IP Routing & Subnetting

Neil

Distinguished
Dec 31, 2007
569
0
18,980
Archived from groups: microsoft.public.windowsnt.protocol.tcpip (More info?)

I have a network with a NAT router - 192.168.0.2,
a Domain Controller (2003) - 192.168.0.1,
and a series of workstations - 192.168.0.100 and upwards.
All have subnet masks of 255.255.255.0.
I want to put a webserver on this network, which is not on the domain and
has its own security policies etc.
I want incoming traffic from the router on ports 53 & 80 routed to this box,
but I don't want it to be able to see any of the client workstations or the
DC and vice versa.
So to all intents and purposes, as far as the main network is concerned,
this box won't exist!
How do I configure the IP addressing / subnet masks to do this?
Neil
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.protocol.tcpip (More info?)

Ideally, you'd place this system in a DMZ, which is neither a part of the
local IP network, nor attached to the same switch. That's the only really
foolproof way to do what you need to do.

"Neil" <bringonthefootie@hotmail.com> wrote in message
news:O7k5oJBOEHA.2944@TK2MSFTNGP10.phx.gbl...
> I have a network with a NAT router - 192.168.0.2,
> a Domain Controller (2003) - 192.168.0.1,
> and a series of workstations - 192.168.0.100 and upwards.
> All have subnet masks of 255.255.255.0.
> I want to put a webserver on this network, which is not on the domain and
> has its own security policies etc.
> I want incoming traffic from the router on ports 53 & 80 routed to this
box,
> but I don't want it to be able to see any of the client workstations or
the
> DC and vice versa.
> So to all intents and purposes, as far as the main network is concerned,
> this box won't exist!
> How do I configure the IP addressing / subnet masks to do this?
> Neil
>
>
 

Neil

Distinguished
Dec 31, 2007
569
0
18,980
Archived from groups: microsoft.public.windowsnt.protocol.tcpip (More info?)

Does this mean that I need more than 1 external IP address?

"Keith W. McCammon" <km@km.com> wrote in message
news:uZ6clOCOEHA.3452@TK2MSFTNGP10.phx.gbl...
> Ideally, you'd place this system in a DMZ, which is neither a part of the
> local IP network, nor attached to the same switch. That's the only really
> foolproof way to do what you need to do.
>
> "Neil" <bringonthefootie@hotmail.com> wrote in message
> news:O7k5oJBOEHA.2944@TK2MSFTNGP10.phx.gbl...
> > I have a network with a NAT router - 192.168.0.2,
> > a Domain Controller (2003) - 192.168.0.1,
> > and a series of workstations - 192.168.0.100 and upwards.
> > All have subnet masks of 255.255.255.0.
> > I want to put a webserver on this network, which is not on the domain
and
> > has its own security policies etc.
> > I want incoming traffic from the router on ports 53 & 80 routed to this
> box,
> > but I don't want it to be able to see any of the client workstations or
> the
> > DC and vice versa.
> > So to all intents and purposes, as far as the main network is concerned,
> > this box won't exist!
> > How do I configure the IP addressing / subnet masks to do this?
> > Neil
> >
> >
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.protocol.tcpip (More info?)

Ideally, although it depends on the firewall. You could also set up an
internal VLAN for the system in question, which would give you a similar
measure of security (not the same, but similar) without having to do much on
the outside.

"Neil" <bringonthefootie@hotmail.com> wrote in message
news:ukrWK5COEHA.3380@TK2MSFTNGP11.phx.gbl...
> Does this mean that I need more than 1 external IP address?
>
> "Keith W. McCammon" <km@km.com> wrote in message
> news:uZ6clOCOEHA.3452@TK2MSFTNGP10.phx.gbl...
> > Ideally, you'd place this system in a DMZ, which is neither a part of
the
> > local IP network, nor attached to the same switch. That's the only
really
> > foolproof way to do what you need to do.
> >
> > "Neil" <bringonthefootie@hotmail.com> wrote in message
> > news:O7k5oJBOEHA.2944@TK2MSFTNGP10.phx.gbl...
> > > I have a network with a NAT router - 192.168.0.2,
> > > a Domain Controller (2003) - 192.168.0.1,
> > > and a series of workstations - 192.168.0.100 and upwards.
> > > All have subnet masks of 255.255.255.0.
> > > I want to put a webserver on this network, which is not on the domain
> and
> > > has its own security policies etc.
> > > I want incoming traffic from the router on ports 53 & 80 routed to
this
> > box,
> > > but I don't want it to be able to see any of the client workstations
or
> > the
> > > DC and vice versa.
> > > So to all intents and purposes, as far as the main network is
concerned,
> > > this box won't exist!
> > > How do I configure the IP addressing / subnet masks to do this?
> > > Neil
> > >
> > >
> >
> >
>
>
 

TRENDING THREADS