Hi, everyone.

I have two separate things I want to do. I apologise beforehand for my mouthful of clueless questions.

Say I have a group of computers on a LAN, each of which publishes something at http://192.168.1.x or ftp://192.168.1.x, where x ranges from 2 through 8, say (there are not that many computers). They do not all run a Windows OS; some can be MAC or Linux. This collection of addresses is my intranet, since access to these addresses requires direction connection by the router; right?

First, say that I do not know everything that each computer is publishing on the intranet because they are run by different people. Is there a way to comprehensively see all things that are published on the LAN?

Second, is there a way to make a public gateway that securely encrypts all content on this manner of intranet and that makes the intranet available on the internet only by login, noting that the OSes are different on the different computers? (This is probably vague on the technical side, but the idea is more or less clear.)

Appreciate your feedback.

You can use a Virtual Private Network (VPN) to encrypt the Intranet connections and transport the communication using the public Internet via "tunneling protocols".
The VPN will require a network login password to establish the connection.

FTP sites can be set for various levels of security, either with passwords or open server. A secured FTP site is much safer.

Let me add that each PC on the LAN/Intranet can have web (http and ftp) servers or any other server applications and that they can all be accessed within the LAN by using the various host PCs in question's IP address or name on the intranet.

The router can be set to port forward (port 80 and port 21 respectively are the defaults for http and ftp) to just one of the servers but be warned that this is not a secure way to go.

Using SSH directly or for tunnelled connections is one secure way to go but it would be helpful if you better describe who you want to allow access to and to which PCs or PC shares on the intranet. In other words, more simply, what do you want to achieve in a layman's terms. PrntRhd is probably spot on that a VPN would be what you want to set-up.

The reasons I described what I want to launch as a secured intranet are:

1. one computer has the role of hosting large amounts of data together with the ability to be turned on remotely; it is called only when needed because we do not want its 7.27 GB to be spinning 24/7. Also, obviously if the computer is off it will not be able to host a gateway to the secure intranet, and we also don't want to port forward the ability to users on the internet to remotely turn it on. Ultimately this computer needs to stay completely inside the intranet

2. another computer will host its own files and server applications but is transient because it is a laptop that someone brings and takes from the LAN; this laptop runs Linux or is a MAC. For various reasons it should remain a necessary part of the intranet.

3. a separate computer is generally on all the time, so this is a natural choice to host a gateway page to the intranet; but I wonder if there is maybe a hardware solution to host an encrypted gateway that also is an integrated VPN. Is there?

My router seems to have VPN options; having checked some of the options (IPSec etc.), it doesn't seem to have changed anything. Does it require separate software? I did download some open VPN program; it wasn't very large (~1 MB), and of course I have no idea what it is. Anyway, is the SSH or VPN configured ultimately with software or is there an easy hardware solution? Thanks!

Again, sorry for more absolutely clueless questions.

Is https secure by virtue of being port 443?

From my university days there was a client used to access the university resources, and that client was called vpn. Is this secure
remote access from internet the same idea? If so, I'm not sure this is what I need. I mostly need to set up a secure webpage serving as a gateway that gives access to my LAN's resources (mostly by ftp).

Thanks!

Is https secure by virtue of being port 443?
It is not the port that has anything to do with being secure or not. Ports are just numbers that indicate which protocol is to be used by default so that, for example, the correct server application is targeted with the appropriate packets of information. The https protocol is one of the protocols served by a web server and there is first a handshake between client and host and thereafter during that session all information is encrypted during transmission. These are the web pages that show a padlock in a corner of the browser somewhere. Being encrypted means that anyone trying to sniff the data will get nowhere but of course anyone granted access would have the same access as anyone else with the same credentials.

Port forwarding by a router is a necessity so that incoming requests from "clients" (the whole world of course) on the WAN side get sent to just one PC on the LAN - the one that it is desired to host that particular server application; the one configured to use one specific port. An alternative is to connect the web directly to a server PC and allow that PC to become the de facto router, firewall, gateway, etc.

With your mix of on-and-off PCs and the mix of Windows, Mac and Linux one thing you might like to try is TeamViewer (http://www.teamviewer.com/en/index.aspx). When installed on both client and any host computer on the LAN the default usage is for either a remote desktop or a remote presentation but it can also be configured to function as a VPN or indeed to directly transfer files between the PCs. Both client and host communicate via Team Viewer's Servers and since the requests come from both PCs there is no problem with routers or firewalls.

Using FTP (or better SFTP) is not going to be straightforward unless you only set-up access to one particular PC.