Re: Multiple web site behind firewall

From: x y (levinson_k@excite.com)
Date: 01/17/03 

From: "x y" <levinson_k@excite.com>
Date: Fri, 17 Jan 2003 15:41:35 -0500

"Scott O." <unvrslscott@yahoo.com> wrote in message
news:O8zBdAmvCHA.2556@TK2MSFTNGP10...
> System: w2k servers, firewall w/dmz
>
>
> I have a firewall with ports opened to internal LAN web server. I want to
> host multiple web sites. These sites need to have their own public IP
> addresses associated with them (for SSL). I have a machine running
External
> DNS. I have a firewall with HTTP/HTTPS ports opened to the internal web
> site. In order to direct IP requests to the machine on the LAN do I need
to
> set additional IP addresses up on the external DNS machine passing them
onto
> the fire wall?

The HTTPS sites either need a new IP address or a different port number
other than TCP 443.

The HTTP sites can either use the above methods, or maybe even better, you
can use host headers to use the same IP address and port number but a
different DNS name.

Combining these, you could set it up this way. This might be easiest for
your users. Have one site http://www.domain.com that has just a redirect
script such as <% Response.Redirect https://www.domain.com %> to point users
to the https: site. Then, have another web site at http://games.domain.com
or http://www.domain2.com with a redirect script that points users to
https://games.domain.com:444 or https://www.domain2.com:444 [if all sites
are using the same single IP address] or to https://games.domain.com or
https://www.domain2.com [if you are using a second IP address for the second
site].

You can't use host headers on HTTPS sites, but you can use them on the HTTP
sites that point to the HTTPS sites.

In any event, you would want to add games.domain.com or www.domain2.com into
DNS, and make sure your routers and/or firewalls know where to route the new
IP address to. You can put multiple IP addresses onto one network card.

For more info, www.iisfaq.com has answers to this and lots of common
questions.

Relevant Pages

  • Re: Multiple Domain on one server- 553 errors
    ... Host mail.abccorporation.com SSS.TTT.DDD.EEE ... Here is how I have my Internal DNS ... The firewall does not filter domains. ... there any SMTP scanner between the internet and the front-end server. ...
    (microsoft.public.exchange.connectivity)
  • Re: Please help me get hands around this issue...
    ... Jim Harrison (ISA SE) ... I've added an A record to our internal DNS and our DNS host has also added an A record. ... I still can't reach the site from behind the firewall. ...
    (microsoft.public.isa.configuration)
  • Re: Whose DNS do I use for Win2K3 R2 IIS in DMZ?
    ... create host records for those hosts but instead of them ... But what about the DNS on the DMZ server, ... Just manually add an entry in your internal DNS Server that point to the DMZ ... Most firewall won't like going out and in again. ...
    (microsoft.public.windows.server.general)
  • Re: Force DNS to resolve external hosts locally?
    ... BUT without having the internal clients DNS ... queries go out to the ISP DNS and back to through our firewall to the ... LAN. ... one new host record, leave the name field blank and give it the internal IP ...
    (microsoft.public.windows.server.dns)
  • Re: Host Computer with ICS cannot be accessed
    ... I have the Main (Host) computer with XP SP1 which is the ICS computer on a ... firewall settings, not that I've found so far, but I'll keep looking. ... >>connection, I can check or uncheck the firewall setting to allow others on ... Is there a way I can tell my Host server to allow the Client ...
    (microsoft.public.windowsxp.network_web)
Quantcast