I have DSL through Telocity with a static ip address 64.194.90.73. I'm running a WIN2k network. I have a domain controller with ip 192.168.0.101 and a web server with ip 192.168.0.102. My domain(soungene.com) is registered using the 64.194.90.73 ip address, which is assigned to the second NIC in the web server. I don't see on the Linksys help where their forwarding feature allows the router to forward Port 80 requests to the 64.194.90.73 address, all forwards are going to a local address, 192.168.0.x. How can I allow the Internet to browse to my web server as they can now?

Any device on the LAN side of the Linksys will be NAT'd. You can forward the port 80 requests to your webserver's private address. You need to configure the router with the public IP address or other devices will not be able to access the web, right?

Are folks unable to get to the webserver?

cyberskye,

Only one static ip. I didn't think of taking the other NIC card out, and Linksys did not tell me that I could assign the static ip address from the ISP to the router, instead of the default, 192.168.0.1. I can see now how what you suggest would work fine.

Thanks

Glad I could help. There is a lot of good info and some really sharp folks that lurk these pages. Stick around!


Have fun,

Skye

If I understand you correctly, I would set the router to forward port 80 to the 192.168.0.102 address on the second NIC card in the Web Server. This implies that the static ip address on the first NIC card is not relevant to the outside public.

Right now you can navigate to my website fine(soungene.com), with the DSL modem connected directly to the 1st NIC card. Would the router also forward web packets to the first NIC card, irrespective of setting up forwarding on the local ip address for the 2nd NIC card? That's what I concluded from your response.

Well...if you use the router in the manner I described, the webserver can be singlehomed (one NIC) with the private address xxx.xxx.xxx.2. You could then forward all page requests to that internal ip address. All other traffic would be handled based on the origination of the request.

Do you have multiple public ip's? One from your isp, one for your server?

If not, the router should be configured with your single public ip with port forwarding enabled on #80 as described before. That way all machines share that ip for internet connectivity, but web request from the outside world go only to the webserver. That's the advantage of NAT and one of only two security features provided by that router.

If you do have multiple public ip's, that is a different story but can still be accomplished through the router (with the purchase of an additional hub or switch.

A router is needed to facilitate teh communication between different networks.

[ 04-24-2001: Message edited by: cyberskye ]

read the book that came with the router, the section about DMZ host that should solv all your problems

and remember to have static IP or the port forwardig will not work!! :eek:

The static ip with port forwarding is the safest solution. My understanding is that if you use a DMZ zone, you cannot protect the pc from potential sabotage by a hacker.

For what it's worth, I think you are making the right choice.

Since you are running a webserver on your home network, make sure you weigh security heavily. I would personally assume that the webserver has already been comprimised and make sure that a user on the webserver cannot access your other machine. This may be inconvenient, but isn't too difficult. Consider user permissions and disable file and print sharing on the non-server host. In other words DO NOT treat it as a trusted machine!

Cheers

Have fun,

[ 04-27-2001: Message edited by: cyberskye ]

Skye,

You're right about my concern about hacking. I setup my website(soungene.com) to expose Bank of America's conspiracy to produce forged bank statements, and wanted to make the record of the case proving this available to law students through both the web server and an ftp server.

Indeed, there's sharp IT folks who work in Bofa, and I wanted to make sure that I do everything I can to prevent an attempt to crash the server.

The additional tips you supplied were helpful since I've left sharing enabled to copy content to the webserver, but the preferable approach is to take sharing off, and map to a development pc when necessary.

Thanks a lot for your feedback, I purchase the router and will be setting it up today.