Re: Help In network configuration.
From: Chip (anonymous_at_discussions.microsoft.com)
Date: 02/10/04
- Next message: Christopher Fox: "PDS Folder With Profile"
- Previous message: Murat: "Re: nslookup"
- In reply to: Doug Sherman [MVP]: "Re: Help In network configuration."
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 10 Feb 2004 05:42:01 -0800
Hi Doug,
Thanks a lot for the followup. I have found a
Firewall/Router from the same DLink family which is for
Corporates and Medium Business requirements and available
in my region.
http://www.dlink.co.in/dlink/Products/firewalls/dfl1000.htm
I was able put something on paper from the Inputs I got
from you and after studying the features supported by the
product.
1] I will terminate the line I get from ISP on external
port of a router.
2] I will run a cable from Internal Port of router to the
external port of firewall.
3]Run a cable from Firewall's "LAN internal Port" to the "
LAN Switch"
4]Run a cable from Firewall's "DMZ Port" to Central
Servers Switch.
5]Configure Firewall for NAT and PAT ( hopefully this will
be done by the vendor based on our requirements) so that
the application servers will be able to access the DMZ as
well as Internet. Apply firewall policies to
access/restrict DMZ network from outer world.
Was I able to do some homework? :-)
Also I have one doubt.. Do the MS SMTP services in DMZ
network be able to deliver mails to other domains?
In the Hardware description of product is says..
**DMZ Port: Use this port to connect to the company's
server(s), which needs direct connection to the Internet (
FTP, SNMP, HTTP, DNS).**
Thanks for your patience.
Sincere Regards
Chip
>-----Original Message-----
>The DLink and many other routers will easily meet your
requirements. I
>mentioned the DLink because it is capable of mapping more
than one public IP
>address - a feature which some cheaper routers don't
offer.
>
>The idea is to assign private IP addresses to all
computers including your
>'Central Servers'. That way they can all communicate
with eachother. You
>then use your hardware router to map the public IPs or
appropriate ports to
>the private IP addresses of your Central Servers. As I
said previously, you
>could also place the Servers in a DMZ and the router
would still allow you
>to communicate with them. This is another feature
supported by routers such
>as the DLink.
>
>Doug Sherman
>MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
>
>"Chip" <anonymous@discussions.microsoft.com> wrote in
message
>news:d71201c3ef80$c438b950$a001280a@phx.gbl...
>> Hi Doug,
>>
>> Thanks for your valuable inputs. Since this will be a
24x7
>> production setup, I cannot afford for a software NAT.
>>
>> Firstly, I will be having a 1Mbps internet bandwidth
from
>> a ISP which is expected to be terminated on
>> Firewall/router. From that point I will pull a RJ45
Cable
>> to a Gigabit Switch. Assign two public IPs to the 2
>> Centralised Servers & gateway settings(these servers
will
>> have their own SAN boxes)and open relevant ports in the
>> firewall. The application Servers will have private IP's
>> and as i wrote earlier.. they should be able to talk to
>> Central Servers. Any other Ideas?
>>
>> Sorry I thought it would be a lengthy post initially &
>> restricted myself.
>>
>> Sincere Regards
>>
>> Chip
>> >-----Original Message-----
>> >You can put all these servers on a single ethernet
>> network and use a
>> >hardware router to map the 2 public IPs to the Central
>> Servers. You don't
>> >tell us what kind of Internet connection you have, but
an
>> example of a full
>> >featured Cable/DSL router is:
http://dlink.com/products/?
>> pid=66 - cost
>> >about $300 - you can probably find suitable devices for
>> less. The DSL 300
>> >and many other such devices also provide DMZ support so
>> you can isolate your
>> >public servers for extra security.
>> >
>> >You could also configure a software router by
installing
>> a second NIC card
>> >in one of your Central Servers, connect all other
>> machines through a switch
>> >to one NIC, and connect the other NIC to your Internet
>> connction. Then use
>> >Win2k or Server 2003 RRAS to configure NAT, map the
other
>> IP address, etc.
>> >
>> >Don't know exactly how your PSTN fits into all of this.
>> >
>> >Doug Sherman
>> >MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
>> >
>> >"Chip" <anonymous@discussions.microsoft.com> wrote in
>> message
>> >news:d86001c3ef3c$0658e070$a501280a@phx.gbl...
>> >> Hi,
>> >>
>> >> I guess I might not be posting my query in right
place.
>> >> But I thanks in advance if someone can suggest me a
>> >> solution or a right news group..
>> >>
>> >> I am doing sketch for a newtork configuration. The
>> network
>> >> will have 24 application servers, 2 Central Servers (
>> >> hosting IIS(www,ftp,smtp), SQL Server 2000.
>> >>
>> >> The application servers will be interfaced to a
PSTN &
>> >> the 2 Central servers will be on Public IP Network.
>> since
>> >> I cannot buy 24 public IPs for the application
servers I
>> >> want to put them in private network . Now how do I
make
>> >> the application servers which are in private network
to
>> >> communicate with Central Servers of Public network?.
>> >>
>> >> I need this so that the application server can
>> communicate
>> >> with MS SMTP of Central Server for sending emails
using
>> >> CDO and communicate with SQL Server for some other
>> >> operations. The application servers should also be
able
>> >> to access Internet for Just in case for windows
Updates,
>> >> virus updates etc.
>> >>
>> >> I am looking for a hardware based solution at a
>> reasonable
>> >> cost. something like Network Address Translating
device.
>> >>
>> >> Regards
>> >>
>> >> Chip
>> >
>> >
>> >.
>> >
>
>
>.
>
- Next message: Christopher Fox: "PDS Folder With Profile"
- Previous message: Murat: "Re: nslookup"
- In reply to: Doug Sherman [MVP]: "Re: Help In network configuration."
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
