I need to allow multiple web servers on the NET using port 80 how do I do this??

By the looks of it, you will probably be changing settings on the router more then anything else.
If you want to allow 3 more IPS to connect, you must allow them to see the internet RIGHT?
Your router, does it have a DMZ window configuration? This will be your option first of all to ENABLE, and I am guessing it is already, but you must change the number of IPS allowed to connec to the internet to suite your needs...If its 3, set it at 3.

After that, you will need to open ports to the specified IPs...in the port triggering or port redirection window...you will need to enter the IPs manually in the board and allow to access on the port you want it to access. ei: 192.x.x.x ---telnet.exe---port: 21.

I hope this gets you started, lets see what other have to say!

Agree with the multiple-IP solution.

However even with one IP you can also work as soon as you put a reverse proxy (e.g. MS ISA Server) upfront of the webservers. All external DNS names resolve to the proxy, but depending on the URL it 'forwards' (proxies) the requests to the correct internal webserver - all using port 80 of course.

Dunno which road is more easy for you, network (IP) change or adding this extra component which also has its operating/failover troubles...

HTH,

<Erik> - The Netherlands

IIS which runs on your W2k3 machine can be configured to host multiple websites on a single machine via 1 ip.

You need to configure your DNS (DNS manager).

make sure you have a reverse zone to include your EXTERNAL & INTERNAL IP addresses

make zone entries for example

imdomain.net (create A record, CNAME record with a www alias)
webappsdomain.net (create A record, CNAME record with a www alias)
...etc...

make sure in the above you create at PTR record and have a reverse entry for your IP address
update your server datafiles

Create folders to house your websites such as
c:\inetpub\imdomain
c:\inetpub\webappsdomain

In IIS (Internet Information Server), create new websites
www.imdomain.net, make sure you select "header - all unassigned IP addresses", the files will be located in c:\inetpub\imdomain

www.webappsdomain.net, make sure you select "header - all unassigned IP addresses", the files will be located in c:\inetpub\webappsdomain

...etc...

Now one thing to consider is to house your website's folder/files on separate folder and better yet, another drive.  Instead of using C:\inetpub\wwwroot.

For example.. I run W2K3 too, and I have 3 drives... The first drive is ONLY for OS, the 2nd drive is for backup, and the 3rd drive is for my client files... so my websites exist as such...

e:\inetpub\clients\website1
e:\inetpub\clients\website2
e:\inetpub\clients\website3
e:\inetpub\clients\website4

As for security, there are many variables and you need to determine what you're going to run to effectively select an appropriate lock down solution, this should be a 1000pt question

You should be able to do what you want with a single IP address.  In IIS lookup hostheaders and virtual hosting.  If the users are using a browers that have HTTP 1.1 enabled, the brower will pass the host name that is in the URL to the Web Server.  The Web Server can then display a unique and different web page/site based on the host name.  In IIS they use the term host headers, in Apache the use the term Virtual Hosting.

I do not know about IIS, but in Apache you can have a default catch all virtual host for browsers that do not use HTTP 1.1.    Some browers (IE) can be configured NOT to use HTTP 1.1 (they will use 1.0), or not use use HTTP 1.1 when going though a proxy.  Some proxy servers (older ones) do not support proxying HTTP 1.1 request and will change HTTP 1.1 to HTTP 1.0.   MS IAS (or is is ISA I get them confused) started partial HTTP 1.1 support with the 2004 version.

>I have just increased our small business from 1 IP to a bank of 5.  
Am I correct that this means you now have 5 Public IP addresses? If yes, then you need a router/firewall that is capable of assigning more than one public IP to inside hosts. Most SOHO (Linksys, dlink, Netgear, etc) routers will only work with one single public IP address and can only forward one single instance of any one port to an inside host. Your WRT54G router does not have the capabilities to utilize more than the one public IP it is assigned to the WAN interface.

You can upgrade the Linksys to a more business-grade product like a Cisco PIX 501, and you can still use the Wireless features of the Linksys as a pure Access Point (disable DHCP and don't plug anything into the WAN port and just plug one of the LAN ports into your network)

For less money, the Linksys RV0x series routers will allow you to setup multiple 1-1 NAT static mappings. 1 public IP to 1 private IP.. this will let you use 1 for the interface and for all the internal users going out, and 1 for each of the publicly accessible servers.

Folks-
I appreciate the quick responses being I posted this at zero dark:30 EST this morning after scouring the NET trying to educate myself on how to do this.  

>Your router, does it have a DMZ window configuration? This will be your option first of all to ENABLE, and I am >guessing it is already, but you must change the number of IPS allowed to connec to the internet to suite your >needs...If its 3, set it at 3.
The router does have a DMZ setting but only allows for one IP address.  Or is this normal? Again I'm a newbie at this.

>After that, you will need to open ports to the specified IPs...in the port triggering or port redirection window...you >will need to enter the IPs manually in the board and allow to access on the port you want it to access. ei: >192.x.x.x ---telnet.exe---port: 21.

I have already opened port 80 for the one server and forward to it.  I'm not sure how to do port 80 for the other two and don't want to x.x.x.x:81 or x.x.x.x:8080 as some companies only allow port 80 for browsing.

Now a piece of information I left out in my tired state was these are not IIS servers these are Domino servers (which host their own HTTP service).  Many apologies for that as I know there was a lot of thought put into the response by those who made comments regarding the IIS server.  

In reading several more postings using a PROXY sounds like it may work but from comments above it sounds like it would work if you can get it configured correctly.  If I did attempt this route the PROXY would go after the router but before the HTTP servers correct?

Then has been alot of posts I've read about PIX firewalls.  Is that software or hardware and do we need to just bite the bullet and have our company buy something more robust like a PIX firewall.  Only problem... will there be a huge learning curve.  Again, Many Thanks for your help with this.

Tom

Domino support virtual hosting also, at least recent versions do.  I beleive they call it virtual hosts.

>Then has been alot of posts I've read about PIX firewalls.  Is that software or hardware and do we need to just bite the bullet and have our company buy something more robust like a PIX firewall.  Only problem... will there be a huge learning curve.

A PIX FW would certainly be a good option. It is hardware.
http://www.cisco.com/go/pix
 Or as I posted above, the Linksys RV0x series will provide what you want at a very low cost and very short learning curve.

The PIX does have a decent web-based (Java) interface GUI, but there is still a learning curve. It is such a robust product that can do many things, but is not all that easy to configure. However, there is great support right here on EE to get you going step by step..

Uh....you mentioned Windows 2003 Server.. which has IIS (Internet Information Server 6).. This is a "service" that is available on your system, and pretty much the preferred method of dishing out HTTP requests.

Does your W2K3 server still apply?.. If so, use the II6 built-in.

IrMoore,
>Am I correct that this means you now have 5 Public IP addresses? If yes, then you need a router/firewall that is >capable of assigning more than one public IP to inside hosts.
Answer is "Yes" I now have 5 public IP's.  I'd like to do a 1-to-1 mapping public to private IP's for all 3 servers.

>Most SOHO (Linksys, dlink, Netgear, etc) routers will
>only work with one single public IP address and can only forward one single instance of any one port to an inside >host. Your WRT54G router does not have the capabilities to utilize more than the one public IP it is assigned to >the WAN interface.

>For less money, the Linksys RV0x series routers will allow you to setup multiple 1-1 NAT static mappings. 1 public >IP to 1 private IP.. this will let you use 1 for the interface and for all the internal users going out, and 1 for each >of the publicly accessible servers.

Will either of the RV042, RV016, or RV082 allow for a 1-to-1 public to private IP NAT?  We are by no means a huge company but I'd like to be economical with our money and allow for modest growth of internet use and traffic in the coming year.

Thx
Tom

I use a Cisco BR900 which handles 5 ips.... i current have 1 FTP server directly connected, 1 web/mail server, and 1 linksysBEFSR41.  Each utilize 1 IP address.  Any firewalling will be dependant upon the devices attached.  The router/cablemodem came with our service.  Perhaps you may want to check with your provider if they provide box too.  Our service is Oceanic Time Warner here in Hawaii.

lrmoore ,
Looks like I'll be buying the RV042 model.  After reading it's capabilities it seems like it'll do what we need for it to do.  Now on using the WRTG54 as a WAP.  I just put nothing in the "Internet Connection portion"  and leave the rest excpet DHCP I'll need to configure this on my new Router then point all my servers and clients (if necessaey) to the NEW router.   Does this sound correct?
Thx
Tom

Yes, it sounds like you understand correctly.