Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Multiple Websites, one External IP

Posted on 2013-06-26
10
312 Views
Last Modified: 2013-07-15
I wanted to know how this normally works, I'm very new to websites and hosting, and I have to get one going for our site. We already have a webmail server going for our users.

For example we have a site linking to our SBS 2011 at ex. webmail.com

We are also installing an application server. ex. application.com

Let's say they only have one external address of 1.1.1.1


For example we have a Godaddy account that host both of the external DNS names, and both points to 1.1.1.1..

Can we still use just one external IP addresses? I called the ISP and apparently we have 4 external IP addresses allocated for us. Is there a point for that? I see a couple of them are dedicated for VPN's.
0
Comment
Question by:Pancake_Effect
  • 3
  • 2
  • 2
  • +3
10 Comments
 
LVL 52

Assisted Solution

by:Scott Fell, EE MVE
Scott Fell,  EE MVE earned 71 total points
ID: 39278633
It is typical to have many sites on one IP.  I don't know about SBS, but with windows server 2012, you can now have multiple SSL domains on one IP.
0
 
LVL 6

Assisted Solution

by:Manuel Marienne-Duchêne
Manuel Marienne-Duchêne earned 71 total points
ID: 39278702
Yes it's possible you configure IIS with multiple identity and web server
0
 
LVL 4

Author Comment

by:Pancake_Effect
ID: 39278764
How would you specify something like that? Because right now when I visit the address it directs automatically to the mail server.

For example on my local network the SBS is on: 192.168.100.1
And the application server is on: 192.168.100.2

Locally I already have A records on our internal DNS that link:
192.168.100.1 to mail.server.com
192.168.100.2 to application.com


How would I make application.com when visiting externally link to our internal 192.168.100.2?
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 12

Assisted Solution

by:TomRScott
TomRScott earned 144 total points
ID: 39279063
Does the application addressed with application.com use a different port than your mail.server.com?  If so, then the firewall can use port forwarding for the server/target ports.  For each public IP address (assuming in your case, for the one public IP address), public client traffic attempting to access your server via a specified port is redirected to the appropriate private server.

It might be useful to see a diagram to be more specific.

Regarding IIS (the web server service from Microsoft and on SBS), it can host multiple web sites using just one IP address.

 - Tom
0
 
LVL 4

Author Comment

by:Pancake_Effect
ID: 39279410
Well the SBS is using port 443, and so does the application server we want. I already tried port forwarding it, and it didn't allow me to use that port twice to be redirected.

We only have one IP that shows up when I do a showmemyip on the net, but I believe we have 3 other allocated to us because of our size. I believe only one other one is in use, I believe they are just using it for remote connections for another server.

I'm guessing we I have to use a separate IP if the both my mail and application server uses port 443?
0
 
LVL 12

Accepted Solution

by:
TomRScott earned 144 total points
ID: 39279500
I was wondering if that might be the case.

If you have a spare public address it would be simpler to use it as follows:
1 - Add second address to the same public interface of your firewall
2 - Create the address objects, rules, etc on the firewall for BOTH web sites
3 - Add/change public DNS to add the yyy.application.com FQDN
Note: I would advocate leaving the mail configuration alone and move the application.com application to the new public address.

You may be able to use a single public IP if you also consolidate both services on the same server with the same private IP but may run into problems with your mail server if using OWA/Exchange.  I have NOT had OWA cohabitate with a "regular" web site on a given web host. Further, the certificate requirements of OWA have been changing from version to version of Exchange and I have not worked with anything since Exchange 2007 using OWA.

One advantage of using two private and two corresponding public addresses is flexibility. By doing so, it would only require "tweaks" to firewall configuration to move one application or the other to a different private server even to a different site.

 - Tom
0
 
LVL 27

Assisted Solution

by:skullnobrains
skullnobrains earned 143 total points
ID: 39292292
you need one of the server to accept all traffic

this server then makes use of the host: header to identify the traffic that should go to the other server and proxy it accordingly (probably without SSL since that would be useless overhead on your LAN)

you'll need a single SSL cert on the server that faces the internet with ALL the names for all the virtual sites because the SSL negotiation occurs prior to the headers reception.

i'd recommend you do not proxy OWA traffic but rather use the SBS to proxy somewhere else

if you do have multiple external adresses, you really had better not bother with any of this stuff
0
 
LVL 6

Assisted Solution

by:pgstephan
pgstephan earned 71 total points
ID: 39303441
A load balancer with SSL offload, single SSL certificate (try F5).
Your F5 load balancers can at the same time proxy the OWA, then you have single host to manage all your front end. Then based on the subsequent headers the F5 will be able to forward the traffic to the relevant application (excluding the OWA).

Bear in mind that F5 recently received a certification for the BIG-IP as a real firewall now. So you may just want to get ride of your front end and use F5 as your front end for both, front facing firewall, SSL offload and OWA reverse proxy.
I know people would still want to see a firewall in front of their Internet connection but things have really changed with F5 and I'm seeing them front end for some banking websites. So you can really rely on them.
0
 
LVL 27

Assisted Solution

by:skullnobrains
skullnobrains earned 143 total points
ID: 39303752
if you can afford to add a separate machine, any software vhost and proxy capable such as many web servers (apache, nginx, lighttpd ...) and many software load balancers ( stunnel + haproxy for example ) will do the job.

a pentium 3 with such software will deal with 100 Mo/s throughput easily (and actually more in most cases but you'll hardly find a P3 with a Gb network card), and any dedicated old machine with a Gb network card will do the same job as commercial products (IE saturate the 1Gb network with neglectible added latency)
0
 
LVL 4

Author Closing Comment

by:Pancake_Effect
ID: 39326736
Thanks!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question