Srver Networking issues, help needed!

Hi there,
I have a bit of a problem on my network.
i currently work from home and i have been asked by 2 small companies to run their servers on my home network.
I have received all of the PC's and set them up.
I have requested a block of 8 static ip's from my ISP, i also have a static WAN ip assigned.
basically i need to be able to run BOTH servers on my network both with static IP address's and both able to receive in on port 80 and also port 21.

My router will allow me to port forward to 1 of the servers and all works fine, vpn, ftp etc etc.
I am using a WAG354G router and am wondering if this specific router will allow me to foward traffic to 2 separate ip's.

I am aware that this method is a bit srange as normally one would be a web server and one would be ftp, however as it is 2 different companies they have requested that the servers be kept separate.

Neither company are in a position to have their server on their premises.

Any help would be greatly appreciated!
Kind Regrds
John

I use separate routers on each public IP with separate internal LANs.

Hi there Doug,
Thank-you for the response.
So, just to confirm.

I would use a standard modem to receive a connection.
I would have 2 x routers plugged into the modem which would both be assigned a different one of my ISP static ip's.
i would then plug 1 server into each Rouer and just use a static lan address like 192.168.1.* (different one for each)

obviously i would then forward the relevant ports on each router to the ip of each server.

Then i would point my domain names to the static ip of the relevant router?

Is this something along the right lines?

Regards

If you're only going to have one device plugged into each router I think you can bypass the router entirely.

Take a standard modem, plug it into a switch, then plug each server into the switch as well and configure the servers to use the static IP's assigned to you by your ISP.

E-Oreo
Thanks for the reply.
Cunning, very cunning!

I have tried loads of different ways with my current Linksys router but to no avail.
(might have been making it difficult for myself.!)
Was all about ready to go and buy another router to try out the other option, although i suppose going forward, having 2 routers would give me more control on the ports, however, i will try it the way that you said and see how i get on......

I bet it works! will let you know

Regards

Basically yes. I have my fiber modem connected to a switch and 4 different routers connected to that switch, each router configured for a different public IP. My LAN segments are not interconnected in any way and I use the same 192.168.0.x subnet on each LAN.

This works for me, I have a couple differrent clients servers located here and they stay completely separate.

I don't like to have any computers directly connected to the internet without a router, I like the extra security provided by a hardware firewall. If you have no router/firewall and you are doing some server reconfiguration that requires stopping your server firewall you are suddenly exposed to the internet and vulnerable to any potential hack attempts.

I agree.
I did try the other method mentioned with the switch, however SBS 2008 doesn't like being assigned anything in LAN apart from a 192.168.1.* ip, for some reason it kicks up a fuss.
Therefore i think the method you have kindly explained will work a bit better for me.
I have managed to dig an old modem out of the cupboard and obtain 2 routers, (although not exactly the same).

Will try it tonight.

Once again thank-you for your posts thus far.
Regards

Hi there Doug,

I have tried and tried this.
I ended up going out and buying a new modem and an additional router.
My kit list is as follows now:
Netgear DM111P Modem
Netgear FS108 Switch
Linksys WAG354G
Linksys WAG354G

i have obviously managed to connect my modem to the net and again i can connect this to the switch and the net will pass through that - standard.
My modem is assigned with the static WAN IP that my ISP gave me when i set my account up.
As i said previously i have also purchased from them a block of 8 IP Address's (i know i cannot use the first and last ip in this block).
If i connect my first router to the switch and put my laptop into the router and login i am met withe the Internet ip settings and also my LAN settings IP.
My question is how do i assign the static Public IP to my routers.
i can forward the relevant ports etc to the server but i am getting a bit confused with the IP's.

currently the ip's are:

WAN IP from ISP
(Modem)
Lan = 192.168.0.1
(Switch)
Router 1 = (local 192.168.1.1)
Router 2 = (local 192.168.1.1)

With no change to my routers the internet goes through both of them when connected to the switch so i know that the net will get to my server's it is just an IP issue now.

can you help?

Kind Regards

I don't have one of these routers at home, but I have use a couple of them at work, so I'm just going by memory.

Look for "Internet Setup", about half way down the page there should be an option for Obtain an IP address / Use the following address.

If you select "Use the following address," you should then be allowed to enter in the ip information that your ISP provided you.

Putting this in a different post just so that I didn't confuse the OP.

I run my server machines with an almost identical setup, however I have also found it useful to put a second NIC in it, connected to your local network. This lets me do things such as ssh/cifs/ftp etc without opening those ports to the general public.

I have some linksys and dlink routers, and for either of them is a similar setting for entering the WAN static IP. Don't forget to get the proper subnet mask, gateway address and dns server ip's from your isp, you need to enter those values too (all for the WAN side settings of the router).

I agree with Doug.

D-print, you should have something similar:

Modem
:
:
Switch
:
:
2 different routers plugged into the WAN port to a LAN port on the switch ( I think). Each router should have a public IPs assigned to it.

You need to make sure all your public IP assignments are correct (subnet mask, DNS entries, etc...).

From there you can either let the router serve as a DHCP server for your LAN or have a Windows server do it. You probably want to have your Windows DNS servers setup to forward DNS requests to your ISPs DNS servers.

This should allow everything out of your network just fine. You can setup port forwarding as necessary to allow traffic into the network as desired (or as suggested use a 2nd NIC and setup TCP/IP filtering to control traffic).

seack79, Doug.
Thank-you guys for all of your help regarding this matter.
I have now managed to configure the network.

Very fiddly with IP's & DNS etc etc but got there in the end.

(however) lol

The WAG354G routers/(Modems) don't have a WAN port on them so i have plugged the switch straight into ethernet port 1.
then i used the static WAN ip, dns etc for the internet connection to the devices and the ONLY issue is i had to use 5 of my 6 static ips's!!!

One for the LAN of the modem, one for each LAN on the routers and one for each server.

I spoke to my ISP and they informed me that i should not touch the WAN that is statically assigned by them and the ip block i have is LAN Static IP's

It works but therefore i only have 1 more ip for one more device!

Surely although it works i have gone wrong somewhere??

The routers are also set to NAT off and DHCP disabled. (told to do this by ISP due to using a static ip on a router)

have i done right or is there another way of doing it, or been misguided by ISP.

I also have 1 x FVS318 netgear firewall router which DOES have a WAN port & 8 LAN ports (not in system due to using the last static ip!)

If i am on the right lines with your posts then it should be the WAN side configured with the ip's and not the LAN side therefore the DHCP should be issuing 192.168.1.* ip's?

(got errors when i tied to do the WAN side on my routers)

any help greatly appreciated

If you had to assign a static WAN IP to both the router and the server attached to the router then the router is pretty much not doing its job.


Is the WAG354G a combo router+modem? How can they not have a WAN port? Both modems and routers have WAN ports. According to the image I see on the cisco site, the white port that is separate from the yellow ports is probably the WAN port. If they are router+modems you want to disable the modem part if you can.


Your ISP has nothing at all to do with static LAN IP's.


Ignore your ISP, they don't know what they're talking about. You want NAT turned on. You probably want DHCP disabled, but you'll assign a static LAN IP to the server behind the router. The static LAN IP you use will not be one assigned by your ISP, but rather one within the range served by your router (probably 10.0.0.X or 192.168.0.X or something along those lines).

The fact that you have NAT disabled is the reason you have to use so many IPs.

Your network should look like this:

That part sounds correct.

I don't understand your static IP issues though. I don't know the WAGwhatever device you're using, but I'll describe my setup in more detail. I have a 5-IP static business broadband here, and I was given my 5 static public IP's and the subnet mask. gateway address and dns servers from my ISP.

I took the output of my internet modem (ethernet) and plugged it into a 5-port switch. I took the first router (a linksys befsr41 if it matters), connected it's WAN input to one port on the switch, configured it's WAN side to use static IP and plugged in the info from my ISP. I set the desired LAN side IP range and configured the LAN side dhcp server so it will pass out addresses to LAN computers. I set up desired port forwarding through this router and plugged in the computers that will run on this LAN. Oh, and the domains are registered through godaddy and dns provided by godaddy for the domain(s) that live on that public IP.

Then I took the next router and did the same for the stuff that will run on the 2nd public IP.

And so on. But I don't use any public IP's in any servers or computers in the office, just one public IP for one site router.

One more comment, I don't use a 2nd NIC to interconnect LAN's. I have a SSH server on each site and can do whatever I need from LAN to LAN via SSH, and didn't want the slightly higher risk of a hacked machine on one site getting into machines on different sites.