Solved

Multiple WAN or Public IP Addresses

Posted on 2011-09-30
20
892 Views
Last Modified: 2012-05-12
I am trying to setup 3 different email servers, each with different domain names.

I have installed MS Exchange on 3 different servers and all is ready to go.

How do I setup my router and do I need 3 different WAN/Public IP addresses, if so how can I get them and do I need a managed switch.

This is only a small test environment at the moment, but if we decide to go live it wont be on a big scale.

Any advice or Tips would be really appreciated.
0
Comment
Question by:NWCCSteve
  • 9
  • 4
  • 4
  • +2
20 Comments
 
LVL 10

Expert Comment

by:SuperTaco
ID: 36895031
Since email server all use the same ports, the simplest solution is to have 3 public IP's.  you do not need a managed switch.  Just apply the proper NAT rules to each exchange server and you're good to go.  
0
 

Author Comment

by:NWCCSteve
ID: 36895040
I tried my ISP who seemed to struggle giving me multiple WAN IPs, which is why I put my question up on EE, I was kinda hoping there may have been another way.

Our IP is Telstra Business, which apparently is one of our best...lol
0
 
LVL 10

Expert Comment

by:SuperTaco
ID: 36895044
there is a way to do it with port forwarding and virtual routing tables, but that equipment is RRRRRRRRREEEEEEEEEEEAAAAAAAAAAALLLLLLLLLLLYYYYYYYYYYYYYY expensive.  I doubt you'd want to spend that muhc money on a test environment.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:NWCCSteve
ID: 36895049
Try me, as eventually we would like to start doing this for real and maybe host a few more.
0
 

Author Comment

by:NWCCSteve
ID: 36895082
If it is of any help, I have a friend I see regulary that is learning quite a bit about Cisco, Im not sure how good he is though as he has only been working with Cisco equipment for a few months.
0
 
LVL 22

Expert Comment

by:chakko
ID: 36895532
What is your internet package from the ISP.  most packages for business use should include multiple public IP addresses.  It should be really simple to order an internet package that includes Multiple Public IP addresses.  Then you need to configure the NAT on your firewall / router.

maybe contact your ISP again and re-ask the question.  Maybe someone misunderstood before.
0
 

Author Comment

by:NWCCSteve
ID: 36895553
Maybe you are right, initially I think they set it up as I could RDP using 8 different IP addresses they gave me, then it stopped working and I called and they said all was ok, but I dont believe them.
0
 
LVL 22

Expert Comment

by:yo_bee
ID: 36895565
What about using a single exchange server to host multiple domains addresses ?

http://technet.microsoft.com/en-us/library/bb123560(v=exchg.65).aspx

Create multiple public MX records pointing to the same public ip.
Once the email hits the firewall you can NAT like some of the previous posters
0
 

Author Comment

by:NWCCSteve
ID: 36895568
I would, but I also will eventually be looking at Multiple Terminal Servers as well, so I really need to get the Multiple WAN IP thing happening.
0
 
LVL 22

Expert Comment

by:chakko
ID: 36895571
can you provide the IP info..  Specifically, what is the subnet mask?  then we can check how many IP addresses you have.  If you can provide your public IP then we can help faster.  If you are worried about your real IP then maybe just provide the last 2 octets.

0
 
LVL 22

Expert Comment

by:yo_bee
ID: 36895587
Are you going to host or is this for Inter-office?
WAN's are usually a term you use when directly connecting to your other office.
This is more a P2P vs. Public IP issued by your ISP and then you use it how you wish.

0
 
LVL 4

Accepted Solution

by:
Anacreo earned 500 total points
ID: 36895598
Ok so here is the deal I would not put any Exchange server on the internet, so if you have one exchange or ten, you need to setup a mail gateway machine.

You want a setup that looks like this:


Domain A      Domain B        Domain C
Exchange     Exchange       Exchange
           \                  |                     /
                    Mail Gateway
                               |
                  Router/Firewall -
                          Port 25
         Forwarded to Mail Gateway

Since your setup is quite simple you can probably forgo setting up connectors between Dom A, Dom B, Dom C and just have each one act independently.  But in a larger environment you'd want to have a configuration between each of the servers to bypass the mail gateway and not make it busy... because it will be busy.

Mail Gateway could be an IIS mail gateway, a Linux machine, a dedicated virtual appliance, etc...  There are advantages and disadvantages to all of them.

But the premise would be the same, on this gateway you simply define a rule of:

users@domaina.com go to Exchange A Server's IP
users@domainb.com go to Exchange B Server's IP
users@domainc.com go to Exchange C Server's IP

This is normally done by having a mapping such as
joe@domaina forwards to joe@exchangeA
joe@domainb forwards to joe@exchangeB
etc...

You tell the gateway to accept for all three domains.

On each exchange follow this article:
http://technet.microsoft.com/en-us/library/bb125159.aspx

And create an SMTP receiver from the gateway for each domain, you should also define all outbound mail to hit the gateway server, and configure the gateway server to deliver mail outbound, this way they can exchange mail between each other without going all the way out to the internet first.

In your DNS you're going to want to point the MX record for all three domains to the one IP that the firewall is listening on.

If you want to explore any of these solutions further I would be happy to provide some more details.  I highly recommend for a professional office using some sort of dedicated email device as your gateway.

I can highly recommend the WatchGuard XCS platform, but there are many many choice here or just simply using a pre-configured Linux virtual machine.
0
 

Author Comment

by:NWCCSteve
ID: 36895624
Sorry guys, just had to get some more info.

The IP addresses I was given were
203.42.125.120-129, even though my current WAN IP is 203.45.72.168, at the moment I dont really have much setup but eventually I would like to.

Re the Inter Office query, no this will eventually be, (if I can make it work) a HyperV server with a couple of Exchange Servers and a couple of Terminal Servers installed on it, for a couple of small non profit organizations who each have about 4 or 5 staff.

Hope that answer your queries
0
 
LVL 22

Expert Comment

by:chakko
ID: 36895645
You have the public IP addresses already, so you should check your router/firewall configuration.

if you are at 1 of the servers (any one of them), can you access the internet now.  try  www.whatismyipaddress.com and see what IP is shown, that may help reveal what NAT is setup if you don't know the router config.

For, your email question, you should use 3 Public Ip addresses and a NAT to each exchange server.  that will get you 'connected'.  You would set an MX record for each domain/Exchange server also.
you can use IP addresses such as 203.42.125.121 - 203.42.125.123 for your servers just an example).


0
 

Author Comment

by:NWCCSteve
ID: 36895654
If I go to www.findmyip.com I get 203.45.72.168, when they first set them up I thought it was working because I had a test Terminal Server and could RDP from other sites both my ip 203.45.72.168 as well as all the new 203.42.125.120-129, now I can only RDP using 203.45.72.168.

How can I tell or test if I have the Public IP Addresses they gave me.
0
 
LVL 22

Expert Comment

by:chakko
ID: 36895688
I think your next step is to check your router configuration if you can.  I think you need to configure your router, or check what the configuration is so that you know what is going on.  
You said it worked before, did someone change anything?  Did the power go out on the router during that time? (I am just guessing maybe the configuration was not saved and it may have lost something during a power restart).

Also, you could try to put one of those Public IP addresses on your PC TCP/IP configuration and see if you can get to the internet.  You would need your Gateway setting though, did they provide any IP for the gateway?
0
 
LVL 10

Expert Comment

by:SuperTaco
ID: 36896135
What kind of router so you have?   That second set of ips are what you use for the exchange server.  Create an object for each one and thne create a statice route outbound.  If you have a sonicwall, it creats the rout for you
0
 

Author Comment

by:NWCCSteve
ID: 36896253
I have a Dlink dfl 210 security firewall

I really just need a way to test to see if the additional wan ip addresses I am supposed to have received

0
 
LVL 10

Expert Comment

by:SuperTaco
ID: 36896851
than that's simple enough.  this will help you set up a static route on that firewall

ftp://files.dlink.com.au/products/DFL-210/REV_A/SetupGuides/How_to_set_Static_Route_on_LAN.pdf

Just define the other IP addresses as network objects and test.
0
 

Author Closing Comment

by:NWCCSteve
ID: 36915637
Everyone contributed and for that I thank you all very much. However Anacreo really answered my original question with the most specific answer.

Thanks Everyone once again
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is a fairly complicated script that will install the required prerequisites to install SCCM 2012 R2 on a server.  It was designed under the functional model in order to compartmentalize each step required, reducing the overall complexity.  The …
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question