Two devices listening on the same ports?

[Virtus]

I have an extra MS small business server that I'm thinking about integrating into a buddy's network. It uses ports 80 and 443 for a number of things. From what I understand I can't change the ports.

He currently has another device (alarms system I think) that uses the same ports. They can't be changed either.

Is it possible to set up both devices behind a router? I think the best way to do this is to purchase another static IP address, but I thought I'd put the question out there and try to save a few $$.

 

[Jay_2]

Just do port translation on the router.

 

[randyc]

What do you mean integrating into?

Do you live in the same physical place and want to combine networks? or are you in different places and building a VPN to each other?

 

[Virtus]

It's all in one location, so I mean physically adding the SBS server to the network. Currently there are several computers / devices behind a basic router.

We were going to put the MS SBS server behind the router (mainly to take advantage of its built-in exchange server). So it would go: DSL modem -> Router -> Dual NIC SBS Server -> Switch ->Other computers.

Obviously I'm not a network technician, but I'm told that I can get a second IP address, put a switch between the DSL modem and the router, and connect the alarm to the switch.

 

[xxEIEIOxx]

Obviously I'm not a network technician, but I'm told that I can get a second IP address, put a switch between the DSL modem and the router, and connect the alarm to the switch.

If you are ultimately need to have both of these devices connect and listen on public IPs on the same ports... if I am understanding what you are saying, you could connect the alarm to the switch, with a public IP, and the router would also connect to the switch with a public IP, then port forward the ports 80 and 443 from the router to the SBS.... this would work if it is what I understand you are trying to accomplish. Then you could connect other private IP devices to the router that did not need to listen to any public ports.

 

[ciggwin]

Wouldn't you only need that second public IP address if you didn't want to set up port translation OR if the alarm system doesn't need to be externally accessible?

 

[Grentz]

Explanation:

An IP Address can only have one device listening on each port and the ports range from 0 - 65535. Some ports are used for specific things, for example port 80 is standard web traffic (and what a browser will look at if you dont specify a port on a url), 443 is secure web traffic, 21 is ftp, etc. You dont HAVE to use those ports for those services, but they are what the standards are.
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

The port gets added to an ip when you are typing in a browser as such: ipaddressortnumber (ex. 192.168.1.1:21). The fun part is that most of us run our devices behind a NAT router that gives us private IP addresses that our devices use within our networks. That's why we can get by with a single Public IP address and it is where port forwarding and translation come into play.

Public IP --> Modem --> Router --> Private IP Addresses (Internal Devices)


Example

So, lets throw up an example. Say you have the following servers:
-Webserver A running at 192.168.1.10 on Port 80
-Webserver B running at 192.168.1.20 on Port 80
-FTP Server running at 192.168.1.30 on Port 21

Our public IP address is 75.75.75.75

First webserver A is simple. In the router we forward Port 80 to Port 80 at 192.168.1.10. Now if we go to 75.75.75.75:80 externally we will get to Webserver A. This is simple port forwarding as we are forwarding from port 80 to port 80.

Next we setup Webserver B on public port 8080. In the router we forward Port 8080 to Port 80 at 192.168.1.20. Now if we go to 75.75.75.75:8080 externally we will get to Webserver B. This is port translation as the router is directing external port 8080 to internal port 80.

Finally we setup FTP Server on public port 21. In the router we forward Port 21 to Port 21 at 192.168.1.10. Now if we go to 75.75.75.75:21 externally we will get to the FTP server. This is simple port forwarding as we are forwarding from port 21 to port 21.


Multiple Public IPs

Getting another Public IP effectively allows you to run two things on each port as you have two public IPs you can forward from. So say now you get 75.75.75.76 in addition to 75.75.75.75. You could now run Webserver A on Port 80 of 75.75.75.75 while also running Webserver B on Port 80 of 75.75.75.76.


How it all applies back to your situation

You could effectively do a few different things. One is simple port translation. Pick the ports you want to access the devices on externally and use port translation in your router to set them up on separate external ports.

Next is your dual public IP example where you could use the same ports on both since you would effectively have two of every port to play with.

 

[Virtus]

Thanks for all the info - we ended going with a second IP address. Since we can't change the ports on either end, port translation didn't look like it would work. The alarm company always looks at ports 80/443. The alarm always listens at 80/443. So no flexibility there.

On the positive side, we were able to put a second wireless router on the new IP address so now we have a wifi access point for guests that is completely isolated from the rest of the network.

 

[ciggwin]

Explanation:

An IP Address can only have one device listening on each port and the ports range from 0 - 65535. Some ports are used for specific things, for example port 80 is standard web traffic (and what a browser will look at if you dont specify a port on a url), 443 is secure web traffic, 21 is ftp, etc. You dont HAVE to use those ports for those services, but they are what the standards are.
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

The port gets added to an ip when you are typing in a browser as such: ipaddressortnumber (ex. 192.168.1.1:21). The fun part is that most of us run our devices behind a NAT router that gives us private IP addresses that our devices use within our networks. That's why we can get by with a single Public IP address and it is where port forwarding and translation come into play.

Public IP --> Modem --> Router --> Private IP Addresses (Internal Devices)


Example

So, lets throw up an example. Say you have the following servers:
-Webserver A running at 192.168.1.10 on Port 80
-Webserver B running at 192.168.1.20 on Port 80
-FTP Server running at 192.168.1.30 on Port 21

Our public IP address is 75.75.75.75

First webserver A is simple. In the router we forward Port 80 to Port 80 at 192.168.1.10. Now if we go to 75.75.75.75:80 externally we will get to Webserver A. This is simple port forwarding as we are forwarding from port 80 to port 80.

Next we setup Webserver B on public port 8080. In the router we forward Port 8080 to Port 80 at 192.168.1.20. Now if we go to 75.75.75.75:8080 externally we will get to Webserver B. This is port translation as the router is directing external port 8080 to internal port 80.

Finally we setup FTP Server on public port 21. In the router we forward Port 21 to Port 21 at 192.168.1.10. Now if we go to 75.75.75.75:21 externally we will get to the FTP server. This is simple port forwarding as we are forwarding from port 21 to port 21.


Multiple Public IPs

Getting another Public IP effectively allows you to run two things on each port as you have two public IPs you can forward from. So say now you get 75.75.75.76 in addition to 75.75.75.75. You could now run Webserver A on Port 80 of 75.75.75.75 while also running Webserver B on Port 80 of 75.75.75.76.


How it all applies back to your situation

You could effectively do a few different things. One is simple port translation. Pick the ports you want to access the devices on externally and use port translation in your router to set them up on separate external ports.

Next is your dual public IP example where you could use the same ports on both since you would effectively have two of every port to play with.

Great explanation - easy to comprehend

Is there any way to take what you have above, when you only have one external IP, and use domain names instead of IP with port number? Or would you need to have a separate IP that your domain name points to?

I know it's easy if you are just giving out IP + port number, but when domains come into play, isn't it different?

 

[Grentz]

Great explanation - easy to comprehend

Is there any way to take what you have above, when you only have one external IP, and use domain names instead of IP with port number? Or would you need to have a separate IP that your domain name points to?

I know it's easy if you are just giving out IP + port number, but when domains come into play, isn't it different?

Domain names (and more specifically DNS) are port agnostic. IE they do not take ports into account. This is really a limitation in some regards, but a good thing in others (keeps things a bit easier overall).

The reason you get websites when you type in a domain is that browsers by default look at port 80 to find the site (http://). If you type in https:// they look for port 443. Type in ftp:// they look at port 21. Etc.

The domain name really just takes the place of an IP. So you can do yourdomain.comortnumber just like in the IP example above.

Now, to get your IP a domain name depends on if you have a static IP or a dynamic (changing) IP. Most home ISP lines are dynamic. If you have a static it is as simple as adding the IP to your DNS zone file for the domain. If you have a dynamic you will need to use something like dyndns.org. I actually use a dyndns.org free domain and CNAME my domain name to that domain name which is a little more finicky, but it can work.

 

[Electrofreak]

Maybe I missed something in this thread but why couldn't the OP just have used port mirroring on a managed switch?

 

[-Dragon-]

Port mirroring on a router/switch doesn't have anything to do with protocol ports, it's literally copying all the data from one physical port or vlan to another physical port, used for troubleshooting and monitoring of all traffic on that particular port or vlan.

 

[systemx]

Kind of late with my reply since you already got another Public IP, but.. you should've forwarded 443 to SBS only. Forwarding 80 is not really necessary as it is used on the internal lan only and not required from the internet.

Anything coming from the internet going to SBS should go via 443. (assuming you're doing SBS2008 or SBS2011 at least)

 

[Electrofreak]

Port mirroring on a router/switch doesn't have anything to do with protocol ports, it's literally copying all the data from one physical port or vlan to another physical port, used for troubleshooting and monitoring of all traffic on that particular port or vlan.

I know that, I use it for wireshark captures. I'm not confusing TCP/UDP ports with the physical access ports. But as such, it would allow 2 devices on separate access ports to listen to data on the same TCP/UDP ports, amirite?