Router Information Please.

Discussion in 'Server Networking' started by Joe, Dec 25, 2005.

  1. Joe

    Joe Guest

    Hello,

    I am in need of information on a router that can be used in a small web
    hosting enviroment.

    about 6months ago a very nice group of this community helped me witht the
    multiple IP's on one web server running 2003 ent. edition.

    I am about to upgrade to a T1 and a C block of 256 public IP's.
    We panned out the SSL part by comming to the conclusion that a Watchgaurd or
    Sonicwall router is what I needed.

    My question is, I have never seen the interfaces of this type of router so
    how does each public IP get assigned to the one NIC? Virtual LAN?

    e.g. Public IP xxx.xxx.xxx.120 to router/ Router to Internal IP 192.168.1.4
    Second Public Ip to router xxx.xxx.xxx.130 Router to same NIC for SSL
    enabled site same box, same NIC?

    Thank You
    Joe
     
    Joe, Dec 25, 2005
    #1
    1. Advertisements

  2. Joe

    Chris Priede Guest

    Hi,
    You say "router" (and you will have one of those too), but it really sounds
    like you mean "firewall" here.
    Probably not.
    In this situation -- protecting a web server (or several) with a large
    number of public IP addresses -- you probably should look at transparent
    bridging firewalls:

    http://www.google.com/search?hl=en&q=transparent+firewall
     
    Chris Priede, Dec 25, 2005
    #2
    1. Advertisements

  3. Joe

    Joe Guest

    Thank you Chris for your reply,

    So what is the routing capability of the public IP to the intenal this is
    the confusing part. How to get the IP's routed to that one NIC.

    I am going to look over the info at Cisco thanks


    J0e
     
    Joe, Dec 26, 2005
    #3
  4. Joe

    Chris Priede Guest

    Hi,
    With a transparent firewall, the whole point is you don't: the web server
    would be assigned public IP addresses directly. The firewall would be
    placed in front of it and function as a transparent box that filters what
    gets through; it would not change addresses or route anything.

    Perhaps your question is how to assign more than one address to a network
    card?
     
    Chris Priede, Dec 26, 2005
    #4
  5. Joe

    Joe Guest

    Chris you are correct,

    I did not know this was the function of the transparent firewall. Also the
    second question is what I am after. But I just learned here something very
    valuable thank you

    (Perhaps your question is how to assign more than one address to a network
    card?)

    Yes this is correct can it be done this way also with a good router?

    Please and thank you,
    Joe



    :he
     
    Joe, Dec 26, 2005
    #5
  6. Joe

    Chris Priede Guest

    You would simply assign additional addresses in TCP/IP properties on the
    server:

    http://www.windowsnetworking.com/articles_tutorials/multiipa.html

    If you use a transparent firewall, then you will be assigning your public IP
    addresses and will be done. If you use a NAT firewall, then you will assign
    private addresses and have to configure your firewall to forward each public
    IP address to a specific private address.

    Either will work (for a NAT firewall, you would want to make sure it
    supports many-to-many translation for the required number of clients), but
    the transparent firewall setup would be easier to set up initially and
    easier to manage: if you need to add or move your address assignments
    between servers, you can do so without having to worry about any firewall
    rules. Additionally, if you are eventually going to host other services
    (besides HTTP/HTTPS), some may have issues with servers behind NAT and it
    would be easier to not have that in the way.
     
    Chris Priede, Dec 26, 2005
    #6
  7. Joe

    Joe Guest

    Hello Chris

    I see so in order to do this with a NAT router the router would have to have
    an interface that supports each public IP and the ability to assign many
    Private IP's to that web server.

    I have my servers behind two routers now that I don't think supports this
    and If I were to change the setup now I would loose my connectivity with my
    mailservers.

    I have one router with IP 192.168.1.1 (Webserver connected to it and a
    mailserver)
    I have the second router IP 192.168.1.2 ( DC/AD and mailserver)
    the DHCP is enabled on the 1.1 router
    This works well for me and all ports forwarded to the repective port.

    I see a red flag here when wanting to install a transparent firewall I see
    it as removing the present routers and this I cannot do right now(ormaybe I
    can). I wish this information was available to me then.I wanted to do this in
    the begining.

    So what does transparent firewall run these days? $$$
    What would I do to reconfig this setup to accomadate the trans firewall?
    and if I cannot use this what router out there will do what i want?

    Love to hear some suggestions please

    Signed
    willing to make it work

    Thank You
    Joe
     
    Joe, Dec 27, 2005
    #7
  8. Joe

    Joe Guest

    Chris I have been looking all over the net and I cannot get a grasp on this
    transparent firewall. Information is vague.

    Is it a software or hardware?
    Where is it placed?
    What are you bridging?
    Are routers used?

    I cannot seem to find ths right way to do this. But I am willing to try I
    would love to have the public IP's routed directly to the server.

    Thank you
    Joe
     
    Joe, Dec 27, 2005
    #8
  9. Joe

    Neteng Guest

    Neteng, Dec 28, 2005
    #9
  10. Joe

    Joe Guest

    Neteng Thank you,

    This helped tremendously.

    So this is a piece of hardware i must purchase in order to perform this
    funtion?

    Or can ant router do this?

    Joe
     
    Joe, Dec 28, 2005
    #10
  11. Joe

    Joe Guest

    Neteng Thank you,

    This helped tremendously.

    So this is a piece of hardware i must purchase in order to perform this
    funtion?

    Or can ant router do this?

    Joe
     
    Joe, Dec 28, 2005
    #11
  12. Joe

    Neteng Guest

    A router can not do this. You will need to purchase a firewall that supports
    transparent firewalling. I suggest a Cisco PIX (515 or better).
     
    Neteng, Dec 28, 2005
    #12
  13. Joe

    Joe Guest

    Neteng,

    Thank you so much for your help.This really got me where I needed to be.
    If I am unable to afford this appliance is there a router that can handle a
    multi-NAT situation as this for say.... 16 public IP's? If so,could you
    reccommend one?

    Thank you
    Joe
     
    Joe, Dec 28, 2005
    #13
  14. Joe

    Neteng Guest

    Any router can do it. There are no limitations (other than utilization of
    hardware resources) of NAT translations. A Cisco 2800 series router can do
    it well. You can also get it with the firewall feature set.
     
    Neteng, Dec 28, 2005
    #14
  15. Joe

    Joe Guest

    Neteng,

    Thank you for your help,

    Is there a router with multi-NAT capabilities to maybe handle 16 IP's?

    Thank you
    Joe
     
    Joe, Dec 29, 2005
    #15
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.