Running Apache and IIS on Same LAN (Both Port 80)

  • Thread starter Thread starter Bob Haroche
  • Start date Start date
B

Bob Haroche

For my web development/testing set up, I'm currently running a
publicly accessible website behind a Netgear router. The router has a
public IP and routes port 80 requests to my Win 2K workstation. No
problem.

I now want to run both Apache and IIS on different boxes and have both
respond to public HTTP requests on port 80 (for different Internet
domains obviously). In addition, I want both boxes to be accessible
from within my internal LAN. The Apache server will continue to run on
Win2K Pro, and the IIS server will run on Win 2003 server.

I have 5 static IP's. I'm thinking I might be able to do this by using
two NIC's on the IIS/Win 2003 box, one assigned a public IP, the other
assigned an internal IP. The Netgear router will continue to use a
different public IP and route traffic within the LAN. Since this is a
bit tricky (for me) to fully describe, I have a diagram here:

www.onpointsolutions.com/LAN.gif

Will this set up work so that the two boxes can see each other within
the LAN and each can also act as public web server on port 80? Is
there a better way? (I thought of assigning two IP's to a single NIC
but I need different gateways for the internal LAN and Internet WAN,
and that apparently won't work in the windows environment).

I'm by no means a network expert and am new to Windows server, so any
links to further resources on this issue would be great. Thanks in
advance.
 
Running them on the same LAN is no problem; on the same
server/different ports is no problem; mapped or reserved through
multiple IP addresses on a NAT/firewall etc.

You cannot assign two programs to the same IP/Port combo.

Principle:
An IP address identifies a unique machine in an internetwork.
A port number identifies a unique program (service) on a machine.

An IP address and PORT identifies a specific instance of a program
running on a particular machine in an Internetwork.

Bob Haroche said:
For my web development/testing set up, I'm currently running a
publicly accessible website behind a Netgear router. The router has a
public IP and routes port 80 requests to my Win 2K workstation. No
problem.
Click to expand...

If you only have ONE IP on the public side of a translator (NAT) then
you must refer to one of the inside servers using a different port.
I now want to run both Apache and IIS on different boxes and have both
respond to public HTTP requests on port 80 (for different Internet
domains obviously). In addition, I want both boxes to be accessible
from within my internal LAN. The Apache server will continue to run on
Win2K Pro, and the IIS server will run on Win 2003 server.
Click to expand...
I have 5 static IP's. I'm thinking I might be able to do this by using
Click to expand...

Then if you router won't map different machines you must replace it
with one that will. Win2000+ NAT does this just fine. Most little
routers/NAT boxes probably can too.
 
Thanks for the reply, Herb.
If you only have ONE IP on the public side of a translator (NAT)
then you must refer to one of the inside servers using a
different port.
Click to expand...

Yes, but per my proposed plan (www.onpointsolutions.com/LAN.gif), I
was going to use a switch to send one of my public IPs to my LAN
router and from there onto my apache box, and send another of my
public IPs directly to my IIS box, and thereby avoid having to use
different ports for the two servers since the servers will be on
different boxes with different public IPs. I know I can do this...I
already tested it with two workstations.

The challenge is for me to get the two machines to then see eachother
within the LAN. Currently they can't because one has an internal
IP/subnet mask/gateway and the other has a public IP and a different
subnet mask/gateway. To remedy this situation, I was going to connect
my LAN router to a SECOND NIC on my IIS box, and assign that second
NIC an internal IP with the same subnet mask/gateway as the other
machine. Will that not work?

Am I even close to making sense? Thanks.
 
Thanks for the reply, Herb.


Yes, but per my proposed plan (www.onpointsolutions.com/LAN.gif), I
was going to use a switch to send one of my public IPs to my LAN
router and from there onto my apache box, and send another of my
public IPs directly to my IIS box, and thereby avoid having to use
different ports for the two servers since the servers will be on
different boxes with different public IPs. I know I can do this...I
already tested it with two workstations.

The challenge is for me to get the two machines to then see eachother
within the LAN. Currently they can't because one has an internal
IP/subnet mask/gateway and the other has a public IP and a different
subnet mask/gateway. To remedy this situation, I was going to connect
my LAN router to a SECOND NIC on my IIS box, and assign that second
NIC an internal IP with the same subnet mask/gateway as the other
machine. Will that not work?
Click to expand...

Possibly. But why not use a ROUTE on your systems to pass through the
switch/router?

Jeff
 
Jeff said:
Possibly. But why not use a ROUTE on your systems to pass through
the switch/router?
Click to expand...

Can you elaborate? As I said, I'm relatively new to networking, having only
set up simple peer-to-peer networks. I understand port mapping, I understand
basic DHCP through a router, but I don't know what using a ROUTE means.
 
Yes, but per my proposed plan (www.onpointsolutions.com/LAN.gif), I
was going to use a switch to send one of my public IPs to my LAN
router and from there onto my apache box, and send another of my
public IPs directly to my IIS box, and thereby avoid having to use
different ports for the two servers since the servers will be on
different boxes with different public IPs. I know I can do this...I
already tested it with two workstations.
Click to expand...

That's why I answered the way I did -- if you can manage to get two
public addresses or some other method to distinguish them then you
can accomplish it.

But without special tools, you need a different IP or a different port
(or both) for each running program instance.
 
Can you elaborate? As I said, I'm relatively new to networking, having only
set up simple peer-to-peer networks. I understand port mapping, I understand
basic DHCP through a router, but I don't know what using a ROUTE means.
Click to expand...

You may not even need a route, at least on one side. You set the
router's IP address as the default gateway on the server that is
internal, and configure a ROUTE to the internal system on the external
one. Check the help for the ROUTE command, basicaly you want anything
destined for the internal network range to be sent to the router.

Jeff
 
Here's the rule: If you only have ONE router then you don't
need additional static routes but can merely use the Default
Gateway since EVERYTHING goes to that router which is
the only router "off the local subnet."

This applies to routers too. If a router is "on the edge", i.e.,
connected to only ONE other router, the it uses that other
router as it's own default gateway.

A router can always "see" everything to which it is directly
connected but must have a route for each "area" behind
another router to which it is connected. With only one other
router, the default gateway takes care of it.

When a router is between other routers, i.e., connected to
more than one, it can only use the default gateway setting for
the "largest" area -- which on small networks is usually the
Internet and so the router between your internal network
an the Internet uses the ISP (or other upstream) router as the
default gateway, but it must have an EXPLICIT route added
to "see the area behind" any additional routers.
 
You may not even need a route, at least on one side. You set the
router's IP address as the default gateway on the server that is
internal, and configure a ROUTE to the internal system on the
external
Click to expand...

And this will permit two separate, publicly accessible web servers to BOTH
run on Port 80?

FWIW, I've decided to set up a linux/firewall box using ipcop
(www.ipcop.org) which lets me set two public IP's on an external facing NIC,
and then route to the separate servers based on IP, allowing both to listen
on Port 80.

Thanks for the response though.
 
Back
Top