Guest Zegra1 Posted January 29, 2008 Posted January 29, 2008 Hi Life Savers I’m new to “Real Word” networking and HOPE to find some HELP here answering some (stupid) questions. I work in a company of about 30 users. We have 1 windows server 2003 as PDC in Active directory domain. All clients are Windows XP Pro. The domain name is (petra.local) I have the PDC server also configured as DNS for local use. I use local IP addresses for LAN (100.100.100.X) Now the company is growing…they want to add: - One IIS Server that will host the company website (still under construction) - One Exchange server - One Firewall Here is what I want to know: 1. How many Public IP addresses do we need? Will one public IP be enough for the whole company? Can I subnet the public IP address to additional Public IP addresses for the other servers Or do I need one Public IP for EACH of the 3 new servers (FW, Exchange, IIS) 2. If one IP address is enough, to which server I should assign it? To the Firewall or To the IIS 4. Regarding the Firewall: Is it better to use a Hardware FW or a Software one? 5. If the ISP provide us with a Hardware Firewall and I also use a Windows server 2003 as an additional Firewall with 2 NICs and set it up as NAT server, How do I configure the IP address of the server to go through the ISP Firewall. 6. Do I need to setup my own public DNS server or I can just rely on the ISP for DNS services? I REALLY appreciate your help guys
Guest Lanwench [MVP - Exchange] Posted January 29, 2008 Posted January 29, 2008 Re: NEED Help with Basic Networking Questions Zegra1 <Zegra1@discussions.microsoft.com> wrote: > Hi Life Savers > > I'm new to "Real Word" networking and HOPE to find some HELP here > answering some (stupid) questions. These questions aren't stupid at all. > > I work in a company of about 30 users. We have 1 windows server 2003 > as PDC in Active directory domain. All clients are Windows XP Pro. > The domain name is (petra.local) I have the PDC server also > configured as DNS for local use. I use local IP addresses for LAN > (100.100.100.X) I do hope that isn't your real IP subnet (there's no need to "mask" information like that), as it isn't one that's designated for use on LANs, as are the following: 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 I'd avoid 192.168.x.x as it's so commonly used & you'll run into problems with users on VPN. I personally like 172.16.x.x/24 as it isn't as common. All else looks good (altho' note, technically speaking, in active directory, there's no such thing as a PDC/BDC - all DCs are peers with the exception of FSMO roles) > > Now the company is growing.they want to add: > - One IIS Server that will host the company website (still under > construction) Ouch. Do not put this on your LAN at all. If you must host it in-house--which is generally *not* recommended for a small business--put it in a properly secured DMZ (demilitarized zone) so you aren't allowing that traffic onto your LAN at all. Really, decent webhosting accounts in datacenters are so inexpensive nowadays I can't see why one would bother with this myself! > - One Exchange server OK. Exchange 2007, I presume. I suggest you post your Exchange-specific questions in microsoft.public.exchange.admin - and if you haven't set this up before, you may wish to get an experienced consultant in to help you. > - One Firewall > Here is what I want to know: > > 1. How many Public IP addresses do we need? Will one public IP be > enough for the whole company? Can I subnet the public IP address to > additional Public IP addresses for the other servers Or do I need one > Public IP for EACH of the 3 new servers (FW, Exchange, IIS) Your firewall should be doing NAT for you, so as long as you don't need to publish multiple servers inside your LAN on the same listening port, it isn't a big deal to have just one. However, I tend to ask for a block of 5 usable, just in case. > > 2. If one IP address is enough, to which server I should assign it? > To the Firewall Well, the WAN interface on your firewall will *need* a public IP, so if you have only one, that's of course where it goes. No servers or workstations inside your firewall should use a public IP at all. Rules and ACLs should handle everything else when it comes to traffic. You likely won't be running your firewall on a server. I'd recommend a hardware appliance such as a SonicWALL. > or > To the IIS I really suggest you ditch this idea! That said, if you do, and if you go for a SonicWALL,etc., you can use the OPT port as a DMZ (you'd assign another public & private address to that). > > 4. Regarding the Firewall: Is it better to use a Hardware FW or a > Software one? Technically, all firewalls are software. However, I would go with a Sonicwall, Watchguard, or Cisco, if it were me. > > 5. If the ISP provide us with a Hardware Firewall They won't (or, if they do, it'll be a crappy one) - buy your own. > and I also use a > Windows server 2003 as an additional Firewall with 2 NICs and set it > up as NAT server, How do I configure the IP address of the server to > go through the ISP Firewall. Don't do this as written above - don't turn a perfectly good Windows server into an imperfect firewall. Get an appliance. That said, ISA is another option - but that's more $, may not fit your needs, and even with ISA I'd want a firewall appliance between it & the router. > > 6. Do I need to setup my own public DNS server or I can just rely on > the ISP for DNS services? Your public DNS should be hosted by someone else, and ideally not your ISP (they tend not to be very good at it). Godaddy, DynDNS, are better options. Whatever you do, do not attempt to host your public DNS in house. > > > I REALLY appreciate your help guys (and gals, one hopes)
Recommended Posts