Using Win2000 server as a router?

[Jim]

Hi,

I have a couple things that I want to accomplish with my server.

1. It will act as a dns/dhcp server
2. Routing should be enabled to provide internet service to my private LAN
3. I would like it to route all webserver requests (IIS) to another
computer on my LAN.


1 and 2 are done, but I'm not sure how I should tackle 3. I want one of my
computers on my LAN to act as a webserver. So, all web requests to the
exposed server should be redirected to the new webserver that exists on my
private LAN. I would think this is possible, but I'm not really sure how
to go about setting it up. Any hints/suggestions would be very welcomed.

Some background information, I suppose... The exposed server is a windows
2000 server box that is dual homed. One card points to the internet, while
the other is assigned as 192.168.0.1, to be used as the default router from
my LAN. The webserver is running windows server 2003.

Thanks

Jim

 

[Doug Sherman [MVP]]

Open the RRAS console, expand IP Routing, click on Network Address
Translation, right click your Internet interface and select Properties.
Click on the Special Ports tab and click the Add button. Incoming and
Outgoing port is 80, Private address is the IP address of your Web server.

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP

 

[Jim]

Thanks for the fast reply Doug. I should have explained a little more,
I suppose. Does it make a difference if I am hosting multiple websites
on the webserver? I've seen threads saying that using ISA server would
be better under this situation, but I'm not sure. I am using host
header names to host the websites.

Thanks

Jim

 

[Doug Sherman [MVP]]

Shouldn't make any difference as long as users can resolve the IP address
and their browsers support host headers. ISA has lots of advantages, but I
don't think this is one of them. With ISA you essentially do the same thing
with web publishing rules - see:
http://support.microsoft.com/default.aspx?scid=kb;ZH-TW;305052

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP

 

[Jim]

Again, thanks for the rapid response!

The reason I asked is because i'm having difficulties accessing a
website (hosted on my webserver) from another computer on the LAN. Now,
the webserver has the ip of 192.168.0.2 and the computer that I'm trying
to access the website from has the ip 192.168.0.3.

Now, my understanding is that because DNS, for the website I'm trying to
reach, points to the internet IP on my router box, all should be fine.
My other computers should be accessing the website like any other
computer from the internet. Or, because my router box also provides DNS
services to my LAN, it's just pointing to itself for the website and
specifying the 192.168.0.1 adapter's address for the website (maybe by
mistake?). So then, the port filtering isn't applied? Or am I way off
with this assumption? As a side note, I haven't added any specific
entries into the DNS service on my router box, so it should be getting
all information about the websites I host from the DNS servers that I
use (off my network).

Jim

 

[Doug Sherman [MVP]]

OK - the short answer is that you cannot connect to your external IP address
from the internal lan in the same way that you would connect to it from a
remote Internet connection. An http packet sent to the external IP from an
internal machine never gets past the router so it doesn't get the port
mapping that an inbound packet would receive. If you want to test Internet
access to these sites you need to use a different Internet connection - I
use a dial-up modem and a netzero account. If you want to connect to these
sites from the internal lan, use a hosts file which maps the host headers to
the server's internal IP.

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP

 

[Jim]

Thanks for all of the help Doug. You have made this quite a nice
learning experience. Everything is up and running as desired.

Thanks again

Jim