Solved

Configure 2 servers with 2 outside static IP's?

Posted on 2008-10-02
16
649 Views
Last Modified: 2008-11-10
We currently have 2 servers inside our network. We have 5 static IP's of which we currently une only 1 that is configured in the WAN section of our router and then we use port forwarding for http, email etc. We recently added a 2nd server and would like to assign one of the other static IP's to that server, but still keep that server inside our network for other resources. How can I do this?
0
Comment
Question by:KF6DKY
  • 7
  • 4
  • 4
  • +1
16 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 22628405
That will depend on the firewall you are using.  

You should be able to config the firewall to port forward any incoming for your 1st Internet IP to a certain internal IP, same for your 2nd internet IP.  

You can do port forwarding, or a 1 to 1 static map....    

It basically depends on what you are using.  
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 400 total points
ID: 22628850
That is a home router. You will need to get an enterprise or small business router that supports multiple public IPs.
I just looked at the user manual of your router and you cannot do it.
Routers that can be assigned multiple public IPs generally start at about $350 USD and can be very complex to operate if you don't have any experience with them.
I recommend the Cisco 851W. It's about $350 as mentioned and is very good. You can assign hundreds of public IP addresses to this router with no problem. It also has very good wireless included and an enterprise-class firewall so you're always protected.

Here is a link to Cisco's data sheet for the 850 series:
http://www.cisco.com/en/US/prod/collateral/routers/ps380/ps6195/product_data_sheet0900aecd8028a9a9.html
Here are some part numbers for you:
CISCO851-K9 - Cisco 851 Ethernet to Ethernet Router
CISCO851W-G-A-K9 - Cisco 851 Ethernet to Ethernet Wireless Router; Americas

Whether you get the wireless or not it's up to you. That is the one specifically for North America and its radio laws. The wireless version takes a bit more configuration than the wired one.
Let me know if you have any questions! Cheers!
0
 

Author Comment

by:KF6DKY
ID: 22628974
What do you mean by static route?
The only confict we have is both servers need to use port 80?
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22629116
I mean that you need to get a device that can support 2 public IP addresses. You cannot have 2 servers running on the same port on one IP address.
You need hardware that will support this. The Cisco 851 will do it.
0
 
LVL 11

Expert Comment

by:billwharton
ID: 22629800
KF6DKY - I am not going to take the opportunity of how all this is going to work.
1) You originally only had a single server hosting http (port 80), email etc and used up 1 static IP for that
2) You now have added a second server to your internal network and want to use a 2nd static IP for that while keeping this server physically on the inside network

Now, the problem you are going to face is that your router can only forward requests on a particular port to a single server. If you are looking to host two web servers on your network, then you would need to use a port other than 80 for your 2nd web server. If Internet users need to get to it, they'll need to do something like http://websitename.com:81

You can configure this using page 25 (virtual server) on the user guide:
http://trendnet.com/asp/download_manager/inc_downloading.asp?iFile=10877

I understand that giving users a port along with the URL to go to may be a little inconvenient. That's why services like this one exist which allow you to provide users with a normal URL but it does the port forwarding in the background
http://www.dnspark.com/services/webGuiding.php

KF6DKY - Please let me know if you have any additional questions
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22630374
As I've now had to do on several of bill's posts - I'll give you the full disclosure of what's going on as opposed to a 'rigged' solution:
Yes, it is possible to do this ON ANOTHER PORT. HOWEVER, it is not possible to host a website on the same port on the same IP as I stated before.
If you want the public to access the site, it is never a good idea to give them a port. Would you remember yahoo.com:81 or yahoo.com:8080  or yahoo.com:1025? I know I wouldn't, not to mention it looks bad.  
You want to keep a URL as short, sweet, and simple as possible - adding :81 or something else to the end doesn't help and will cost you valuable traffic to the site.
If you're using this site for anything other than personal use, it's better to invest the money and get adequate equipment instead of "jerry-rigging" what you have.
All DNS park is is a URL redirection service. It redirections whatever.com to whatever.com:port.
Again, I wouldn't use this because some search engines don't like having ports on the URL and users never remember what it is.
Just my thoughts on the topic. No harm intended Bill.
Cheers!
 
0
 
LVL 11

Expert Comment

by:billwharton
ID: 22630583
I only advise and recommend solutions that I have deployed myself. The above has been deployed by me in the past and I haven't heard back from the customer in a while now.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22630679
Sorry, I'm not trying to be a butt although it might have come across that way.
The bottom line: yes, that would work, but in most situations where the site was something other than an internal site that employees or vendors use, it probably is better to just put out a little bit of cash (what's $350 now thesesays anyways? You can't even buy gas for a month with that.. lol) and be ensured that you have good equipment that will do the job securely and with the utmost reliability.
Not to mention that they do have 5 public IPs which I assume they'd like to use at some point in time. To be able to use more than one, they would need some sort of different equipment to do so and the Cisco 851 is better than anything else for the price and will do the job deftly.
Cheers Bill - as I said, no harm intended.
:)
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:KF6DKY
ID: 22631092
Thanks for the info, I think I have enough to make a good informed decision now.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22631218
Cool, let me know what you decide! :)
0
 

Author Comment

by:KF6DKY
ID: 22665098
After all this, I may just go with a second nic, I prefer what the Cisco 851 can do, but I'm not a cco guy, what other similar browser configurable routers can handle multiple static IP's?
0
 
LVL 11

Assisted Solution

by:billwharton
billwharton earned 100 total points
ID: 22665267
not sure how a second nic woudl help you in this scenario. The ASA 5505 firewall is a very good one and it's version 8.x is extremely easy to use. You can choose to run a wizard and it would show you how to configure the firweall step by step. I sold this to a client who had a single engineer who only knew microsoft products but he was able to configure the firewall in under an hour using asdm

http://www.cisco.com/en/US/products/ps6121/
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22665335
Absolutely on the 5505 being excellent. As I've said, I've deployed about 20 of these and other various bigger ones.
Using the ASDM that comes with the ASA 5505 you will have no trouble  getting setup. It's very intuitive. And then if you need help you can just ask on here and there are tons of us to help you!
Also, the built in enterprise features such as the deep packet inspection firewall (VERY good) and the VPN features are also very good - it has both SSL and IPsec VPN.
The bottom line is that you just cannot go wrong with the ASA. If you don't need advanced features like BGP routing OR multiple simultaneous ISP connections, get the ASA. If you need either of the two things I mentioned you'd be better server by the router. Also, the router GUI is considerably more difficult than the ASA's, and I personally think it's useless.
Cheers! Let me know if you have questions!
0
 

Author Comment

by:KF6DKY
ID: 22671182
Are there any tools for the Cisco 860 series that aid in configuration? I'm not a Cisco guy at all.
0
 
LVL 11

Expert Comment

by:billwharton
ID: 22671890
you do have the sdm but it's not as good
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22671966
Agreed - SDM sucks. ASDM will let you do almost anything and is very intuitive - the SDM is so confusing and buggy that I get stuck on it sometimes.
Cheers!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now