Router Information Please.

Hello,

I am in need of information on a router that can be used in a small web
hosting enviroment.

about 6months ago a very nice group of this community helped me witht the
multiple IP's on one web server running 2003 ent. edition.

I am about to upgrade to a T1 and a C block of 256 public IP's.
We panned out the SSL part by comming to the conclusion that a Watchgaurd or
Sonicwall router is what I needed.

My question is, I have never seen the interfaces of this type of router so
how does each public IP get assigned to the one NIC? Virtual LAN?

e.g. Public IP xxx.xxx.xxx.120 to router/ Router to Internal IP 192.168.1.4
Second Public Ip to router xxx.xxx.xxx.130 Router to same NIC for SSL
enabled site same box, same NIC?

Thank You
Joe

Hi,

Joe wrote:
> I am in need of information on a router that can be used in a small
> web hosting enviroment.

You say "router" (and you will have one of those too), but it really sounds
like you mean "firewall" here.

> I am about to upgrade to a T1 and a C block of 256 public IP's.
> We panned out the SSL part by comming to the conclusion that a
> Watchgaurd or Sonicwall router is what I needed.

Probably not.

> e.g. Public IP xxx.xxx.xxx.120 to router/ Router to Internal IP
> 192.168.1.4 Second Public Ip to router xxx.xxx.xxx.130 Router to same
> NIC for SSL enabled site same box, same NIC?

In this situation -- protecting a web server (or several) with a large
number of public IP addresses -- you probably should look at transparent
bridging firewalls:

http://www.google.com/search?hl=en&q...arent+firewall

--
Chris Priede

Thank you Chris for your reply,

So what is the routing capability of the public IP to the intenal this is
the confusing part. How to get the IP's routed to that one NIC.

I am going to look over the info at Cisco thanks


J0e

"Chris Priede" wrote:

> Hi,
>
> Joe wrote:
> > I am in need of information on a router that can be used in a small
> > web hosting enviroment.
>
> You say "router" (and you will have one of those too), but it really sounds
> like you mean "firewall" here.
>
> > I am about to upgrade to a T1 and a C block of 256 public IP's.
> > We panned out the SSL part by comming to the conclusion that a
> > Watchgaurd or Sonicwall router is what I needed.
>
> Probably not.
>
> > e.g. Public IP xxx.xxx.xxx.120 to router/ Router to Internal IP
> > 192.168.1.4 Second Public Ip to router xxx.xxx.xxx.130 Router to same
> > NIC for SSL enabled site same box, same NIC?
>
> In this situation -- protecting a web server (or several) with a large
> number of public IP addresses -- you probably should look at transparent
> bridging firewalls:
>
> http://www.google.com/search?hl=en&q...arent+firewall
>
> --
> Chris Priede
>
>
>

Hi,

Joe wrote:
> So what is the routing capability of the public IP to the intenal
> this is the confusing part. How to get the IP's routed to that one
> NIC.

With a transparent firewall, the whole point is you don't: the web server
would be assigned public IP addresses directly. The firewall would be
placed in front of it and function as a transparent box that filters what
gets through; it would not change addresses or route anything.

Perhaps your question is how to assign more than one address to a network
card?

--
Chris Priede

Chris you are correct,

I did not know this was the function of the transparent firewall. Also the
second question is what I am after. But I just learned here something very
valuable thank you

(Perhaps your question is how to assign more than one address to a network
card?)

Yes this is correct can it be done this way also with a good router?

Please and thank you,
Joe



"Chris Priede" wrote:he

> Hi,
>
> Joe wrote:
> > So what is the routing capability of the public IP to the intenal
> > this is the confusing part. How to get the IP's routed to that one
> > NIC.
>
> With a transparent firewall, the whole point is you don't: the web server
> would be assigned public IP addresses directly. The firewall would be
> placed in front of it and function as a transparent box that filters what
> gets through; it would not change addresses or route anything.
>
> Perhaps your question is how to assign more than one address to a network
> card?
>
> --
> Chris Priede
>
>
>

Joe wrote:
> (Perhaps your question is how to assign more than one address to a
> network card?)
> Yes this is correct can it be done this way also with a good router?

You would simply assign additional addresses in TCP/IP properties on the
server:

http://www.windowsnetworking.com/art.../multiipa.html

If you use a transparent firewall, then you will be assigning your public IP
addresses and will be done. If you use a NAT firewall, then you will assign
private addresses and have to configure your firewall to forward each public
IP address to a specific private address.

Either will work (for a NAT firewall, you would want to make sure it
supports many-to-many translation for the required number of clients), but
the transparent firewall setup would be easier to set up initially and
easier to manage: if you need to add or move your address assignments
between servers, you can do so without having to worry about any firewall
rules. Additionally, if you are eventually going to host other services
(besides HTTP/HTTPS), some may have issues with servers behind NAT and it
would be easier to not have that in the way.

--
Chris Priede

Hello Chris

I see so in order to do this with a NAT router the router would have to have
an interface that supports each public IP and the ability to assign many
Private IP's to that web server.

I have my servers behind two routers now that I don't think supports this
and If I were to change the setup now I would loose my connectivity with my
mailservers.

I have one router with IP 192.168.1.1 (Webserver connected to it and a
mailserver)
I have the second router IP 192.168.1.2 ( DC/AD and mailserver)
the DHCP is enabled on the 1.1 router
This works well for me and all ports forwarded to the repective port.

I see a red flag here when wanting to install a transparent firewall I see
it as removing the present routers and this I cannot do right now(ormaybe I
can). I wish this information was available to me then.I wanted to do this in
the begining.

So what does transparent firewall run these days? $$$
What would I do to reconfig this setup to accomadate the trans firewall?
and if I cannot use this what router out there will do what i want?

Love to hear some suggestions please

Signed
willing to make it work

Thank You
Joe

"Chris Priede" wrote:

> Joe wrote:
> > (Perhaps your question is how to assign more than one address to a
> > network card?)
> > Yes this is correct can it be done this way also with a good router?
>
> You would simply assign additional addresses in TCP/IP properties on the
> server:
>
> http://www.windowsnetworking.com/art.../multiipa.html
>
> If you use a transparent firewall, then you will be assigning your public IP
> addresses and will be done. If you use a NAT firewall, then you will assign
> private addresses and have to configure your firewall to forward each public
> IP address to a specific private address.
>
> Either will work (for a NAT firewall, you would want to make sure it
> supports many-to-many translation for the required number of clients), but
> the transparent firewall setup would be easier to set up initially and
> easier to manage: if you need to add or move your address assignments
> between servers, you can do so without having to worry about any firewall
> rules. Additionally, if you are eventually going to host other services
> (besides HTTP/HTTPS), some may have issues with servers behind NAT and it
> would be easier to not have that in the way.
>
> --
> Chris Priede
>
>
>
>

Chris I have been looking all over the net and I cannot get a grasp on this
transparent firewall. Information is vague.

Is it a software or hardware?
Where is it placed?
What are you bridging?
Are routers used?

I cannot seem to find ths right way to do this. But I am willing to try I
would love to have the public IP's routed directly to the server.

Thank you
Joe

"Joe" wrote:

> Chris you are correct,
>
> I did not know this was the function of the transparent firewall. Also the
> second question is what I am after. But I just learned here something very
> valuable thank you
>
> (Perhaps your question is how to assign more than one address to a network
> card?)
>
> Yes this is correct can it be done this way also with a good router?
>
> Please and thank you,
> Joe
>
>
>
> "Chris Priede" wrote:he
>
> > Hi,
> >
> > Joe wrote:
> > > So what is the routing capability of the public IP to the intenal
> > > this is the confusing part. How to get the IP's routed to that one
> > > NIC.
> >
> > With a transparent firewall, the whole point is you don't: the web server
> > would be assigned public IP addresses directly. The firewall would be
> > placed in front of it and function as a transparent box that filters what
> > gets through; it would not change addresses or route anything.
> >
> > Perhaps your question is how to assign more than one address to a network
> > card?
> >
> > --
> > Chris Priede
> >
> >
> >

Try this for an explanation-

http://www.cisco.com/E-Learning/bulk...2/default.htm#



"Joe" <(E-Mail Removed)> wrote in message
news:1466458E-3731-44D0-B0DA-(E-Mail Removed)...
> Chris I have been looking all over the net and I cannot get a grasp on
this
> transparent firewall. Information is vague.
>
> Is it a software or hardware?
> Where is it placed?
> What are you bridging?
> Are routers used?
>
> I cannot seem to find ths right way to do this. But I am willing to try I
> would love to have the public IP's routed directly to the server.
>
> Thank you
> Joe
>
> "Joe" wrote:
>
> > Chris you are correct,
> >
> > I did not know this was the function of the transparent firewall. Also
the
> > second question is what I am after. But I just learned here something
very
> > valuable thank you
> >
> > (Perhaps your question is how to assign more than one address to a
network
> > card?)
> >
> > Yes this is correct can it be done this way also with a good router?
> >
> > Please and thank you,
> > Joe
> >
> >
> >
> > "Chris Priede" wrote:he
> >
> > > Hi,
> > >
> > > Joe wrote:
> > > > So what is the routing capability of the public IP to the intenal
> > > > this is the confusing part. How to get the IP's routed to that one
> > > > NIC.
> > >
> > > With a transparent firewall, the whole point is you don't: the web
server
> > > would be assigned public IP addresses directly. The firewall would be
> > > placed in front of it and function as a transparent box that filters
what
> > > gets through; it would not change addresses or route anything.
> > >
> > > Perhaps your question is how to assign more than one address to a
network
> > > card?
> > >
> > > --
> > > Chris Priede
> > >
> > >
> > >

Neteng Thank you,

This helped tremendously.

So this is a piece of hardware i must purchase in order to perform this
funtion?

Or can ant router do this?

Joe

"Joe" wrote:

> Hello Chris
>
> I see so in order to do this with a NAT router the router would have to have
> an interface that supports each public IP and the ability to assign many
> Private IP's to that web server.
>
> I have my servers behind two routers now that I don't think supports this
> and If I were to change the setup now I would loose my connectivity with my
> mailservers.
>
> I have one router with IP 192.168.1.1 (Webserver connected to it and a
> mailserver)
> I have the second router IP 192.168.1.2 ( DC/AD and mailserver)
> the DHCP is enabled on the 1.1 router
> This works well for me and all ports forwarded to the repective port.
>
> I see a red flag here when wanting to install a transparent firewall I see
> it as removing the present routers and this I cannot do right now(ormaybe I
> can). I wish this information was available to me then.I wanted to do this in
> the begining.
>
> So what does transparent firewall run these days? $$$
> What would I do to reconfig this setup to accomadate the trans firewall?
> and if I cannot use this what router out there will do what i want?
>
> Love to hear some suggestions please
>
> Signed
> willing to make it work
>
> Thank You
> Joe
>
> "Chris Priede" wrote:
>
> > Joe wrote:
> > > (Perhaps your question is how to assign more than one address to a
> > > network card?)
> > > Yes this is correct can it be done this way also with a good router?
> >
> > You would simply assign additional addresses in TCP/IP properties on the
> > server:
> >
> > http://www.windowsnetworking.com/art.../multiipa.html
> >
> > If you use a transparent firewall, then you will be assigning your public IP
> > addresses and will be done. If you use a NAT firewall, then you will assign
> > private addresses and have to configure your firewall to forward each public
> > IP address to a specific private address.
> >
> > Either will work (for a NAT firewall, you would want to make sure it
> > supports many-to-many translation for the required number of clients), but
> > the transparent firewall setup would be easier to set up initially and
> > easier to manage: if you need to add or move your address assignments
> > between servers, you can do so without having to worry about any firewall
> > rules. Additionally, if you are eventually going to host other services
> > (besides HTTP/HTTPS), some may have issues with servers behind NAT and it
> > would be easier to not have that in the way.
> >
> > --
> > Chris Priede
> >
> >
> >
> >