how to forward 2 public ip's on diff. subnets to one internal network 2

[projectpete]

We currently host a web server in our company, we have only one public IP from our ISP. We have to host a second web server (both using SSL), our ISP says we only have one ip address on our current block, either we add another block with a different subnet to be able to keep our current ip address or we get rid of our original ip and get two ip's on the same block.

We have alot of home users that use VPN and terminal services, they rely on our original ip address which is why i dont want to abandon it.

I have a nextreme router, can I have two separate ip's coming into one router and be able to forward the public ip's to the porper internal ip's?

 

[pansophic]

You need to configure virtual servers. HTTP/1.1 supports multiple domains on a single web server through the use of the "Host" directive. That is how ISPs host hundreds of web servers on a single machine. Both hostnames in their respective DNS records will point to the same IP address, but when the web broswer connects, it uses the Host directive to tell the server which page to display.

There should be no need for multiple IP addresses or multiple servers.


pansophic

 

[projectpete]

The thing is we need to use separate servers because these are web based software solutions from two separate software vendors and they require us to have their software on their own servers

 

[pansophic]

You can do a simple redirect for one or both of the web-based applications to a non-standard port and have the ports directed by your router to different internal IP addresses. So you still only need a single public IP, and the different port numbers will tell your router which internal server to send the connection to.

But I'd really be concerned about an application that is web-based and is required to be on a separate server. That generally means poor coding and/or a lack of understanding of web servers in general. Neither engenders a vote of confidence.


pansophic

 

[projectpete]

but SSL only allows one cert per ip address, isnt that correct?

 

[pansophic]

SSL really doesn't know anything about Certs (other than to check them against public CAs). X.509 typically (maybe always) only supports 1 cert per IP. But unless you are using a public Certificate Authority to authenticate your server to the client, then it really isn't an issue.

Since it sounds like you are only trying to secure the connection, but not authenticate the server, you just tell the clients to click the "Remember Forever" button when challenged for the certificate the first time that they connect. It will never be an issue after that.


pansophic

 

[LawnBoy]

But I'd really be concerned about an application that is web-based and is required to be on a separate server

I see this frequently for both web apps and databases. The vendor will not support the product unless it is the only package on the server.

I agree that it's stupid and implies incompetence on the vendor's part, but it's not uncommon.



"We must fall back upon the old axiom that when all other contingencies fail, whatever remains, however improbable, must be the truth." - Sherlock Holmes

 

[projectpete]

pansophic thank you very much that worked.

In IE 6 all is fine but IE7 I keep getting certificate mismatch error, because I am using the same ip address for two servers using SSL i cant put in the same URL in the certificate, so the domain name in the cert does not match the ip address

i tried putting the ip address with the port in the cert but ie7 still gives me the cert mismatch error