Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

New Server Setup 1

Status
Not open for further replies.
Finchmore

Finchmore

IS-IT--Management
Jan 28, 2004
43
GB
Hi Guys,

I'm currently about to set up a new 2003 server but as it's a web server it's going to be positioned in a DMZ. Unfortunately I'm new to server 2003, however I understand that I have to open various ports (e.g. 80) to allow connection to the internal LAN but what I'm unsure about is how I initially set up the server with the start-up CD's. Do I treat it as a stand-alone system and just allocate it it's fixed external IP address from my ISP (e.g. 217.34.190.xxx) or do I somehow allocate an internal IP address (192.168.xxx.xxx) which gets NAT translated? Remember, I would prefer the server to be outside the LAN and in the DMZ, than placed internally!

All comments/help/advice gratefully received!

Many thanks.
 
Sort by date Sort by votes
This design is totally up to you and the capibilities that you have. Do you have a DMZ segment? or at least a DMZ port on your firewall? Can you firewall perform NAT functions? ...most firewalls can. Do you have a local firewall?

If you have the capability create a DMZ segment and place the IIS server here. Set the server up on this segment. It will not have the IP address of your public IP and the server will not have an IP address of your internal LAN....it will have an IP address that exists on your DMZ segment. The firewall would NAt the Internet requests to this DMZ IP address of your server. You would only allow some ports through the firewall (80/443). On the other side of the firewall, you would not let any Internet inbound port through to your LAN envrionment.

If you don't have the capability of building a DMZ segment, place the server on the inside of your LAN but only allow the ports that you need through your firewall. So, in the scenerio, the server will have an IP that is private and is on the same segement as your internal LAN. The firewall will perform NAT to route Internet traffic to this server via the port you specify (port 80/443)

Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please contact (Sales@njcomputernetworks.com)
 
Upvote 0 Downvote
Hi Joseph,

Many thanks, that's making sense...!

The firewall we are using is a ZyWALL 70 which I know does have DMZ and NAT capabilities. My only question now is how I go about selecting the IP address for the DMZ segment. Would this be in-built within the firewall or should I use one of the public static IP addresses allocated to us by our ISP?

Kind regards.

Finchmore
 
Upvote 0 Downvote
This would not be the public static IP. This would be a private IP that you make up and configure on your firwall (for the DMZ).

The firewall itself will have the public IP address configured.



Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please contact (Sales@njcomputernetworks.com)
 
Upvote 0 Downvote
Joseph, many thanks... really appreciate your advice.

Kind regards.

Finchmore
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
540
MaioMaio
MaioMaio
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
720
Aquiles Vidal
Aquiles Vidal
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
941
suncit
suncit
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
563
antonio_dsanchez
antonio_dsanchez
jamescpp
  • Locked
  • Question
Windos OpenSSH server vulnerability
Replies
0
Views
678
jamescpp
jamescpp

Part and Inventory Search

Sponsor

Back
Top