I NEED HELP with some Real World Network design!!!!

Discussion in 'Windows Networking' started by Zegra1, Jan 29, 2008.

  1. Zegra1

    Zegra1 Guest

    Hi Life Savers

    I’m new to “Real Word†networking and HOPE to find some HELP here answering
    some (stupid) questions.

    I work in a company of about 30 users. We have 1 windows server 2003 as PDC
    in Active directory domain. All clients are Windows XP Pro. The domain name
    is (petra.local) I have the PDC server also configured as DNS for local use.
    I use local IP addresses for LAN (100.100.100.X)

    Now the company is growing…they want to add:
    - One IIS Server that will host the company website (still under construction)
    - One Exchange server
    - One Firewall

    Here is what I want to know:

    1. How many Public IP addresses do we need? Will one public IP be enough for
    the whole company? Can I subnet the public IP address to additional Public
    IP addresses for the other servers Or do I need one Public IP for EACH of the
    3 new servers (FW, Exchange, IIS)

    2. If one IP address is enough, to which server I should assign it? To the
    Firewall or
    To the IIS

    4. Regarding the Firewall: Is it better to use a Hardware FW or a Software

    5. If the ISP provide us with a Hardware Firewall and I also use a Windows
    server 2003 as an additional Firewall with 2 NICs and set it up as NAT
    server, How do I configure the IP address of the server to go through the ISP

    6. Do I need to setup my own public DNS server or I can just rely on the ISP
    for DNS services?

    I REALLY appreciate your help guys
    Zegra1, Jan 29, 2008
    1. Advertisements

  2. Zegra1

    Nightlegend Guest

    1. How many Public IP addresses do we need? Will one public IP be enough for
    -You need only one public IP for the whole company although your ISP will
    give you an IP set ,for example to
    -It should be assigned to the firewall.
    -You can use ISA server 2004 or 2006 (Standard edition will be enough)
    -You will have to do that through the ADSL Router's control panel.
    Your internal DNS server should be replication with your ISP's DNS server
    ,but all the clients including servers and excluding the DNS server should
    use the Internal DNS server ,they shouldn't be allowed to DNS outside the
    local DNS server (you can set it up on the PDC server)

    Best regards
    Nightlegend, Jan 29, 2008
    1. Advertisements

  3. That is not a valid RFC Private Address. Do not give use "fake"
    numbers,...we have to make judgment calls based on what those numbers really
    are,..."fake" numbers = bad/flawed advise.
    One IP number
    ....On the Firewall
    All Firewalls run on software,...and all Firewalls running on software run
    on hardware. The answer is,...there is no "real" difference, and it is
    irrelevant. I use MS ISA Server and trust it totally,...you can buy it in
    both "software" and in a "hardware" format.
    Get rid of one of them. I see no point in creating the excessive complexity
    of a Back-to-Back DMZ unless you have the experience and skill to deal with
    such and have a good valid reason for having one.
    It's not "either/or".
    Both are required.

    All machines on the LAN (every last one of them) uses the AD/DNS on the DC.
    They should *never* use anything else anywhere. Then in the Config of the
    AD/DNS you add the ISP's DNS To the Forwarders List. You can optionally
    leave the list blank and the AD/DNS will use Root Hints.

    Make sure the Firewall allows the AD/DNS machine to make outbound DNS
    queries,...but the Firewall should *not* allow any other machine to do so in
    order to weed out machines with "rogue" DNS entries.
    Phillip Windell, Jan 29, 2008
  4. Hi - I replied, at some length, to your other post in
    microsoft.public.windows.server.general I'm quite sure that it was
    inadvertent on
    your part, but it is quite frustrating to spend a lot of time answering
    someone, just to find they've posted their identical message to another
    group. This is essentially asking people to duplicate the efforts of others.

    In the future, please don't multipost - if you need to post to multiple
    groups, it's best to crosspost instead, by posting a single message to a
    handful of relevant groups (separate the NG names with commas) so that
    everyone can follow the thread. Multiposting wastes everyone's time,
    including yours, and may lead to your actually getting *less* help rather
    than more.

    You should also consider using a news client, such as Forte Agent,
    Thunderbird, or even Outlook Express, rather than the pretty clunky web
    interface to the newsgroups. It's a lot easier to do nearly everything that
    way. You can mark messages to be watched, filter the views so you can see
    replies to your posts easily, and search - and crossposting is easier.

    The Microsoft public news server is msnews.microsoft.com and you can
    subscribe to as many groups as you like; no authentication is required.

    The following is from a post by MVP Malke ...

    Here's information on Usenet and using a newsreader:

    http://www.elephantboycomputers.com/page3.html#12-09-02 - a brief
    explanation of newsgroups
    - Set Up Newsreader

    http://aumha.org/nntp.htm - list of MS newsgroups
    microsoft.public.test.here - MS group to test if your newsreader is
    working properly
    http://www.mailmsg.com/SPAM_munging.htm - how to munge email address
    http://www.blakjak.demon.co.uk/mul_crss.htm - multiposting vs.

    Some newsreaders for Windows
    http://www.forteinc.com/agent/index.php - for Forte
    http://www.mozilla.org (Thunderbird does newsgroups)

    Lanwench [MVP - Exchange], Jan 29, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.