Help In network configuration.

  • Thread starter Thread starter Chip
  • Start date Start date
C

Chip

Hi,

I guess I might not be posting my query in right place.
But I thanks in advance if someone can suggest me a
solution or a right news group..

I am doing sketch for a newtork configuration. The network
will have 24 application servers, 2 Central Servers (
hosting IIS(www,ftp,smtp), SQL Server 2000.

The application servers will be interfaced to a PSTN &
the 2 Central servers will be on Public IP Network. since
I cannot buy 24 public IPs for the application servers I
want to put them in private network . Now how do I make
the application servers which are in private network to
communicate with Central Servers of Public network?.

I need this so that the application server can communicate
with MS SMTP of Central Server for sending emails using
CDO and communicate with SQL Server for some other
operations. The application servers should also be able
to access Internet for Just in case for windows Updates,
virus updates etc.

I am looking for a hardware based solution at a reasonable
cost. something like Network Address Translating device.

Regards

Chip
 
You can put all these servers on a single ethernet network and use a
hardware router to map the 2 public IPs to the Central Servers. You don't
tell us what kind of Internet connection you have, but an example of a full
featured Cable/DSL router is: http://dlink.com/products/?pid=66 - cost
about $300 - you can probably find suitable devices for less. The DSL 300
and many other such devices also provide DMZ support so you can isolate your
public servers for extra security.

You could also configure a software router by installing a second NIC card
in one of your Central Servers, connect all other machines through a switch
to one NIC, and connect the other NIC to your Internet connction. Then use
Win2k or Server 2003 RRAS to configure NAT, map the other IP address, etc.

Don't know exactly how your PSTN fits into all of this.

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
 
Hi Doug,

Thanks for your valuable inputs. Since this will be a 24x7
production setup, I cannot afford for a software NAT.

Firstly, I will be having a 1Mbps internet bandwidth from
a ISP which is expected to be terminated on
Firewall/router. From that point I will pull a RJ45 Cable
to a Gigabit Switch. Assign two public IPs to the 2
Centralised Servers & gateway settings(these servers will
have their own SAN boxes)and open relevant ports in the
firewall. The application Servers will have private IP's
and as i wrote earlier.. they should be able to talk to
Central Servers. Any other Ideas?

Sorry I thought it would be a lengthy post initially &
restricted myself.

Sincere Regards

Chip
 
The DLink and many other routers will easily meet your requirements. I
mentioned the DLink because it is capable of mapping more than one public IP
address - a feature which some cheaper routers don't offer.

The idea is to assign private IP addresses to all computers including your
'Central Servers'. That way they can all communicate with eachother. You
then use your hardware router to map the public IPs or appropriate ports to
the private IP addresses of your Central Servers. As I said previously, you
could also place the Servers in a DMZ and the router would still allow you
to communicate with them. This is another feature supported by routers such
as the DLink.

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
 
Hi Doug,

Thanks a lot for the followup. I have found a
Firewall/Router from the same DLink family which is for
Corporates and Medium Business requirements and available
in my region.
http://www.dlink.co.in/dlink/Products/firewalls/dfl1000.htm

I was able put something on paper from the Inputs I got
from you and after studying the features supported by the
product.

1] I will terminate the line I get from ISP on external
port of a router.

2] I will run a cable from Internal Port of router to the
external port of firewall.

3]Run a cable from Firewall's "LAN internal Port" to the "
LAN Switch"

4]Run a cable from Firewall's "DMZ Port" to Central
Servers Switch.

5]Configure Firewall for NAT and PAT ( hopefully this will
be done by the vendor based on our requirements) so that
the application servers will be able to access the DMZ as
well as Internet. Apply firewall policies to
access/restrict DMZ network from outer world.

Was I able to do some homework? :-)

Also I have one doubt.. Do the MS SMTP services in DMZ
network be able to deliver mails to other domains?
In the Hardware description of product is says..

**DMZ Port: Use this port to connect to the company's
server(s), which needs direct connection to the Internet (
FTP, SNMP, HTTP, DNS).**

Thanks for your patience.

Sincere Regards

Chip
 
Back
Top