Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 763
  • Last Modified:

Web and mail server

Hi Experts,

I have just set up the following to host websites and email for our clients -

Host - Server 2008R2 (ENT)
Virtual OS1 -(STD) Server2008R2 - D/C has the program mailenable std version installed on it for clients mail.
Virtual OS2 -(STD) WebServer2008R2 - Websites

The problem is our clients checking their webmail which also needs to come through on the same port as the webserver.(Which is on s different internal IP) I tried to make this port 8080 but I obviously have this wrong as it is not working all I get is the standard IIS7 page come up which is the default webpage on 192.168.17.10

I cant use SSL 443 as the standard of mailenable wont allow this on this version.

So I have traffic coming in on port 80 directed to internal ip 192.168.17.14
The D/C is 192.168.17.10 where mailenable is installed.

We are only using a Netgear DG834G until we decide on what hardware we require and work out the budget.
It doesnt appear that this modem can do port translation like a cisco... is this possible am I missing an easy solution here?


If you could let me know if possible to get around this would be great.

Thanks in advance
0
it_fan
Asked:
it_fan
  • 9
  • 4
  • 2
  • +1
3 Solutions
 
Aaron TomoskyTechnology ConsultantCommented:
These guys show how to do it in a telnet session because the web interface doesn't do it.
http://forums.thinkbroadband.com/dslrouter/3277739-netgear-dg834g-or-other-router-port-redirection.html
0
 
zulumikeCommented:
I would recommend having 2 wan ip's and a router/firewall that can handle multiple wan-ip.
Makes things much easier....
0
 
Aaron TomoskyTechnology ConsultantCommented:
When it's time to upgrade check out the sonicwall probably tz210. Don't add wifi, do that third party.
0
Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

 
it_fanAuthor Commented:
thanks guys..

Aaron I had actually looked at port forward yesterday have you used before? should I go ahead and do this? they seem to have a good guarantee to get it working. Had a quick look into sonicwall will take a closer look this weekend.

I hear what you are saying zulumike but it would end up being a little too costly new line, new modem, time.... down the track we will.



cheers
0
 
it_fanAuthor Commented:
Aaron..Sorry totally missed the link you were talking about re:telnet shall try that this weekend  thanks
0
 
zulumikeCommented:
You don't need two modems/two lines to have two ip's.
You can have two ip-adresses on the same line (at least from most isp's I know). And that doesn't always cost much.
But you need a firewall that can handle that. I use Fortigate and are very pleased with that.
0
 
it_fanAuthor Commented:
Your right Zulumike, thought about that yesterday... definetly would need to change the modem though... going to try the telnet option if that doesnt come off will probably go for your option cheers.
0
 
it_fanAuthor Commented:
Aaron,

Finnally got to try the telnet made it to the ip tables section but have become a little lost.

Have you tried this by any chance? there is quite a few scenarios but to clarify what I have is -

192.168.17.10 - port 25 for mailserver
192.168.17.14 - port 80 for webserver

need a port for webmail on 192.168.17.10 so according to below I should be able to follow this and get it to redirect to another port that I specify and webmail will be come possible or I can change the port for webserver.

Quoted from your weblink -

"First I suggest you create a new rules chain for your redirection. I used the following command : iptables -N MyRules

Next you can add as many rules as you which in your new chain. For example : iptables -A -i ppp0 -p tcp -m tcp --dport 100 -j DNAT --to-destination 192.168.0.87:101

This rule tells that any TCP packet coming from interface ppp0 and targeting port 100 is to be translated so as to be forwarded to port 101 on machine 192.168.0.87

Next you have to trigger this rule. I did so by inserting it in the PREROUTING chain of the translation table, using the command :

iptables -t nat -I PREROUTING 5 -i ppp0 -j MyRules"


cheers
0
 
Aaron TomoskyTechnology ConsultantCommented:
No I haven't done this

Do the first command as is. Then do this for the second:
iptables -A -i ppp0 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 192.168.17.10:80

Then the third Is the same as the example.

Remember if you mess-up you can always reset the router so track any important info and backup your config.
0
 
it_fanAuthor Commented:
Fanatstic thanks for that... shall being attempting tomorrow.
0
 
it_fanAuthor Commented:
Ok had a chance to login and attempt to setu,p but ran into the issue of iptables not found attempting to resolve... if you know how to install or how to resolve would be handy. In the meantime I shall keep looking.

Cheers
0
 
it_fanAuthor Commented:
Solution - Was to move Mail Enable to the Web Server to resolve for now thanks for your suggestions.
0
 
ModalotEE ModeratorCommented:
Objection to let asker accept additional posts.

Modalot
Community Support Moderator
0
 
it_fanAuthor Commented:
This was the quickest and easiest for now but I believe both comments from aarontomosyl and zulmike would be of benefit down the track.
0
 
Aaron TomoskyTechnology ConsultantCommented:
Let us know if you have Amy questions setting up a router that handles multiple wan ips. I'd still suggesta sonicwall and not a wifi one.
0
 
it_fanAuthor Commented:
Shall do thanks for your help Aarontomosky!!!
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 9
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now