How do you use ISA for a gateway for public to access your services?
Hello everyone! I have a set up here at home which has 3 web servers [on different ports], a mail server, and various other servers running other tasks. What I'd like to do, is have these servers behind an ISA server on the network. I want to have all websites using port 80 [on different servers under ONE IP address]. First off I'd like to thank all of you who replied to my post about how to do that and suggested ISA in here: http://www.edugeek.net/forums/window...p-address.html
Now that I know ISA is probably the way to go, I have a couple questions. My current setup is that all my servers are behind one main router here. It's a DIR-655 from D-Link, nothing like an enterprise would use but a really solid home router. My computers are all gigabit and on a local network here, I have a few gigabit switches covering everything. But they're all on the same network. No subnet for the servers or anything. Now, if I added an ISA server, would I be able to just add it to the network and reroute requests to it, or do I have to have two network cards in it and create a SECOND private network behind ISA just for my servers and seperate from my other systems? Like, if I want it to handle domain requests for websites and mail servers, would I set my DNS in GoDaddy [my domain name providor] to point to my IP, and I'd just forward the ports for all my services [80 for web, 25 for mail etc. etc.] to the ISA server and configure port forwarding in the router to fire everything to the ISA server and it forwards onto the correct internal network from there? I'm not sure if that's right. Right now all the websites are on one server and just using host headers with IIS. But I'd like to expand and use multiple web servers each with a specific service.
The next question I have is now does ISA send the result back? So lets say someone has requested one of my websites. They type the address in, the request goes to GoDaddy, which reads the A record and fires the request to my home network where at this time, my IIS server picks it up and reads the host header and sends it the right site, but instead would an ISA server read the result, forward the request to the correct internal web server, and now for the question, does the internal server send the result to the ISA server which sends it back to the person who made the request? Or does the ISA server send the request to the web server, and the web server fires the website out the main door [router] and straight to the person who made the request? If THAT's true, would I need more ports open? This would completely defeat the purpose of having a reverse proxy because I can't do that, I can't forward 80 to two internal computers. Therefore I'm thinking that it goes Request>Router>ISA>Internal Server which sends the website to>ISA>Router>Person who made request.
This is all a learning experience for me. Yes, I could buy more IP's. No, I don't want to do that partly because I don't want to spend any more money and partly because I really want to learn how to do this in case I ever come across another setup where it may come in handy, I think it's really cool and dispite how much I'm not really a fan of ISA for a web filter at a school cause it was way too bypassable for me [and I ended up buying a Barracuda Web Filter 310], I think it could be really cool and serve the purpose of a reverse proxy/firewall very nicely.
I hope my post was clear enough to read and understand. Thank you all very much for reviewing my question. Hopefully I'll learn something! :D Thanks again.