how to allocate multi public ips to server behind firewall/router ?
Hi,In theory i have my network setup like this:ISP|| (fibre)|(hardware1)|| (ethernet)|(switch)_______ (server1)|(server2)How do i allocate a PUBLIC IP to server 1 and server 2 ?What hardware do i use at section (hardware1)Assume i patch cable direct from (hardware1) to ISP router.I have only used NAT before to forward a single public ips ports to servers behind (hardware1). So (hardware1) subnets are different on its WAN and its LAN interface. Dont understand how (server1) and (server2) can obtain a public IP from the ISP if there is hardare between them and the ISP network.Any advice , links, abuse : ) .. welcome, just trying to understand.thanks for your timeScott
March 20th, 2008 3:17pm

There areat least threeways: Different public IP addresses for both servers This can basically be done when two requirements are met: The ISPasigns a routed subnet, instead of a single IP address to the (Hardware1) device The (hardware1) device allows reverse proxying / server publishing / exposed hosts The (hardware1) device can be: ACisco (or equivalent) Firewall device (for instance an ASA device)(equipped witha fibre interface) AMicrosoft Windows Server equipped with (a fibre interface and) Routing and Remote Access Services (RRAS) AMicrosoft Windows Server equipped with (a fibre interface and) Internet Security and Acceleration (ISA) Server Same public IP address but different services on both servers When (Server1) and (Server2) don't both offer the same services (for instance: they're not both webservers) you can use NAT in combination with reverse proxying / server publishing / exposed hosts on one external interface and redirect traffic based on service.for (Hardware1) Youmay use: Any firewall device (with a mediaconverter (fibre to copper) in front of it) ACisco (or equivalent) Firewall device (for instance an ASA device)(equipped witha fibre interface) AMicrosoft Windows Server equipped with (a fibre interface and) Routing and Remote Access Services (RRAS) AMicrosoft Windows Server equipped with (a fibre interface and) Internet Security and Acceleration (ISA) Server Same public IP address but different public hostnames Microsoft Internet Security and Acceleration (ISA) Server allows for publishing based on Host Headers. This functionality allows for publishing multiple servers with the same services (for instance: Web servers) but with different domain names. Security considerations When security reasons dictate otherwise you may need to throw in extra measures like setting up a De-Militarized Zone (DMZ) in which to place the two servers, incorporate deep packet inspection with anti-virus, use Intrusion Detection and/or Intrusion Protection Systems.
Free Windows Admin Tool Kit Click here and download it now
March 21st, 2008 11:56am

Thanks very much for the reply. Very helpful stuff. 3. Same public IP address but different public hostnames > yip i do this at the moment. I understand. 2. Same public IP address but different services on both servers > yes i do this too. I understand. 1. Different public IP addresses for both servers >This concept is new to me but certainly explains the setups i see with ISPs. So subnet routed to HARDWARE 1giving me multi IPs to assign. Any resouces you can post to help me to understand how to configure hardware to do this ? Is the ISP subnet assigned to hardware1 WAN on LAN interface ? ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- This can basically be done when two requirements are met: The ISPasigns a routed subnet, instead of a single IP address to the (Hardware1) device The (hardware1) device allows reverse proxying / server publishing / exposed hosts The (hardware1) device can be: ACisco (or equivalent) Firewall device (for instance an ASA device)(equipped witha fibre interface) AMicrosoft Windows Server equipped with (a fibre interface and) Routing and Remote Access Services (RRAS) AMicrosoft Windows Server equipped with (a fibre interface and) Internet Security and Acceleration (ISA) Server ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- I understand the DMZ stuff too thanks. Thanks you for your time Scottt
April 9th, 2008 10:53am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics