Solved

Single Public IP w/Exchange and Web Servers

Posted on 2014-01-24
3
485 Views
Last Modified: 2014-01-24
I have a small business client that's moving from one office to another.  They're currently using a hosted POP server for mail but we need to move them to an Exchange Server before their move in April.  They only have 1 public IP address now for Internet access out and VPN in -- nothing else.  It's a small environment with a SnapGear Firewall on a /24 LAN segment.  Stupid question time.

Normally, I would assign a dedicated IP address for the Exchange Server but they only have one address now.  They will have more available at the new location.  But before they do, can I just use the single IP address for their MX record, then create WAN->LAN Forwarding rule for ports 25 and 443 to the new Exchange Server?

They are also wanting to move their web site from a hosted service to a new internal web server -- but we're not planning on doing that until after they move.  I suppose even so I could still Forward port 80 on the same single IP address/Firewall to the new internal Web Server, too.

So, if I understand this correctly, is the only real reason to use separate public IP addresses is if you will have the same Port number coming in for multiple purposes with separate servers, like HTTPS?  For example, we have an Exchange Server with OWA and a SharePoint Server that both use HTTPS so they would require separate public IP addresses coming into the single Firewall?
0
Comment
Question by:wchestnut
3 Comments
 
LVL 7

Assisted Solution

by:Ned Ramsay
Ned Ramsay earned 250 total points
ID: 39807562
Yes you can do port forwarding on the WAN > LAN.

So, SMTP port 25 and 443 goes to the mail server but port 80 goes to the new web-server.

You understand correctly!

You can also do DNS binding on servers, so port 80 goes to a web-server but once it hits the webserver if it was www.domain.com it goes to one website but if it was intranet.domain.com it loads a different site on the same server.

I would speak to your ISP and see how much extra it is to go to 3 or 5 publics. It is usually very cheap.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 250 total points
ID: 39807565
With HTTPS, you need one IP address per address/server. Therefore unless you put SharePoint and Exchange on the same server (not recommended) then you will need multiple addresses.
Otherwise, what you have outlined will work. Although I wouldn't normally recommend self hosting a web site as the headaches with keeping it secure are best left to professionals. If you do decide to do that, then isolate it as much as possible, not on the domain, own IP subnet etc. I would even firewall it off from the rest of the network.

Simon.
0
 

Author Closing Comment

by:wchestnut
ID: 39807569
Awesome, Thanks, guys!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article explains how to install and use the NTBackup utility that comes with Windows Server.
In-place Upgrading Dirsync to Azure AD Connect
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video discusses moving either the default database or any database to a new volume.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question