+ Post New Thread
Results 1 to 4 of 4
How do you do....it? Thread, How do you use ISA for a gateway for public to access your services? in Technical; Hello everyone! I have a set up here at home which has 3 web servers [on different ports], a mail ...
  1. #1
    link470's Avatar
    Join Date
    Nov 2007
    Location
    Canada
    Posts
    250
    Thank Post
    85
    Thanked 8 Times in 6 Posts
    Rep Power
    15

    How do you use ISA for a gateway for public to access your services?

    Hello everyone! I have a set up here at home which has 3 web servers [on different ports], a mail server, and various other servers running other tasks. What I'd like to do, is have these servers behind an ISA server on the network. I want to have all websites using port 80 [on different servers under ONE IP address]. First off I'd like to thank all of you who replied to my post about how to do that and suggested ISA in here: How do I host all these Sites and Services under 1 IP Address?

    Now that I know ISA is probably the way to go, I have a couple questions. My current setup is that all my servers are behind one main router here. It's a DIR-655 from D-Link, nothing like an enterprise would use but a really solid home router. My computers are all gigabit and on a local network here, I have a few gigabit switches covering everything. But they're all on the same network. No subnet for the servers or anything. Now, if I added an ISA server, would I be able to just add it to the network and reroute requests to it, or do I have to have two network cards in it and create a SECOND private network behind ISA just for my servers and seperate from my other systems? Like, if I want it to handle domain requests for websites and mail servers, would I set my DNS in GoDaddy [my domain name providor] to point to my IP, and I'd just forward the ports for all my services [80 for web, 25 for mail etc. etc.] to the ISA server and configure port forwarding in the router to fire everything to the ISA server and it forwards onto the correct internal network from there? I'm not sure if that's right. Right now all the websites are on one server and just using host headers with IIS. But I'd like to expand and use multiple web servers each with a specific service.

    The next question I have is now does ISA send the result back? So lets say someone has requested one of my websites. They type the address in, the request goes to GoDaddy, which reads the A record and fires the request to my home network where at this time, my IIS server picks it up and reads the host header and sends it the right site, but instead would an ISA server read the result, forward the request to the correct internal web server, and now for the question, does the internal server send the result to the ISA server which sends it back to the person who made the request? Or does the ISA server send the request to the web server, and the web server fires the website out the main door [router] and straight to the person who made the request? If THAT's true, would I need more ports open? This would completely defeat the purpose of having a reverse proxy because I can't do that, I can't forward 80 to two internal computers. Therefore I'm thinking that it goes Request>Router>ISA>Internal Server which sends the website to>ISA>Router>Person who made request.

    This is all a learning experience for me. Yes, I could buy more IP's. No, I don't want to do that partly because I don't want to spend any more money and partly because I really want to learn how to do this in case I ever come across another setup where it may come in handy, I think it's really cool and dispite how much I'm not really a fan of ISA for a web filter at a school cause it was way too bypassable for me [and I ended up buying a Barracuda Web Filter 310], I think it could be really cool and serve the purpose of a reverse proxy/firewall very nicely.

    I hope my post was clear enough to read and understand. Thank you all very much for reviewing my question. Hopefully I'll learn something! Thanks again.

  2. #2

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,154
    Thank Post
    114
    Thanked 527 Times in 450 Posts
    Blog Entries
    2
    Rep Power
    123
    Quote Originally Posted by link470 View Post
    The next question I have is now does ISA send the result back? So lets say someone has requested one of my websites. They type the address in, the request goes to GoDaddy, which reads the A record and fires the request to my home network where at this time, my IIS server picks it up and reads the host header and sends it the right site, but instead would an ISA server read the result, forward the request to the correct internal web server, and now for the question, does the internal server send the result to the ISA server which sends it back to the person who made the request?
    Not sure that I can answer all the questions but this one I know :-)

    When you publish a web site with ISA, there's a pair of options "request appears to come from ISA server" and "request appears to come from original computer" (or similar!) and you generally want the first of those. In this way, the web server delivers to a request from the ISA server (easy - they're on the same network) and the ISA server then delivers to the requester (again, easy - it knows how to get there)

  3. Thanks to srochford from:

    link470 (27th April 2008)

  4. #3
    link470's Avatar
    Join Date
    Nov 2007
    Location
    Canada
    Posts
    250
    Thank Post
    85
    Thanked 8 Times in 6 Posts
    Rep Power
    15
    Quote Originally Posted by srochford View Post
    Not sure that I can answer all the questions but this one I know :-)

    When you publish a web site with ISA, there's a pair of options "request appears to come from ISA server" and "request appears to come from original computer" (or similar!) and you generally want the first of those. In this way, the web server delivers to a request from the ISA server (easy - they're on the same network) and the ISA server then delivers to the requester (again, easy - it knows how to get there)
    Awsome! Thanks, that's great. So that's one question answered. In this way, would I probably need a pretty intense system as an ISA server with a really good gigabit card in there [and it looks like I can just add it anywhere on the network]? I was planning on using a small form factor box with 512MB of ram and a 1GHz Pentium 3, but dedicated to JUST serving ISA. Would that be enough? They make great servers and really compact for everything else.

  5. #4

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    737
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    36
    Hi there,

    It would be best to have two NICs on the isa, one configured as external and the other as Internal. This makes it a lot easier to configure and also allows for some features that are not available on single homed isa.

    As for web publishing if you want it on one ip address then you need to configure the publishing rule so it points to the HTTP headers and this is that way isa will make decision on which website to forward the request.

    The other option is to actulally create different listerners for each of your website but of course this will require an external ip address each.

    If you are using isa server 2006 then there are lots of authentication methods available and you should not have a problem implementing your requirements.

    Ash.

  6. Thanks to spc-rocket from:

    link470 (28th April 2008)

SHARE:
+ Post New Thread

Similar Threads

  1. OWA Access 502 Bad Gateway Error
    By KWIK in forum Windows
    Replies: 3
    Last Post: 29th November 2007, 01:22 PM
  2. Replies: 0
    Last Post: 2nd November 2007, 09:58 AM
  3. Easier access to non-public hotfixes
    By PiqueABoo in forum Windows
    Replies: 1
    Last Post: 5th August 2007, 12:32 PM
  4. External Access to Public Area
    By mrforgetful in forum How do you do....it?
    Replies: 8
    Last Post: 15th November 2006, 02:04 PM
  5. Access to subscription services
    By Philbert in forum Educational Software
    Replies: 4
    Last Post: 23rd March 2006, 12:41 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •