Multiple Websites, one External IP

I wanted to know how this normally works, I'm very new to websites and hosting, and I have to get one going for our site. We already have a webmail server going for our users.

For example we have a site linking to our SBS 2011 at ex. webmail.com

We are also installing an application server. ex. application.com

Let's say they only have one external address of 1.1.1.1


For example we have a Godaddy account that host both of the external DNS names, and both points to 1.1.1.1..

Can we still use just one external IP addresses? I called the ISP and apparently we have 4 external IP addresses allocated for us. Is there a point for that? I see a couple of them are dedicated for VPN's.
LVL 4
Pancake_EffectAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
TomRScottConnect With a Mentor Commented:
I was wondering if that might be the case.

If you have a spare public address it would be simpler to use it as follows:
1 - Add second address to the same public interface of your firewall
2 - Create the address objects, rules, etc on the firewall for BOTH web sites
3 - Add/change public DNS to add the yyy.application.com FQDN
Note: I would advocate leaving the mail configuration alone and move the application.com application to the new public address.

You may be able to use a single public IP if you also consolidate both services on the same server with the same private IP but may run into problems with your mail server if using OWA/Exchange.  I have NOT had OWA cohabitate with a "regular" web site on a given web host. Further, the certificate requirements of OWA have been changing from version to version of Exchange and I have not worked with anything since Exchange 2007 using OWA.

One advantage of using two private and two corresponding public addresses is flexibility. By doing so, it would only require "tweaks" to firewall configuration to move one application or the other to a different private server even to a different site.

 - Tom
0
 
Scott Fell, EE MVEConnect With a Mentor DeveloperCommented:
It is typical to have many sites on one IP.  I don't know about SBS, but with windows server 2012, you can now have multiple SSL domains on one IP.
0
 
Manuel Marienne-DuchêneConnect With a Mentor ITMCommented:
Yes it's possible you configure IIS with multiple identity and web server
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
Pancake_EffectAuthor Commented:
How would you specify something like that? Because right now when I visit the address it directs automatically to the mail server.

For example on my local network the SBS is on: 192.168.100.1
And the application server is on: 192.168.100.2

Locally I already have A records on our internal DNS that link:
192.168.100.1 to mail.server.com
192.168.100.2 to application.com


How would I make application.com when visiting externally link to our internal 192.168.100.2?
0
 
TomRScottConnect With a Mentor Commented:
Does the application addressed with application.com use a different port than your mail.server.com?  If so, then the firewall can use port forwarding for the server/target ports.  For each public IP address (assuming in your case, for the one public IP address), public client traffic attempting to access your server via a specified port is redirected to the appropriate private server.

It might be useful to see a diagram to be more specific.

Regarding IIS (the web server service from Microsoft and on SBS), it can host multiple web sites using just one IP address.

 - Tom
0
 
Pancake_EffectAuthor Commented:
Well the SBS is using port 443, and so does the application server we want. I already tried port forwarding it, and it didn't allow me to use that port twice to be redirected.

We only have one IP that shows up when I do a showmemyip on the net, but I believe we have 3 other allocated to us because of our size. I believe only one other one is in use, I believe they are just using it for remote connections for another server.

I'm guessing we I have to use a separate IP if the both my mail and application server uses port 443?
0
 
skullnobrainsConnect With a Mentor Commented:
you need one of the server to accept all traffic

this server then makes use of the host: header to identify the traffic that should go to the other server and proxy it accordingly (probably without SSL since that would be useless overhead on your LAN)

you'll need a single SSL cert on the server that faces the internet with ALL the names for all the virtual sites because the SSL negotiation occurs prior to the headers reception.

i'd recommend you do not proxy OWA traffic but rather use the SBS to proxy somewhere else

if you do have multiple external adresses, you really had better not bother with any of this stuff
0
 
pgstephanConnect With a Mentor Commented:
A load balancer with SSL offload, single SSL certificate (try F5).
Your F5 load balancers can at the same time proxy the OWA, then you have single host to manage all your front end. Then based on the subsequent headers the F5 will be able to forward the traffic to the relevant application (excluding the OWA).

Bear in mind that F5 recently received a certification for the BIG-IP as a real firewall now. So you may just want to get ride of your front end and use F5 as your front end for both, front facing firewall, SSL offload and OWA reverse proxy.
I know people would still want to see a firewall in front of their Internet connection but things have really changed with F5 and I'm seeing them front end for some banking websites. So you can really rely on them.
0
 
skullnobrainsConnect With a Mentor Commented:
if you can afford to add a separate machine, any software vhost and proxy capable such as many web servers (apache, nginx, lighttpd ...) and many software load balancers ( stunnel + haproxy for example ) will do the job.

a pentium 3 with such software will deal with 100 Mo/s throughput easily (and actually more in most cases but you'll hardly find a P3 with a Gb network card), and any dedicated old machine with a Gb network card will do the same job as commercial products (IE saturate the 1Gb network with neglectible added latency)
0
 
Pancake_EffectAuthor Commented:
Thanks!
0
All Courses

From novice to tech pro — start learning today.