General discussion

Locked

Server behind the gateway?

By jedavidow ·
I have a win2k server providing routing access to an ISP. I would like to serve web pages from both the server directly to the internet and from one or more of the computers on the subnet. (I know thee are other ways, but there are reasons I need to accomplish it this way).

Right now I have a DNS entry for the server so that www.company.com goes to the ISP assigned IP address. Can I set things up so that bob.company.com is served of a computer on the subnet of the server (192.168.0.X)?Win2k server, NAT is running and DHCP, although the DHCP is not 100% necessary.

Thanks!

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Server behind the gateway?

by eBob In reply to Server behind the gateway ...

If I read your Q correctly, you can consider building a "tunnel" on your firewall. The outside end of your tunnel will be an address provided by your ISP, and the inside end will be the Web Server. You can further refine your tunnel to pass only HTTP (port 80). Your tunnel should accept traffic from any source, on the "outside", and have exclusively the destination address of the Web Server.

Please see your Firewall documentation for the details.

Add an A-Record to your external DNS to point to the outside end of your new tunnel, using "bob.company.com". Also add this same record to your "internal" DNS, if you have one.

Then "http://bob.company.com" will connect to the outside end of the tunnel, through your firewall, and into your Web Server.

Of course, you realise the security risk/exposure this brings, and your management is satisfied to the point that they won't let you build a DMZ... =;-)

Collapse -

Server behind the gateway?

by jedavidow In reply to Server behind the gateway ...

That was a little helpful but I think I need more info...

First, we are not using a firewall, just Win2K server. What you are saying is that I cretae a record for bob.company.com that points to my server, which is connected to my ISP.

I then configure the server's DNS to point all "bob" requests to the internal machine on 192.168.0.2? Will that work?

Thanks in advance

Collapse -

Server behind the gateway?

by Joseph Moore In reply to Server behind the gateway ...

Well, you don't want to have an A record for bob.company.com sitting on your ISPs DNS server, pointing to the internal IP address of your server. The reason is that if other people use the DNS server from your ISP, then your internal IP address for your server is available to the public. This is a security risk.
Run your own internal DNS server, with the scope being your internal IP numbering scheme (192.168.0.x/24). You can then set up www.company.com to point to 192.168.0.x (the internal IP address of your server).
Make your internal DNS server the primary DNS server for your internal clients.
This way, the name resolution is seamless for your office users. They type in www.company.com when they are in the office (and hit the internal IP address), and they type in www.company.com when they are at home (using the external address via public DNS servers).

Collapse -

Server behind the gateway?

by jedavidow In reply to Server behind the gateway ...

Poster rated this answer

Collapse -

Server behind the gateway?

by eBob In reply to Server behind the gateway ...

No, not an A-Record pointing to your LAN address, but to the outer end of the tunnel on your firewall. You don't have a firewall? (Yipes!)
If you're using something like 192.168.0.2 as the address on the LAN, then you must be doing some sort of address translation, since you could never properly connect 192.168.x.y to the Internet. So your ISP has provided with a group of "public" IP addresses, like 212.1.0.1 through 212.1.0.31. All you need to do is map a link through whatever device you areusing to connect with the Internet so that one of those public addresses maps to your web server. For example:
212.1.0.30 maps to 192.168.0.2. Then the A-Record points to 212.1.0.30.

Just a friendly comment (not meant to flame, just an observation, peer-to-peer): you're not doing at least address translation, AND you're not using a firewall AND you really want to run your Internet services on your internal LAN! This is a recipe for disaster.

Collapse -

Server behind the gateway?

by jedavidow In reply to Server behind the gateway ...

Poster rated this answer

Collapse -

Server behind the gateway?

by jedavidow In reply to Server behind the gateway ...

This question was closed by the author

Back to Windows Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums