Web Server on SBS

[dr486]

Hi All,

I have a Windows 2003 SBS box with two network cards.

One card is 10.1.1.2 and connects to the router which is 10.1.1.1 and is used for our internet connection

The other card is 192.168.3.1 and is used for our internal network.

I have tried using Routing and Remote access->NAT/Basic Firewall to forward Port 80 to a computer which is on the local network

I have gone to ADSL Internet Connection and under Properties->Services and Ports I have selected Web Server (HTTP). In the dialog that comes up I have entered the IP address of the computer in the local network that will be Web Server

I've opened ports on my firewall to allow incoming connections but no luck

Any help would be appreciated

DR

 

[ShackDaddy]

ADSL firewall/router needs to forward HTTP traffic to your SBS Server's IP. The SBS server needs to forward HTTP traffic to your internal webhost. In an ideal world in which the SBS Server waits eagerly to forward traffic for you, this would probably work.

There will still be issues though, since the SBS server itself is listening on port 80 for requests made to its own IIS sites.

If this was my problem, I'd remove one of the network cards and run your entire network in the 192.168.3.0 space, including the internal interface of your firewall. Have your router forward HTTPS traffic to your SBS box and have it forward HTTP traffic to your internal web server. If you don't have ISA, SBS isn't a great firewall, and messing with two layers of NAT isn't fun either.

Dave Shackelford
Shackelford Consulting

 

[dr486]

Thanks for the response Dave.

I will probably run the Web server in the 10.1.1.0 range and forward port 80 from the router directly to the Web server. This will save me having to try and route the port through SBS. I was planning on using the Web server for other purposes but I think I will get a dedicated Web server.

Thanks again...DR

 

[ShackDaddy]

That's a good solution too.

Dave Shackelford
Shackelford Consulting

 

[wahnula]

Single NIC???

ShackDaddy, isn't that SBS heresy???

I ran a single-NIC SBS box for about six months (in 2005) and was bashed on the SmallBizServer forums.

Tony

Users helping Users...

 

[ShackDaddy]

I unapologetically ONLY install single-NIC SBS boxes. I NEVER install ISA (although I do support it if it exists when I pick a client up). I prefer hardware firewalls and a simple single-NIC deployment. I guess maybe I built my mental architecture in my PIX/CheckPoint management days, but I like to keep things simple.

SBS 2008 is built to primarily support single-NIC deployments, and even the Premium edition doesn't come with ISA anymore...

I believe in full separation of layers, and the ability to troubleshoot from between each layer is critical to me, and with ISA, sometimes you're trying to figure out if the wart you are trying to remove is on top of or behind a tattoo...

Dave Shackelford
Shackelford Consulting

 

[wahnula]

So the only advantage to dual-NIC deployments is its ability to implement ISA? My simplistic mind sees a separation of cloud and local as a good way to monitor and secure the network. Guess my knowledge does not go deeply enough to know both arguments.

I did use SBS at first as a single-NIC box, it worked fine, but I thought routing all traffic through the SBS box would give me more flexibility and security. I will need to study the issue.

Tony

Users helping Users...

 

[ShackDaddy]

Well, my scenario-in-mind always includes the single-NIC being on the internal network, on the same switch as the clients, with all computers being behind a firewall. If the firewall has multiple LAN ports, usually the server is on one, and the main switch is on another. I guess some of it depends on what kind of firewall and whether you proactively manage and monitor outbound traffic if that's the concern. I also just don't like to put clients behind two layers of NAT. That makes certain things difficult to troubleshoot.

Dave Shackelford
Shackelford Consulting