Re: Publish Web Server behind SBS 2003 Standard
- From: "Cris Hanna [SBS-MVP]" <crisnospamhanna@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 26 Apr 2007 09:58:16 -0500
Hosting a public website inside your lan is a HUGE security risk and not
remcommended
--
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues
<jointtechnologiesltd@xxxxxxxxx> wrote in message
news:1177574179.189692.129860@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Sorry if this is a double post. i posted it a few hours ago and it
never showed up.
I have 2 NIC SBS 2003 Standard. I have 5 useable Public IPs I can
use. Currently I'm using one of them.
I need to host a webserver behind the SBSie insde the LAN because it
needs to access the SBS as well as being publicly visable.
In the past (and Curently in my home setup) I have forwarded certain
ports to a LAN IP. This was fine when it was a port SBS didnt use
anyway. I did this in routing and remote access snapin - nat/basic
firewall and adding a new service port and forwarding it to the
internal IP.
With ISA it would be easy to use either host headers or filter traffic
by IP by simply publishing the webserver.
Unfortunately I'm dealing with Standard so no ISA...
So after all that, my question is how can I make port 80 and port 22
publically accesable from inside the lan without breaking SBS RWW/OWA
etc? I can do this using Host headers or IP address.
OK so after hours of playing in routing and remote access I'm no
closer. I have tried adding the other IP address to the network
connection. This is no good and SBS loses it internet access.
I tried adding an IP address pool to the WAN interface and reserving a
public IP for a private computer. This did nothing.
So From all my playing in RRAS I decided I had it mastered LOL and
figured if I got a 3rd NIC I could give it the IP I wanted and then
send everything to my internal IP through it. NO GO.
However when I go to the website I can see the 3rd NIC accepting
packets. I also can view mappings on the interface and see the
correct public and private IPs and even my remote IP however the page
times out in my browser.
I can go to the server from inside the network no problem.
I tried again adding the ips to the 3rd NICs interface. Tried basic
firewall only. Tried With and Without NAT on the interface. Tried
reserving an address from the address pool and tried with no
firewall. I made sure the service ports on the interface had 80
pointing to the inside IP.
I'm at a loss. This seems possible with 3 NICs but I can't quite get
it.
network is
internet
|
Covad Router - Wide open
|
SBS 2003
NIC2 - Public SBS/Exchange IP (RWW,OWA,SMTP)
NIC3 - Public IP of Website.
NIC1 - Internal IP 10.0.0.4
|
LAN
Webserver - Fedora/Apache 10.0.0.5
.
- References:
- Publish Web Server behind SBS 2003 Standard
- From: jointtechnologiesltd
- Publish Web Server behind SBS 2003 Standard
- Prev by Date: Re: Time to install SBS
- Next by Date: Re: DHCP and remote access problem
- Previous by thread: Publish Web Server behind SBS 2003 Standard
- Next by thread: SOL? Several Errors After DC demotion - please help
- Index(es):
Relevant Pages
|
