Solved

Multiple web sites with one router

Posted on 2002-06-18
8
399 Views
Last Modified: 2012-06-21
I have two machines with private addresses hosting web sites behind one public IP address. One is a company site(IIS4 port80) and the other experimental(IIS5 port81) that crashes 3-4 times a day, so I don't want to move either site to the other machine and let IIS read a header. The experimental machine is being run on port 81 and this is a problem with some clients IT dept's won't allow access.

1. Is there a single router that will allow multiple-NAT translation so both machines can run on port 80 through one router? (I.e., will the Cisco 806 do this??)

-or-

2. Would assigning a second public address help (we have 4 according to our ISP)? I know both would not run behind the router/firewall (current problem), only the coporate site. So would that mean Internet-Switch-Router/firewall-server for the corporate and Internet-Switch-Server for the experimental(port81) skipping the firewall?

3. How quickly do you think hackers will trash the thing if just sitting on an direct address to the internet? It is IIS.

Regards,
Mike
0
Comment
Question by:MDOwens
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 12

Expert Comment

by:pjknibbs
ID: 7091959
We do run multiple web sites on a single IP address at my office, but we do it on a single IIS server--basically the IIS server looks at the HTTP header to see which site is being accessed to determine which pages to serve. I don't think this would work across two PCs, though, and I've never heard of ANY device which would translate a single IP address into two internal IP addresses--how would it know which machine the packet was intended for, for a start?

I would go for the second external IP address. What makes you think you can't run two external IP addresses to two internal machines via a firewall/router combo, out of interest? On our system we have at least four different machines on the internal network which are presented as four different external IP addresses, all handled by the firewall.

As for hackers and IIS--most IIS exploits rely on the standard HTTP port 80 anyway, and since that has to open to the world for IIS to work it's not likely to get hacked any faster when directly attached PROVIDED you close down all ports other than 80. This would mean not having any Windows shares open on the machine, which might cause you problems with your development.
0
 
LVL 1

Expert Comment

by:reden
ID: 7091968
it is more logical to assign another public ip address to the router and have it translated for the private ip address of the server
0
 
LVL 1

Expert Comment

by:Zook
ID: 7092144
1.

I never tried it, but as I understand "Squid" Proxy can do this. It uses the URL transmitted by the browser to distinguish transparently.

Keyword "accelerator proxy"

Check out http://www.squid-cache.org/.

Squid is often run on Linux, but they seem to have a Windows version.

2.
Sorry, I don't get the question :-(

3. If you run a Linux Box as a Firewall and as the squid proxy, this might improve your protection quite a bit.

cu
Zook
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 8

Accepted Solution

by:
scraig84 earned 100 total points
ID: 7092436
First off, many NAT routers will allow translations for multiple external addresses, so your box would not necessarily have to sit outside with a real address.  This just depends on the router doing the translations.

However, if you were to stick with a single address, why not run the server on a different well known port that most IT organizations do allow?  As long as you are not also running those services on the same machine, it should be fine.  For example, most organizations allow ports 21 and 443.  As long as you don't run an FTP server or SSL web site on that machine you could use one of those.  

Also, if you know your way around IIS pretty well, you can set up some "dummy" sites on the current box that simply redirect users to the other port.  This way, people won't have to type anything different in their browser.  For example, if your site is www.abc.com, you could set up a site on your current "live" box and rather than giving it a home directory, you say tell it to redirect to http://www.abc.com:21.  This way the user types in a generic URL and get's redirected automatically.  Remember also when you host a site on a different port you often have to include the port in links on your site.

Hope that helps a bit.
0
 

Author Comment

by:MDOwens
ID: 7092669
"pjknibbs - What makes you think you can't run two external IP addresses to two internal machines via a firewall/router combo"
-We apparently have a low-end router/firewall that only provides a NAT for one machine. I talked with the company and that is a limitation.

"scraig84 - most organizations allow ports 21 and 443"
-I like the idea of running the site on one of these ports. I'll give this a try this morning. Don't know if I can get a response from our clients immediately or not.

"Zook - If you run a Linux Box as a Firewall and as the squid proxy"
-I've only been able to spend 2 days on a Linux box trying to get Samba to be seen on the network and had no luck. I love the idea of running a Linux box for this purpose, but I have little to no knowledge about it.


With the idea of the router translating multiple public IP addresses, can anyone suggest a particular product or what to look for in a router with this capability?

Regards,
Mike
0
 
LVL 8

Expert Comment

by:scraig84
ID: 7092684
A router typically won't do it.  However, a proxy often will.  Even Microsofts Proxy 2.0 or ISA server should be able to do this in a reverse Proxy scenario.  However, although I know those products well, I am not a big supporter of them.
0
 

Author Comment

by:MDOwens
ID: 7092747
"pjknibbs - What makes you think you can't run two external IP addresses to two internal machines via a firewall/router combo"
-We apparently have a low-end router/firewall that only provides a NAT for one machine. I talked with the company and that is a limitation.

"scraig84 - most organizations allow ports 21 and 443"
-I like the idea of running the site on one of these ports. I'll give this a try this morning. Don't know if I can get a response from our clients immediately or not.

"Zook - If you run a Linux Box as a Firewall and as the squid proxy"
-I've only been able to spend 2 days on a Linux box trying to get Samba to be seen on the network and had no luck. I love the idea of running a Linux box for this purpose, but I have little to no knowledge about it.


With the idea of the router translating multiple public IP addresses, can anyone suggest a particular product or what to look for in a router with this capability?

Regards,
Mike
0
 
LVL 8

Expert Comment

by:scraig84
ID: 7092772
I apologize - I misunderstood your question.  I was thinking that you were referring to a router that could forward based on the host-header name.  Linksys makes some decent low end routers and I believe they allow for multiple external IP addresses.  Also, the Cisco 800 series will definitely do it and is their lowest-end model with that capability.
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco 3650 switch licensing 6 74
General network\voice question.. 4 50
NFS v4 7 73
Recommended raid configuration for ESXi host 7 90
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question