to an old 8-port D-Link 10/100 switch. Also on the switch are three SOHO routers and one of the Solaris servers. Everything attached to the switch, except the aforementioned media converted, is IP addressed via DHCP by my Internet provider; that is, this is the Internet part of my network. My service allows for 5 IP addresses, four of which I'm using (three routers and one server). This is somewhat fast at 5Mb/s inbound and 1.5Mb/s outbound--whee!

The Solaris server connected outside any firewalls is the one currently being replaced. The goal is to move it inside the firewall, possibly with another SOHO router between it and this "external" switch. Until then, I'm relying on my adept skills to keep ahead of the hackers, some of which simply found a soft password for an account (that never used the shell, but still had one configured). A lot of attempts are made, but none succeed. This will probably still happen, as I'll still have SSH open to the box, for my access needs.

One of the SOHO routers is actually a VoIP gateway and provides my telephone service. It is connected to the Internet switch and then to the phone lines in the house. Its LAN port is not connected to any devices, although I did have to plug a PC in there to configure the server. Unfortunately, I could not get it to behave and accept a LAN address compatible with the rest of my network, so it just eats one of my Internet IPs.

The other two SOHO routers are attached to a LAN-side (internal network) 8-port 10/100 switch.

One of the routers provides a 4-port switch, into which the server for which it provides the NAT services (technically, this server) is connected. It's configured to allow only a few ports; SSH, HTTP, SMTP, and FTP, I think. Off the top of my head anyway, that's the full list. Maybe TELNET, too, but that'll probably be closed if I bother to look--everyone should SSH instead.

The other router has only one LAN port and is connected just to the internal switch. This router provides NAT to the other (yes third) web server on the network, with only HTTP and FTP ports open (it's an old Windows NT Server with neither SSH or TELNET services). This server is going to be retired, with its few websites converted to PHP or Java/JSP and moved to the same server that will replace the DMZ Solaris server.

The LAN-side switch also hosts the other internal servers, as well as connections to the office and second floor LAN ports. This switch should probably be upgraded to a 10/100/1000 switch, although there's really only two devices on the network currently supporting 1000Mb speeds.

So, now that you know the lay of the land. The servers were off-line for a few hours this evening, although I didn't know it, because my ISP stopped serving DNS. One of the Sun Ray devices is on my desktop in the office, and I monitor the server's activity with simple performance meters and a scrolling log window. Very TV-like... Anyway, the server still had activity. However, I couldn't "leave" the network 'cause DNS didn't work.

I tried resetting the routers, first by politely releasing then renewing their DHCP leases, but that returned only the same stuff. I reset the switches, too, just 'cause they were there. And the media converter the second time through the network gear power cycles. Once everyone's power came back on, new addresses and DNS were assigned. Bug in the ISP's DHCP or the media converter needed to renegotiate something.

A round of re-registerind with the dynamic DNS service I use, and all of my servers were back, traffic flowing both ways. The frustrating bit is that I'm not sure what caused or fixed the problem. I just know that powering down all of the network gear did the trick.

It occurs to me just now that I didn't reset the VoIP box...nope, no dial tone on the phone...I'll do that on the way back to bed.