Aaron
Member
Registered: 9th Aug 04
Location: Cottingham, East Riding
User status: Offline
|
Ok here goes...
I've got a Windows Server 2003 Box sat in a cupboard acting as:
Active Directory Server
Internal DHCP, DNS
Proxy server
Ftp Server
Http Server
Dynamic DNS Host
This server is directly connected to the internet using a usb modem. Before i installed active directory i used ICS to share the connection across the network (built in home internet sharing thingy) but now AD is installed...that functionality has gone.
So i'm now using a proxy server (Squid NT recommended to me my Tim aaages ago)
Problem is, there are alot of things i can no longer do on the client machines like using ftp to update my site, use psp stuff for example. This is down to using a proxy server i'm sure.
So...my question is, is there any other way i can make this server the internet gateway without having to use proxy server software.
I have a dynamic IP assigned by mu ISP by the way.
Thanks
Aj.
|
Ian
Site Administrator
Registered: 28th Aug 99
Location: Liverpool
User status: Offline
|
Slow answer is loads of stuff, additional software, more config etc etc.
Quick answer is buy a router?
|
Aaron
Member
Registered: 9th Aug 04
Location: Cottingham, East Riding
User status: Offline
|
Yeah i thought of that.
But with a router will i still be able to have remote access, host web sites and be able to transfer files using ftp to and from my server?
|
Ian
Site Administrator
Registered: 28th Aug 99
Location: Liverpool
User status: Offline
|
Yes, most support this.
You could open up just the remote desktop ports and connect to the 2003 box, or go direct in on 21/80 for FTP/HTTP.
If that doesn't work you could just DMZ the server and you would have effectively identical config to currently, but your other computers would have more transparent access to outside.
|
Aaron
Member
Registered: 9th Aug 04
Location: Cottingham, East Riding
User status: Offline
|
hmmm...interesting
the dmz idea is good, i never looked at it that way.
Thanks for that 
|
Ian
Site Administrator
Registered: 28th Aug 99
Location: Liverpool
User status: Offline
|
I would personally go for individual ports rather than DMZ'ing the whole computer as the former is slightly more secure.
If you have a vulnerability on a DMZ computer then you are wide open. If you are only allowing in for selected services then you have lessened the odds of being visible.
|
Aaron
Member
Registered: 9th Aug 04
Location: Cottingham, East Riding
User status: Offline
|
ok thanks, i'll look at a few routers that will do what i want.
Do you happen to know any?
|
Ian
Site Administrator
Registered: 28th Aug 99
Location: Liverpool
User status: Offline
|
Netgear DG834
|
Aaron
Member
Registered: 9th Aug 04
Location: Cottingham, East Riding
User status: Offline
|
Great
Ask the right people and get the right answers 
|
