Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 960
  • Last Modified:

Multiple WAN or Public IP Addresses

I am trying to setup 3 different email servers, each with different domain names.

I have installed MS Exchange on 3 different servers and all is ready to go.

How do I setup my router and do I need 3 different WAN/Public IP addresses, if so how can I get them and do I need a managed switch.

This is only a small test environment at the moment, but if we decide to go live it wont be on a big scale.

Any advice or Tips would be really appreciated.
0
NWCCSteve
Asked:
NWCCSteve
  • 9
  • 4
  • 4
  • +2
1 Solution
 
SuperTacoCommented:
Since email server all use the same ports, the simplest solution is to have 3 public IP's.  you do not need a managed switch.  Just apply the proper NAT rules to each exchange server and you're good to go.  
0
 
NWCCSteveAuthor Commented:
I tried my ISP who seemed to struggle giving me multiple WAN IPs, which is why I put my question up on EE, I was kinda hoping there may have been another way.

Our IP is Telstra Business, which apparently is one of our best...lol
0
 
SuperTacoCommented:
there is a way to do it with port forwarding and virtual routing tables, but that equipment is RRRRRRRRREEEEEEEEEEEAAAAAAAAAAALLLLLLLLLLLYYYYYYYYYYYYYY expensive.  I doubt you'd want to spend that muhc money on a test environment.
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

 
NWCCSteveAuthor Commented:
Try me, as eventually we would like to start doing this for real and maybe host a few more.
0
 
NWCCSteveAuthor Commented:
If it is of any help, I have a friend I see regulary that is learning quite a bit about Cisco, Im not sure how good he is though as he has only been working with Cisco equipment for a few months.
0
 
chakkoCommented:
What is your internet package from the ISP.  most packages for business use should include multiple public IP addresses.  It should be really simple to order an internet package that includes Multiple Public IP addresses.  Then you need to configure the NAT on your firewall / router.

maybe contact your ISP again and re-ask the question.  Maybe someone misunderstood before.
0
 
NWCCSteveAuthor Commented:
Maybe you are right, initially I think they set it up as I could RDP using 8 different IP addresses they gave me, then it stopped working and I called and they said all was ok, but I dont believe them.
0
 
yo_beeDirector of ITCommented:
What about using a single exchange server to host multiple domains addresses ?

http://technet.microsoft.com/en-us/library/bb123560(v=exchg.65).aspx

Create multiple public MX records pointing to the same public ip.
Once the email hits the firewall you can NAT like some of the previous posters
0
 
NWCCSteveAuthor Commented:
I would, but I also will eventually be looking at Multiple Terminal Servers as well, so I really need to get the Multiple WAN IP thing happening.
0
 
chakkoCommented:
can you provide the IP info..  Specifically, what is the subnet mask?  then we can check how many IP addresses you have.  If you can provide your public IP then we can help faster.  If you are worried about your real IP then maybe just provide the last 2 octets.

0
 
yo_beeDirector of ITCommented:
Are you going to host or is this for Inter-office?
WAN's are usually a term you use when directly connecting to your other office.
This is more a P2P vs. Public IP issued by your ISP and then you use it how you wish.

0
 
AnacreoCommented:
Ok so here is the deal I would not put any Exchange server on the internet, so if you have one exchange or ten, you need to setup a mail gateway machine.

You want a setup that looks like this:


Domain A      Domain B        Domain C
Exchange     Exchange       Exchange
           \                  |                     /
                    Mail Gateway
                               |
                  Router/Firewall -
                          Port 25
         Forwarded to Mail Gateway

Since your setup is quite simple you can probably forgo setting up connectors between Dom A, Dom B, Dom C and just have each one act independently.  But in a larger environment you'd want to have a configuration between each of the servers to bypass the mail gateway and not make it busy... because it will be busy.

Mail Gateway could be an IIS mail gateway, a Linux machine, a dedicated virtual appliance, etc...  There are advantages and disadvantages to all of them.

But the premise would be the same, on this gateway you simply define a rule of:

users@domaina.com go to Exchange A Server's IP
users@domainb.com go to Exchange B Server's IP
users@domainc.com go to Exchange C Server's IP

This is normally done by having a mapping such as
joe@domaina forwards to joe@exchangeA
joe@domainb forwards to joe@exchangeB
etc...

You tell the gateway to accept for all three domains.

On each exchange follow this article:
http://technet.microsoft.com/en-us/library/bb125159.aspx

And create an SMTP receiver from the gateway for each domain, you should also define all outbound mail to hit the gateway server, and configure the gateway server to deliver mail outbound, this way they can exchange mail between each other without going all the way out to the internet first.

In your DNS you're going to want to point the MX record for all three domains to the one IP that the firewall is listening on.

If you want to explore any of these solutions further I would be happy to provide some more details.  I highly recommend for a professional office using some sort of dedicated email device as your gateway.

I can highly recommend the WatchGuard XCS platform, but there are many many choice here or just simply using a pre-configured Linux virtual machine.
0
 
NWCCSteveAuthor Commented:
Sorry guys, just had to get some more info.

The IP addresses I was given were
203.42.125.120-129, even though my current WAN IP is 203.45.72.168, at the moment I dont really have much setup but eventually I would like to.

Re the Inter Office query, no this will eventually be, (if I can make it work) a HyperV server with a couple of Exchange Servers and a couple of Terminal Servers installed on it, for a couple of small non profit organizations who each have about 4 or 5 staff.

Hope that answer your queries
0
 
chakkoCommented:
You have the public IP addresses already, so you should check your router/firewall configuration.

if you are at 1 of the servers (any one of them), can you access the internet now.  try  www.whatismyipaddress.com and see what IP is shown, that may help reveal what NAT is setup if you don't know the router config.

For, your email question, you should use 3 Public Ip addresses and a NAT to each exchange server.  that will get you 'connected'.  You would set an MX record for each domain/Exchange server also.
you can use IP addresses such as 203.42.125.121 - 203.42.125.123 for your servers just an example).


0
 
NWCCSteveAuthor Commented:
If I go to www.findmyip.com I get 203.45.72.168, when they first set them up I thought it was working because I had a test Terminal Server and could RDP from other sites both my ip 203.45.72.168 as well as all the new 203.42.125.120-129, now I can only RDP using 203.45.72.168.

How can I tell or test if I have the Public IP Addresses they gave me.
0
 
chakkoCommented:
I think your next step is to check your router configuration if you can.  I think you need to configure your router, or check what the configuration is so that you know what is going on.  
You said it worked before, did someone change anything?  Did the power go out on the router during that time? (I am just guessing maybe the configuration was not saved and it may have lost something during a power restart).

Also, you could try to put one of those Public IP addresses on your PC TCP/IP configuration and see if you can get to the internet.  You would need your Gateway setting though, did they provide any IP for the gateway?
0
 
SuperTacoCommented:
What kind of router so you have?   That second set of ips are what you use for the exchange server.  Create an object for each one and thne create a statice route outbound.  If you have a sonicwall, it creats the rout for you
0
 
NWCCSteveAuthor Commented:
I have a Dlink dfl 210 security firewall

I really just need a way to test to see if the additional wan ip addresses I am supposed to have received

0
 
SuperTacoCommented:
than that's simple enough.  this will help you set up a static route on that firewall

ftp://files.dlink.com.au/products/DFL-210/REV_A/SetupGuides/How_to_set_Static_Route_on_LAN.pdf

Just define the other IP addresses as network objects and test.
0
 
NWCCSteveAuthor Commented:
Everyone contributed and for that I thank you all very much. However Anacreo really answered my original question with the most specific answer.

Thanks Everyone once again
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 9
  • 4
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now