Single IP, Web hosted on seperate internal server

Hi, after some help!
I ahve SBS2003 standard running with one external IP connected via
broadband. SBS acts as a NAT server and I used remote access etc as usual.

I ahev a second server (Windows 2000 running IIS) on my internal network.

Two questions:-

1. How do I target an incoming web (port 80) request to my second server
which doesn't have a public IP address.

2. What are the security implications of doing this?

I note the concerns about hosting on SBS - hence the separate server.

Many thanks,
Craig

 

You'd have to use the public IP and forward traffic on port 80 to the LAN IP
of the other server through your firewall/ISA. This means that if you aren't
using SSL for OWA, you aren't going to be able to get to OWA from the
Internet, mind...or if you were using port 80 for something else.

It's still on your LAN, not even in a DMZ, so I still advise against this.
Also, even in a DMZ, you need to run IISLockdown and URLScan on it - note
that IIS is probably the most heavily attacked MS product, so it wouldn't be
my choice if I were setting up a public webserver...I even wish I could run
OWA on another platform, but that's another story.

I do suggest that small offices just pay for external webhosting accounts -
a simple account should cost about $10/mo or so and is worth the cost. k

 

Many thanks for your advice.

I would love to use public web hosting but I need to run a customer
application that uses data on our network. Looks like I am back to the DMZ
and expensive firewall.

Thanks again,

Craig.

 

OK - just be *very* careful what ports you open up, and in which direction,
between DMZ and LAN or you'll turn your DMZ into tissue paper. I wouldn't
open up anything from DMZ to LAN - don't know what your apps are, but
perhaps you can schedule some sort of export of the data from LAN to server
in DMZ.

Don't make the web server a DC, and make sure you lock it down as I
mentioned with IISLockdown and URLScan.