One static IP - 2 port 80 apps, 2 servers

Over Clocker · 26 Jun 2008 at 09:35

Hi guys.

Quick question -

We've got 1 static IP applied to our site, and we are running 2 port 80 applications on 2 different servers. (Outlook Web Access and Sharepoint).

I don't want the Sharepoint port for internal usage reasons.

Is there a way to set up a redirection in IIS7 so that when we externally browse to sharepoint.blahblah.co.uk:8080 is redirects to the internal sharepoint port 80 on that server? We can setup a port forward for 8080 to that IP on our firewall so that's all fine.

Cheers,

Mal

mynsa · 26 Jun 2008 at 09:52

you can nat it, incoming traffic on port 8080 can be natted internally to port 80.

i.e.

externalip:8080 > Router > internalip:80

What do you use as your internet router?

i though owa was over https anyways - could be wrong ive not worked with owa much?

FrenchTart · 26 Jun 2008 at 09:57

Wouldn't that do something odd with the outgoing traffic though? Presumably you'd need to setup some kind of rules for that too?

mynsa · 26 Jun 2008 at 10:01

depends what you meant:

the connection tracking table would cover the returning traffic, as it does all established connections.

normal outgoing traffic initiated from the LAN wouldnt be affected as the NAT rule wont effect it as the destination would be set to the public ip address on the firewall, the only time it would affect would be if you typed into the browser from the LAN externalip:8080, you would then be forwarded through to the server locally on port 80 - but its easier to type localip:80

FrenchTart · 26 Jun 2008 at 10:02

Ah cool. I must've just done something stupid in the past when I tried something similar then

mynsa · 26 Jun 2008 at 10:08

Aekeron said:
Ah cool. I must've just done something stupid in the past when I tried something similar then

no probs, you did throw some doubt in my mind, but that will defiantly work

FrenchTart · 26 Jun 2008 at 10:11

Good to know for the future. Thanks.

mynsa · 26 Jun 2008 at 10:21

your other options are:

specify different source addresses to differentiate the traffic (i dont think this is possible in this scenario)

get a new public ip address / subnet

set up home user vpns so that employees wanted to access their email can dial in and access it as though they were local to the server.

mdjmcnally · 26 Jun 2008 at 13:15

Why not stick an ISA box in as a reverse proxy and then use that to connect back to the individual servers.

oddjob62 · 26 Jun 2008 at 16:42

mynsa said:
i though owa was over https anyways - could be wrong ive not worked with owa much?

doesn't have to be but definitely should be, as should any corporate web traffic over the Internet.

Over Clocker · 26 Jun 2008 at 18:28

Yep we're using an SSL connection for, but rpc over http for mda sync.

Cheers,

Mal

dave-lew99 · 26 Jun 2008 at 19:47

You could stick an apache box as the first hit on port 80 then use reverse proxy and name based vhosts to serve through that - i've done this so that i can serve a site through HTTPS (the service runs its own built in insecure server) which was bound to localhost:9080

quackers · 26 Jun 2008 at 22:25

mal, can you not use http over rpc on port 443 for the mda sync?