Re: Multiple IP addresses outside of sbs
- From: "jazzaus" <signup@xxxxxxxxxxxxxxxx>
- Date: 19 Sep 2006 15:27:55 -0700
The 2 nic scenario is highly recommended for security purposes. By
putting your internal network on a secondary non-routable subnet you
make it even more difficult for someone to get into your network. Also
the only way to use the ISA firewall is to have the multihomed system
so that it can monitor traffic between nics.
The dual nics are pretty irrelevant to my current issue. Whether I have
one nic or 2 nics with ISA I am still getting the proper connection
between the internet and the sbs server so the the setup works. I am
trying to install a secondary computer between the ISP and my router
that is also using a routable ip address. There are 3 reasons tht I
want this right now:
1. I want to be able to test OWA or VPN or any other externally
accessible service on SBS without leaving the site. So I would need a
computer that is on the internet that the router believes is not on the
current network and treats its requests as if it is an offsite
computer.
2. I want to set up an ftp server outside of my sbs so as not to
expose it any further than it is to the internet. This machine could be
a linux box with other tasks such as serving up data to external
clients. If this machine were hacked, it would only be a matter of a
quick restore and the company would have no critial down time because
of it.
3. I want to have an onsite computer that I can communicate with from
offsite in case the sbs server appears to be offline. I have visions of
connecting this machine to a monitoring system to give me other system
stats if the sbs server is unresponsive. This way I can tell if it is
my ISP or is it my sbs that has issues.
We have a partial T1 piggybacking data on voice. The ISPs line comes in
(not standard ethernet cabling) and enters a router on our site. This
router only passes the data portion of requests out an ethernet port.
This is plugged into a ehternet hub. I can now plug several machines
into this hub, configure with a fully qualified routable ip address and
have a machine fully exposed to the internet. I now plug my wireless
routers ethernet wan port into the hub and configure it with a routable
ip address. The lan ports on the wireless router now have nonroutable
ip addresses. One of these non-routable ip addresses (192 series) is my
servers external nic. The wireless router then opens ports for mail and
vpn and forwards any requests to the sbs external nic which is handled
by the isa server software.
My problem is at this time that a machine plugged into the hub that is
exposed to the internet cannot get to the OWA or VPN services on the
sbs server although it can access the internet without a problem. The
request for the OWA service is requesting a domain name with is routed
to the wireless routers wan port. I thought that the request would be
sent out to the DNS servers and then directed back into our network. It
acts as though the request is being dropped. Possibly because the
machine is on the same subnet as the sbs routable ip address?
Maybe I should post this question in a networking newsgroup? More of a
specialty in IP addressing?
Joel
.
- Follow-Ups:
- Re: Multiple IP addresses outside of sbs
- From: Lanwench [MVP - Exchange]
- Re: Multiple IP addresses outside of sbs
- References:
- Multiple IP addresses outside of sbs
- From: jazzaus
- Re: Multiple IP addresses outside of sbs
- From: Lanwench [MVP - Exchange]
- Re: Multiple IP addresses outside of sbs
- From: jazzaus
- Re: Multiple IP addresses outside of sbs
- From: Lanwench [MVP - Exchange]
- Multiple IP addresses outside of sbs
- Prev by Date: Re: Remote Email Failover
- Next by Date: access sbs server shares
- Previous by thread: Re: Multiple IP addresses outside of sbs
- Next by thread: Re: Multiple IP addresses outside of sbs
- Index(es):
Relevant Pages
|
