BoB-O TiVo
Limp Gawd
- Joined
- Mar 25, 2004
- Messages
- 147
Hey all,
Currently I co-locate a 1U box that hosts my DNS, mail, web, etc. I'm bringing up a dev server to develop apps. These boxes run Windows Server 2003 and I can't change that. That said, the hoster provides me a CAT5 cable that gets me on the internet and 8 IP addresses that conveniently lie in a range that can be mask'ed. Both servers have 2 GbE ports. I'd like to firewall the boxes to the outside world ('cept for STD_PORTS), but allow them to talk to each other wide-open (this helps NT domain stuff, SQL replication, etc).
I've got two ideas how to accomplish this. The first involves a hardware firewall, and just plugging NIC1 from both boxes into the firewall. The second involves using two switches, connecting NIC1 from both to the first switch and connecting NIC2 to the second switch. The first switch would be uplinked to the internet and I'd use the software firewall on each NIC1. This would leave internal traffic going over NIC2.
My problem with each of these solutions is that I've never done either before.
The first one just confuses me WRT setting up the TCPIP settings on each box. Do they all point to the firewall as the gateway? my private DNS server for DNS? How is the firewall configured? does it use one of my 8 IPs, or do I get another IP on "their" network.?
The second one is a bit confusing because you have two subnets containing both machines. I'm not sure how to set up the DNS to make sure that there's no ambiguity.
Any help would be appreciated. Pointers to good books would be even more appreciated.
Thanks,
BoB
Currently I co-locate a 1U box that hosts my DNS, mail, web, etc. I'm bringing up a dev server to develop apps. These boxes run Windows Server 2003 and I can't change that. That said, the hoster provides me a CAT5 cable that gets me on the internet and 8 IP addresses that conveniently lie in a range that can be mask'ed. Both servers have 2 GbE ports. I'd like to firewall the boxes to the outside world ('cept for STD_PORTS), but allow them to talk to each other wide-open (this helps NT domain stuff, SQL replication, etc).
I've got two ideas how to accomplish this. The first involves a hardware firewall, and just plugging NIC1 from both boxes into the firewall. The second involves using two switches, connecting NIC1 from both to the first switch and connecting NIC2 to the second switch. The first switch would be uplinked to the internet and I'd use the software firewall on each NIC1. This would leave internal traffic going over NIC2.
My problem with each of these solutions is that I've never done either before.
The first one just confuses me WRT setting up the TCPIP settings on each box. Do they all point to the firewall as the gateway? my private DNS server for DNS? How is the firewall configured? does it use one of my 8 IPs, or do I get another IP on "their" network.?
The second one is a bit confusing because you have two subnets containing both machines. I'm not sure how to set up the DNS to make sure that there's no ambiguity.
Any help would be appreciated. Pointers to good books would be even more appreciated.
Thanks,
BoB