Single Public IP w/Exchange and Web Servers

I have a small business client that's moving from one office to another.  They're currently using a hosted POP server for mail but we need to move them to an Exchange Server before their move in April.  They only have 1 public IP address now for Internet access out and VPN in -- nothing else.  It's a small environment with a SnapGear Firewall on a /24 LAN segment.  Stupid question time.

Normally, I would assign a dedicated IP address for the Exchange Server but they only have one address now.  They will have more available at the new location.  But before they do, can I just use the single IP address for their MX record, then create WAN->LAN Forwarding rule for ports 25 and 443 to the new Exchange Server?

They are also wanting to move their web site from a hosted service to a new internal web server -- but we're not planning on doing that until after they move.  I suppose even so I could still Forward port 80 on the same single IP address/Firewall to the new internal Web Server, too.

So, if I understand this correctly, is the only real reason to use separate public IP addresses is if you will have the same Port number coming in for multiple purposes with separate servers, like HTTPS?  For example, we have an Exchange Server with OWA and a SharePoint Server that both use HTTPS so they would require separate public IP addresses coming into the single Firewall?
wchestnutAsked:
Who is Participating?
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
With HTTPS, you need one IP address per address/server. Therefore unless you put SharePoint and Exchange on the same server (not recommended) then you will need multiple addresses.
Otherwise, what you have outlined will work. Although I wouldn't normally recommend self hosting a web site as the headaches with keeping it secure are best left to professionals. If you do decide to do that, then isolate it as much as possible, not on the domain, own IP subnet etc. I would even firewall it off from the rest of the network.

Simon.
0
 
Ned RamsayConnect With a Mentor Network Operations ManagerCommented:
Yes you can do port forwarding on the WAN > LAN.

So, SMTP port 25 and 443 goes to the mail server but port 80 goes to the new web-server.

You understand correctly!

You can also do DNS binding on servers, so port 80 goes to a web-server but once it hits the webserver if it was www.domain.com it goes to one website but if it was intranet.domain.com it loads a different site on the same server.

I would speak to your ISP and see how much extra it is to go to 3 or 5 publics. It is usually very cheap.
0
 
wchestnutAuthor Commented:
Awesome, Thanks, guys!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.