Hosting a FTP server using Windows 2003 server

The 55 clients are all on the LAN, behind a NAT router. Each client is
running DHCP off one of the Windows 2003 servers and has their default
gateway pointing to the NAT router.

My concern is that adminisration of the FTP server running Windows 2003 will
be a burden, if it is not part of the domain.

Is this a balance of risk versus administrative overhead.

In principle, should I be running a Windows 2003 server on a DMZ as part of
the domain on the LAN?

TX in advance

Maurice

_________________________________



NO, it should not be part of the domain!!!

Are the 55 clients on the 'outside' or on your LAN? Your post is a bit
confusing.

"Maurice Bishop" <(E-Mail Removed)> wrote in message
news:44025e37$0$82635$(E-Mail Removed)...
> I have a need to host a FTP server on a LAN with approximately 55 clients.
>
> All of the clients need to access the FTP server to read and write.
>
> Rather than open port 21 on the NAT firewall and forward the traffic onto
a
> local LAN IP address (insecure), I plan to put the FTP server on the
router
> DMZ (secure).
>
> As the DMZ is designed to let LAN traffic access the machine on the DMZ,
but
> deny access from the FTP server onto the LAN, what is the correct way to
> setup the FTP server?
>
> Presently, the FTP server is loaded with Windows 2003 Sever R2 and is part
> of the Windows 2003 domain, off the DMZ.
>
> Should the FTP server be a member of the Windows 2003 domain?
>
> TX for help in advance
>
> Maurice
>
>
>

Running a DC in the DMZ defeats almost all the reasons for having a DMZ
in the first place. You have to punch so many holes in the firewall to allow
a DC to function that there is not much point in having a firewall between
the DMZ and the LAN at all.

Maurice Bishop wrote:
> The 55 clients are all on the LAN, behind a NAT router. Each client is
> running DHCP off one of the Windows 2003 servers and has their default
> gateway pointing to the NAT router.
>
> My concern is that adminisration of the FTP server running Windows
> 2003 will be a burden, if it is not part of the domain.
>
> Is this a balance of risk versus administrative overhead.
>
> In principle, should I be running a Windows 2003 server on a DMZ as
> part of the domain on the LAN?
>
> TX in advance
>
> Maurice
>
> _________________________________
>
>
>
> NO, it should not be part of the domain!!!
>
> Are the 55 clients on the 'outside' or on your LAN? Your post is a bit
> confusing.
>
> "Maurice Bishop" <(E-Mail Removed)> wrote in message
> news:44025e37$0$82635$(E-Mail Removed)...
>> I have a need to host a FTP server on a LAN with approximately 55
>> clients. All of the clients need to access the FTP server to read and
>> write.
>>
>> Rather than open port 21 on the NAT firewall and forward the traffic
>> onto a local LAN IP address (insecure), I plan to put the FTP server
>> on the router DMZ (secure).
>>
>> As the DMZ is designed to let LAN traffic access the machine on the
>> DMZ, but deny access from the FTP server onto the LAN, what is the
>> correct way to setup the FTP server?
>>
>> Presently, the FTP server is loaded with Windows 2003 Sever R2 and
>> is part of the Windows 2003 domain, off the DMZ.
>>
>> Should the FTP server be a member of the Windows 2003 domain?
>>
>> TX for help in advance
>>
>> Maurice