Re: Proper Router Routing, Two IP addresses?
- From: Joe <joe@xxxxxxxxxxxxxx>
- Date: Tue, 24 Jun 2008 11:00:57 +0100
Marc wrote:
Hi,
We're moving to a new office, and I'm trying to figure out if/why we need two IP addresses.
You *need* two IP addresses if you want to run two versions of the same service on separate machines. If you wanted to make the SBS web services available to its domain users from outside the network on HTTP, port 80 (not recommended, stick to HTTPS, 443) and you also wanted to run a public web server (which should *not* be hosted on SBS) then the only (nearly) safe way would be to use two separate machines, isolated from each other, and you would have no option but to use two different IP addresses.
It's possible to run multiple web sites on one port on one machine using any serious web server software, but not necessarily advisable. Web servers are the main target of attacks, and require considerable knowledge and experience to operate safely if they serve dynamic content. SBS, being the core (and usually only) server for a business, is not a recommended platform for running any public server, even where licensing allows it.
We have SBS 2003, behind a Sonicwall TZ 170 Router. Someone else set up this network. Currently we have two IP addresses, one for the router and one for the mail server. I'm sure it was set up this way for a good reason?
Possibly, but it's not obvious. Email and other services can share one IP address.
The other mystery is how our router is set up.
The router's WAN port goes directly to the DSL modem.
The router's "OPT. ZONE" port goes into the NIC card on our server.
The router's normal, numbered port goes into our hub.
The server's integrated NIC goes into the hub, and it's NIC card goes to the router.
Why would it have been set up this way? Isn't the router supposed to be in between the outside world and the network? It's plugged directly into the hub. And the server is plugged into both the router and the hub - why is that necessary?
Probably there are clues in the router configuration. Have a look at what services are being accepted on each of the two IP addresses, and where they are being forwarded. It's almost always web servers which people want more than one of, and it's perfectly possible to run multiple web servers on one machine, if a router is redirecting port 80 on different public addresses to different ports on an internal machine, or of course to different NICs. Various 'line-of-business' programs operate web servers to communicate with their users, and some vendors don't understand that they should not just hijack port 80 for the purpose.
Have a look at what services are listening on the SBS NICs (netstat -an), though unless you have a default SBS available for comparison, it's not obvious what services should be listening where. If you find IIS and another program each listening on port 80 TCP on one of the two NICs, you're probably onto something.
Also, don't assume something has been configured rationally. It's possible that this was set up by someone who knew enough to be dangerous, but wasn't aware there was a better way to do it. It's possible the 'line-of-business' vendor's installation engineer had settled on this technique as a workable bodge. Until you know for sure what was being done, it's not possible to say.
.
- References:
- Proper Router Routing, Two IP addresses?
- From: Marc
- Proper Router Routing, Two IP addresses?
- Prev by Date: Re: RWW - What Next?
- Next by Date: how to activate access to executable files in exchange SBS?
- Previous by thread: Proper Router Routing, Two IP addresses?
- Next by thread: RE: Proper Router Routing, Two IP addresses?
- Index(es):
Relevant Pages
|
Loading
