Hi,
I need some tips on configuring a network. I'll first describe what I have:
Machine Name: server01
OS: Windows 2003 Standard
Extras: Active Directory (AD), Domain Name Server (DNS), Dynamic Host Configuration Protocol (DHCP), Domain Controler (DC)
IP Configuration:
IP: (Static) 192.168.0.1
SubNet: 255.255.255.0
DNS: None (will use itself, since it's a DNS)
DC Settings:
Domain Name: mydomain.com
DHCP Settings:
Scope from 192.168.0.10 to 192.168.0.30
DNS Settings:
On "DNS\SERVER01\mydomain.com" added the following keys:
Name "www" / Type "Allias(CNAME)" / Data "server01.mydomain.com".
Name "ftp" / Type "Allias(CNAME)" / Data "server02.mydomain.com".
This will be a web server (intranet & internet). It will run Tomcat on port 80.
If I "ping server01.mydomain.com" and "ping www.mydomain.com" they ping successfully into 192.168.0.1.
Machine Name: server02
OS: Windows 2003 Standard
Extras: Some FTP server software
IP Configuration:
IP: (Static) 192.168.0.2
SubNet: 255.255.255.0
DNS: None
This will be an FTP server (intranet & internet). It will run some FTP server software on port 90 (don't know which port, isn't installed yet).
If I "ping server02.mydomain.com" and "ping ftp.mydomain.com" they ping successfully into 192.168.0.2.
Machine Name: work01
OS: Windows XP Pro SP2
Extras: None
IP Configuration:
IP: (Dynamic) 192.168.0.10 (leased from server01)
SubNet: None
DNS: None
This will be a regular workstation machine.
If I "ping work01.mydomain.com" it'll ping successfully into 192.168.0.10.
There are some other machines like this one, named work02, work03, ..., with similar config.
General Notes:
Every computer belongs to mydomain.com, users are created in server01 under Active Directory administration console, and everyone logs on successfully.
All users belong to DomainUser group, one user (me) belong to DomainAdmin group, and some are Administrators on their working computers.
Network:
To connect all the machines, I have an 8-port switch from Linksys.
I'm thinking about buying a "4-port cable/dsl router + wireless" from Linksys.
I'll then Uplink last port from my Linksys (the one Uplinkable), into the first port of the router.
I'll then connect an RJ45 cable from the cable modem into the WAN port of the router.
Then I assume all my network will automatically have access to my cable internet connection.
My ISP gives my cable modem a fixed IP of for example: 213.80.84.13.
I assume everything above is correct, so I'll move on to my real questions:
Question #1
How can I setup my network, so that only users logged on mydomain.com can access my internet cable connection?
And how can I restrict a particular user/computer?
I want to give access to everyone that righfully belongs to the domain, but still be able to reject someone. I mean if I reject a machine (for example work05), the users that log to domain on that specific computer cannot access the internet. They cannot change computer name, because if they do, they would need DomainAdmin password to rejoin the domain, right? And since they are NOT DomainAdmins, they could not trick the system by simply changing machine name.
Maybe by setting a proxy that asks user/password to connect to internet? Then I would only allow some restrict group of users (that belong to domain, like MYDOMAIN\user01 or something like that), and only those would be able to give their passwords to proxy and actually pass them. They would then be able to have internet from every machine, as long as they provide their passwords. Right? How could I set this up then?
Question #2
So with a router, people from the internet would not be able to enter my network. I mean, they could only find my ISP IP (213.80.84.13), but trying to enter my network would fail, since my router would not have allowance on it's NAT table to allow the packets to flow in. That's the concept of a router as I understand it, and acting "as a firewall".
But I need to allow it to some extent ... I want requests made to port 80 be handled to server01 (for www) and requests made to port 90 be handled to server01 (for ftp).
How/where would I set this up?
Question #3
Maybe this has something to do with Question #2 ... but here it goes ...
Since I have a fixed IP from ISP, and I want to run a web site from my servers, I'm interested in registering a domain name for my company.
But instead of registering www.mycompany.com, I want to be able to register mycompany.com pointing to my fixed ISP's IP (213.80.84.13).
When someone calls http://www.mycompany.com, the request would be mapped from mycompany.com to 213.80.84.13, then it was my local network (my own DNS server, server01) that would resolve the specific part of the address, like the www, ftp, ...
This first part would be sort of configure my router to finish handling Domain Names by server01 ... or something like that. How?
Will I be able to do that with this setup? What do I have to make? Register only mycompany.com on some internet domain name server provider? It's that simple, or do I have to do something else?
Question #4
Let's say for example that my web site just get's to requested. I want to split it in two ... so I install another server (like server03). How can I make my network or my server01 to split web page requests also to server03?
Many questions, I know, lot's of text to read ... eheh ... but I would appreciate some help on doing this and understanding how it's done.
If you need some more info, please just ask for it ... I'll edit it into this message so it will get more complete.
Thank you very much.
I need some tips on configuring a network. I'll first describe what I have:
Machine Name: server01
OS: Windows 2003 Standard
Extras: Active Directory (AD), Domain Name Server (DNS), Dynamic Host Configuration Protocol (DHCP), Domain Controler (DC)
IP Configuration:
IP: (Static) 192.168.0.1
SubNet: 255.255.255.0
DNS: None (will use itself, since it's a DNS)
DC Settings:
Domain Name: mydomain.com
DHCP Settings:
Scope from 192.168.0.10 to 192.168.0.30
DNS Settings:
On "DNS\SERVER01\mydomain.com" added the following keys:
Name "www" / Type "Allias(CNAME)" / Data "server01.mydomain.com".
Name "ftp" / Type "Allias(CNAME)" / Data "server02.mydomain.com".
This will be a web server (intranet & internet). It will run Tomcat on port 80.
If I "ping server01.mydomain.com" and "ping www.mydomain.com" they ping successfully into 192.168.0.1.
Machine Name: server02
OS: Windows 2003 Standard
Extras: Some FTP server software
IP Configuration:
IP: (Static) 192.168.0.2
SubNet: 255.255.255.0
DNS: None
This will be an FTP server (intranet & internet). It will run some FTP server software on port 90 (don't know which port, isn't installed yet).
If I "ping server02.mydomain.com" and "ping ftp.mydomain.com" they ping successfully into 192.168.0.2.
Machine Name: work01
OS: Windows XP Pro SP2
Extras: None
IP Configuration:
IP: (Dynamic) 192.168.0.10 (leased from server01)
SubNet: None
DNS: None
This will be a regular workstation machine.
If I "ping work01.mydomain.com" it'll ping successfully into 192.168.0.10.
There are some other machines like this one, named work02, work03, ..., with similar config.
General Notes:
Every computer belongs to mydomain.com, users are created in server01 under Active Directory administration console, and everyone logs on successfully.
All users belong to DomainUser group, one user (me) belong to DomainAdmin group, and some are Administrators on their working computers.
Network:
To connect all the machines, I have an 8-port switch from Linksys.
I'm thinking about buying a "4-port cable/dsl router + wireless" from Linksys.
I'll then Uplink last port from my Linksys (the one Uplinkable), into the first port of the router.
I'll then connect an RJ45 cable from the cable modem into the WAN port of the router.
Then I assume all my network will automatically have access to my cable internet connection.
My ISP gives my cable modem a fixed IP of for example: 213.80.84.13.
I assume everything above is correct, so I'll move on to my real questions:
Question #1
How can I setup my network, so that only users logged on mydomain.com can access my internet cable connection?
And how can I restrict a particular user/computer?
I want to give access to everyone that righfully belongs to the domain, but still be able to reject someone. I mean if I reject a machine (for example work05), the users that log to domain on that specific computer cannot access the internet. They cannot change computer name, because if they do, they would need DomainAdmin password to rejoin the domain, right? And since they are NOT DomainAdmins, they could not trick the system by simply changing machine name.
Maybe by setting a proxy that asks user/password to connect to internet? Then I would only allow some restrict group of users (that belong to domain, like MYDOMAIN\user01 or something like that), and only those would be able to give their passwords to proxy and actually pass them. They would then be able to have internet from every machine, as long as they provide their passwords. Right? How could I set this up then?
Question #2
So with a router, people from the internet would not be able to enter my network. I mean, they could only find my ISP IP (213.80.84.13), but trying to enter my network would fail, since my router would not have allowance on it's NAT table to allow the packets to flow in. That's the concept of a router as I understand it, and acting "as a firewall".
But I need to allow it to some extent ... I want requests made to port 80 be handled to server01 (for www) and requests made to port 90 be handled to server01 (for ftp).
How/where would I set this up?
Question #3
Maybe this has something to do with Question #2 ... but here it goes ...
Since I have a fixed IP from ISP, and I want to run a web site from my servers, I'm interested in registering a domain name for my company.
But instead of registering www.mycompany.com, I want to be able to register mycompany.com pointing to my fixed ISP's IP (213.80.84.13).
When someone calls http://www.mycompany.com, the request would be mapped from mycompany.com to 213.80.84.13, then it was my local network (my own DNS server, server01) that would resolve the specific part of the address, like the www, ftp, ...
This first part would be sort of configure my router to finish handling Domain Names by server01 ... or something like that. How?
Will I be able to do that with this setup? What do I have to make? Register only mycompany.com on some internet domain name server provider? It's that simple, or do I have to do something else?
Question #4
Let's say for example that my web site just get's to requested. I want to split it in two ... so I install another server (like server03). How can I make my network or my server01 to split web page requests also to server03?
Many questions, I know, lot's of text to read ... eheh ... but I would appreciate some help on doing this and understanding how it's done.
If you need some more info, please just ask for it ... I'll edit it into this message so it will get more complete.
Thank you very much.
Good thing you remembered me.
Facebook
Twitter