Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 507
  • Last Modified:

Single Public IP w/Exchange and Web Servers

I have a small business client that's moving from one office to another.  They're currently using a hosted POP server for mail but we need to move them to an Exchange Server before their move in April.  They only have 1 public IP address now for Internet access out and VPN in -- nothing else.  It's a small environment with a SnapGear Firewall on a /24 LAN segment.  Stupid question time.

Normally, I would assign a dedicated IP address for the Exchange Server but they only have one address now.  They will have more available at the new location.  But before they do, can I just use the single IP address for their MX record, then create WAN->LAN Forwarding rule for ports 25 and 443 to the new Exchange Server?

They are also wanting to move their web site from a hosted service to a new internal web server -- but we're not planning on doing that until after they move.  I suppose even so I could still Forward port 80 on the same single IP address/Firewall to the new internal Web Server, too.

So, if I understand this correctly, is the only real reason to use separate public IP addresses is if you will have the same Port number coming in for multiple purposes with separate servers, like HTTPS?  For example, we have an Exchange Server with OWA and a SharePoint Server that both use HTTPS so they would require separate public IP addresses coming into the single Firewall?
0
wchestnut
Asked:
wchestnut
2 Solutions
 
Ned RamsayNetwork Operations ManagerCommented:
Yes you can do port forwarding on the WAN > LAN.

So, SMTP port 25 and 443 goes to the mail server but port 80 goes to the new web-server.

You understand correctly!

You can also do DNS binding on servers, so port 80 goes to a web-server but once it hits the webserver if it was www.domain.com it goes to one website but if it was intranet.domain.com it loads a different site on the same server.

I would speak to your ISP and see how much extra it is to go to 3 or 5 publics. It is usually very cheap.
0
 
Simon Butler (Sembee)ConsultantCommented:
With HTTPS, you need one IP address per address/server. Therefore unless you put SharePoint and Exchange on the same server (not recommended) then you will need multiple addresses.
Otherwise, what you have outlined will work. Although I wouldn't normally recommend self hosting a web site as the headaches with keeping it secure are best left to professionals. If you do decide to do that, then isolate it as much as possible, not on the domain, own IP subnet etc. I would even firewall it off from the rest of the network.

Simon.
0
 
wchestnutAuthor Commented:
Awesome, Thanks, guys!
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now