Re: Accessing server in DMZ

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Les Connor [SBS MVP] (les.connor_at_DEL.cfive.ca)
Date: 04/20/04 

Date: Mon, 19 Apr 2004 19:51:25 -0500

Users from the internet - are these domain users accessing remotely ? Or
does it host a public web site that unauthenticated users can access?

If they're domain users, then you're probably best bringing this into the
lan and making it a member server.

Even better, could you fully explain what it is you need to accomplish ? I
think there are others here who will be able to assist you much more
efficiently than I can, but I think a better understanding of the objectives
would be required. 

-- 
Les Connor [SBS MVP]
-------------------------------------
SBS Rocks !
"TRD" <tdejohnx2@hotmail.com> wrote in message
news:uqhoxwmJEHA.3084@TK2MSFTNGP10.phx.gbl...
> No it is accessed from users on the internet and users on the LAN.
>
> "Les Connor [SBS MVP]" <les.connor@DEL.cfive.ca> wrote in message
> news:edudTmbJEHA.3628@TK2MSFTNGP12.phx.gbl...
> > Hi TRD,
> >
> > So is this webserver intended to be publicly accessible ? I mean by
> > unauthenticated users from the internet side? It seems not, and if
that's
> > the case then why not make it a member server (inside the lan)? It can
> still
> > be reached from the internet this way, but only by authenticated users.
> >
> > -- 
> > Les Connor [SBS MVP]
> > -------------------------------------
> > SBS Rocks !
> >
> >
> >
> > "TRD" <tdejohnx2@hotmail.com> wrote in message
> > news:utQNuPaJEHA.1192@TK2MSFTNGP11.phx.gbl...
> > > Les,
> > >
> > > Thanks for sticking with me throught this. The Web Server is on a
> seperate
> > > subnet from the one the SBS Server and the rest of the workstations
are
> > on.
> > >
> > > The credential prompt is from the Web Server. The workstations have to
> > first
> > > browse (\\webserver\) the Web Server before they  can use the third
> party
> > > ap.  Since the workstations are on the domain and the Web Server is in
> its
> > > own workgroup when the workstations try to browse the Web Server it
asks
> > > them to authenticate first. That is part of the problem.
> > >
> > >
> > > TRD
> > >
> > > "Les Connor [SBS MVP]" <les.connor@DEL.cfive.ca> wrote in message
> > > news:%23Vq6VwIJEHA.2388@TK2MSFTNGP10.phx.gbl...
> > > > Hi TRD,
> > > >
> > > > If you do have it set up as in my ugly picture, then it should be on
a
> > > > different subnet.
> > > >
> > > > The credentials prompt - is it coming from the web server, or from
> your
> > > sbs
> > > > ? If it's from the web server, I'd think you need to do something to
> the
> > > > authentication settings for the web site there.
> > > >
> > > > -- 
> > > > Les Connor [SBS MVP]
> > > > -------------------------------------
> > > > SBS Rocks !
> > > >
> > > >
> > > >
> > > > "TRD" <tdejohnx2@hotmail.com> wrote in message
> > > > news:uqVnyNIJEHA.3120@TK2MSFTNGP09.phx.gbl...
> > > > > Les-
> > > > >
> > > > > Thanks for your reply. That is how I have it setup now. I am just
> > unsure
> > > > as
> > > > > to whether to have the web server join the domain or be in a stand
> > alone
> > > > > workgroup. The clients on the LAN have to access it but if it is
in
> > its
> > > on
> > > > > workgroup they have to provide authentication before they can
browse
> > the
> > > > > computer. The only way I know to fix that is by having the web
> server
> > > join
> > > > > the domain. Any suggestions
> > > > >
> > > > > TRD
> > > > >
> > > > >
> > > > >
> > > > > "Les Connor [SBS MVP]" <les.connor@DEL.cfive.ca> wrote in message
> > > > > news:OL%239zEAJEHA.2440@TK2MSFTNGP12.phx.gbl...
> > > > > > Hi TRD,
> > > > > >
> > > > > > I presume the web server must be accessible from the internet ?
> > Here's
> > > > > what
> > > > > > I'd do.
> > > > > >
> > > > > > Two nic setup in the SBS, internal connected to the lan
> hub/switch,
> > > > > external
> > > > > > connected to a soho router with a DMZ port, and router wan
> connected
> > > to
> > > > > the
> > > > > > internet.
> > > > > >
> > > > > > Connect the web server to the DMZ port on the router.
> > > > > >
> > > > > > Use the router to port forward the SBS required ports to the SBS
> > > > external
> > > > > > nic, and everything else goes to the Web server. Or, you
probably
> > > don't
> > > > > > really need the Web server that exposed, just forward the ports
> you
> > > need
> > > > > to
> > > > > > it.
> > > > > >
> > > > > > I'm not good at drawing pictures with text, so I hope you can
> > > visualize
> > > > > ;-).
> > > > > >
> > > > > > Internet Cloud
> > > > > > |
> > > > > > Router wan with public IP.
> > > > > > Router lan 10.0.0.1 - Web Server 10.0.0.3 - Router forwards
ports
> > you
> > > > > want.
> > > > > > |
> > > > > > SBS external nic 10.0.0.2 - router forwards ports you want.
> > > > > > SBS internal nic 192.168.16.2
> > > > > > |
> > > > > > Hub/Switch - lan clients 192.168.16.x.
> > > > > >
> > > > > > -- 
> > > > > > Les Connor [SBS MVP]
> > > > > > -------------------------------------
> > > > > > SBS Rocks !
> > > > > >
> > > > > >
> > > > > >
> > > > > > "TRD" <tdejohnx2@hotmail.com> wrote in message
> > > > > > news:u3w0xv9IEHA.3840@TK2MSFTNGP11.phx.gbl...
> > > > > > > I have a SBS2k3 network that has client computers that need to
> > > access
> > > > a
> > > > > > > win2k3 web server in a DMZ using a proprietary software. The
> > > software
> > > > > will
> > > > > > > connect to this web server as long as I  first go to start and
> run
> > > and
> > > > > > type
> > > > > > > in \\webserver and then type in a username and password to
> browse
> > > the
> > > > > web
> > > > > > > server. The web server is in a standalone workgroup right now.
I
> > > think
> > > > > if
> > > > > > I
> > > > > > > add the web server to the domain this problem will go away
> because
> > > all
> > > > > the
> > > > > > > authentication is done on the DC. But then how secure is the
> > SBS2k3
> > > > > server
> > > > > > > if the web server were to get hacked?? Is there an easier way
to
> > set
> > > > > this
> > > > > > up
> > > > > > > to work??
> > > > > > >
> > > > > > > The SBS2k3 box has the dual NIC setup and I have setup the DMZ
> NIC
> > > > with
> > > > > > > Client for microsoft networks and file and print sharing as
well
> > as
> > > > > > enabled
> > > > > > > netbios over tcp so that the clients can communicate with the
> web
> > > > > server.
> > > > > > Is
> > > > > > > this the best way to do this???
> > > > > > >
> > > > > > >
> > > > > > > TIA
> > > > > > >
> > > > > > > TRD
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • RE: Multiple Websites
    ... Thank you for posting in SBS newsgroup. ... We do not recommend you connect the web server to Internet without the ... | Thread-Topic: Multiple Websites ...
    (microsoft.public.windows.server.sbs)
  • Re: Need to re-plan my Network. Some Help?
    ... all of the SBS components have to remain on the SBS box. ... and I wanted to do the most to ensure my internet presence ... Move your web server to the DMZ. ... ISA sitting between the web server and your SBS / LAN. ...
    (microsoft.public.windows.server.sbs)
  • Re: Accessing server in DMZ
    ... I presume the web server must be accessible from the internet? ... Two nic setup in the SBS, internal connected to the lan hub/switch, external ... Connect the web server to the DMZ port on the router. ...
    (microsoft.public.windows.server.sbs)
  • Log on locally fro basic authentication
    ... Web server is IIS4 on NT4 SP6a ... I'm starting with basic authentication (as not all users use Internet ... Domain Users, but find that whatever I do, U2 and U3 domain users cannot get ...
    (microsoft.public.inetserver.iis.security)
  • Need to re-plan my Network. Some Help?
    ... I have also a second computer For Web Server. ... The SBS is my gateway to the internet. ... I would like to split the main services (dns, isa, exchange and web server) ...
    (microsoft.public.windows.server.sbs)