Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

GW6 Webaccess design question... 3

Status
Not open for further replies.
rfnelson

rfnelson

IS-IT--Management
May 16, 2002
22
US
I've got two NSBS6.0.3 servers, post SP3 recommended patches, 25 user license. Both have 1GB+ ram.

One ("MAIN") is has DNS, DHCP, Groupwise 6.0.3 (domain, MTA, POA, and GWIA), GW Webaccess (application and agent), and NW web access components (NetStorage, iFolder, etc.). My second server ("BORDER") is available for BorderManager, although I'm waiting for an upgrade to BM3.7 before I enable the Bordermanager components. All external access to our intranet is through a wireless router with it's own NAT and some packet filtering/forwarding/DMZ capabilities.

When I installed GW Web Access, I used a secondary IP address. Now this has come back to bite me... I've got our ISP's external DNS pointing to the router ("webaccess.company.com"), and our internal DNS pointing to the MAIN server IP ("webaccess.company.com"-192.168.1.10), but, since GW Web Access is on a different internal IP address (192.168.1.20), I don't get GWWA to work from the Internet since the webaccess.company.com/servlet/webacc "calls" an internal IP address (I've tried changing the GW web access link using both DNS and IP addresses in C1).

During this testing, I'm simply opening port 80 and forwarding it to my MAIN server IP.

My question (sorry to be so verbose): Can I place a second GW Webaccess agent and/or GW Webaccess application on the private side of the Border server to facilitate better security (once I have BM3.7 running), or would it be better to have my ISP add another "A" DNS record for the second internal IP address ("gwaccess.company.com" internally) and use a reverse proxy to serve up the NetStorage/iPrint/iFolder information to the BORDER server? Would either of these correct my problem, or is there an easier way?

TIA,
RFN


--
RFNelson

"What was that?"
 
Sort by date Sort by votes
I'm not sure about the complicated questions, but I had a similar problem with a Win2000 IIS Box Webaccess App outside of the firewall calling an internal IP address. The only way I could fix it is to reinstall the App on the Win2000 IIS Box and instead of inserting an IP address, I put in a dummy company.com domain name. Then, I edited the host file in system32\drivers\etc directory of the Win2000 IIS Box to link company.com to an external NAT address linked to the internal address on which the agent is listening. I had to copy the commgr.cfg file from the server to the webaccess subdir. on the Win2000 Box to get it to work. Works like a charm.
 
Upvote 0 Downvote
Personally, I think you'd be better off having two external public IP addresses. Then have a Static NAT that translates one to the web services, and one to Groupwise.

You could have a MAIL.DOMAIN.COM and WEB.DOMAIN.COM, each with their own IP that translates one-one to the internal private address.

I think that would be easier than trying to do the other stuff you were talking about.




Marvin Huffaker MCNE, CNE
Marvin Huffaker Consulting
 
Upvote 0 Downvote
Thanks guys! I like the approach Marvin indicated, but I don't think I can get a second IP address from our ISP - we're running on wireless to them, and a single address is all we've been issued (although it's DHCP assigned, they have provided a "fixed" address by linking our router's MAC address to the IP address.)

BigGuySmall's approach is the one I'll have to consider, unless I can figure out a way to get the Apache server (running on the BorderManager NW6 server) to redirect external URL's to the appropriate internal Apache instances (one for GW Webaccess, and one for NW Webaccess). I do have two external DNS entries, one for GW and one for NW Webaccess, but both now point to the same public IP address (our router).

Thanks for the assistance, and any additional advice is appreciated.

RFNelson
***

--
RFNelson

"What was that?"
 
Upvote 0 Downvote
I have a Firewall set up between our Router (w/Public IP) and our network (w/Private IP). Our ISP's DNS points both SMTP (port 25) and WebAccess (port 80) to the public IP address of our router. The router feeds the Firewall and the Firewall points the 2 ports to the proper servers. Our GWIA runs on a different server than the WebAccess server but GWinter.nlm is on the server with the GWIA. Everything is behind the FireWall. I've never had a problem with anything running this way.

HTH
Ken
 
Upvote 0 Downvote
Ken:

Thanks for the reply... that's what we finally did. (Since we're already running on a router for our wireless ISP connection, I was able to set "forwarding" on the router to route the appropriate ports to different internal IP addresses.)

Everything's working now.

Thanks again!


--
RFNelson

"What was that?"
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mktwizard
  • Locked
  • Question
Appointment Alarm - length of time on screen - gw6
Replies
0
Views
50
mktwizard
mktwizard
9iron
  • Locked
  • Question
Webaccess stopped working
Replies
6
Views
104
terry712
terry712
k3n85
  • Locked
  • Question
WebAccess partially slow
Replies
6
Views
91
terry712
terry712
deejay33
  • Locked
  • Question
DB Copy Question
Replies
8
Views
102
brichr
brichr
dweston
  • Locked
  • Question
GroupWise WebAccess Issue
Replies
1
Views
82
marvhuffaker
marvhuffaker

Part and Inventory Search

Sponsor

Back
Top