Topic: E-Smart with Win2k Server

[Brendon Muir]

I know this is probably a common situation and I know that it has probably been covered somewhere before but I have searched and I have not found the answers.

Here is the question:

We are a small school with a Win2k Server that handles all this

Active Directory - User Management
Active Directory - Software Deployment
Internet Gateway / Router / Firewall
Web Server
Mail Server
WebMail Server
Terminal Server
DNS Server Active Directory Integrated
WINS Server
DHCP Server
Roaming Profiles and Document Storage
Software Server

This is a fairly meaty machine by our standards but I have the urge to split some of this up and assign some of the more mundane tasks to a linux server. These were the tasks that I thougt of

Linux Server Handles:

Mail Server
WebMail Server
Internet Gateway / Router / Firewall

We have a wireless Internet connection which uses a special ISA card that pretends to be a normal Ethernet card. We have a 386 acting as a bridge (ie, the Wireless card and an Ethernet card just converting the signal to normal LAN traffic. This bridge will then be plugged directly into the linux box which will then be plugged into the local network (10.10.1.x). My concern is that the webserver (which we want to keep on the Win2k Server) will not be hosted on a machine with an external IP. I'm sure this is done all the time for security reasons, but how to I route the incoming and outgoing web traffic to the Win2k server which only has an internal IP? I hope this is a clear question. Right now the web server is on the win2k machine which currently has an internal network and an external network connection.

Cheers,


Brendon

[lepounet]

Hi,

You need to install port forwarding :
http://myezserver.com/downloads/mitel/contrib/portforwarding-0.0.1/

This will allow you to redirect all requests coming from ouside to a specific port (ie 80 for html) to a specific computer inside you local network.
All other requests are handled by SME server except the one on specified port.

Regards

Alain

[Brendon Muir]

Thanks man, this was the last hurdle that I faced before deciding to delopy this server.

Cheers!

[Brendon Muir]

By the way, since the win2k server will now be handling www traffic, is it at all possible to still use the webmail feature on the e-smith server.

As I see it, I could make the www server on the linux box respond to port 8080, then point the browser to www.oursite.co.nz:8080 which would make the linux box respond rather than the win2k server.

How does this sound?


Cheers,

Brendon Muir

[lepounet]

>
> By the way, since the win2k server will now be handling www
> traffic, is it at all possible to still use the webmail
> feature on the e-smith server.
>
> As I see it, I could make the www server on the linux box
> respond to port 8080, then point the browser to
> www.oursite.co.nz:8080 which would make the linux box respond
> rather than the win2k server.
>
> How does this sound?

Anyway, the webmail feature is accessed in secure mode (https://yourserver.com/webmail) so the port used is 443 not 80 which is redirected to your w2k server

Alain

[Seth]

I wish I could offer an exact answer,  but I to am just now figuring out how to do this,   I believe what you need to do is research the howto for the
ipmasqadm autofw , and ipmasqadm portfw , commands.   Using these commands you can tell the e-smith box to forward all web traffic (ie port 80) to the internal IP of the Win2K box.    But I would also assume you have to turn off the Apache service on the esmith box that is currently running on port 80


Good Luck,

Seth Lavinder
Network Technologist
Kanawha County Schools