Jump to content



Photo

Server with an external IP

external ip

  • Please log in to reply
37 replies to this topic

#1 ginjammer

ginjammer

    Neowinian

  • Joined: 08-July 14

Posted 08 July 2014 - 19:49

Hello,

 

I've been asked to help set up a server with an external IP address so that users in another location can access it. I'm not entirely sure how to go about this. I've been given the external IP address that their Internet provider supplied. Should I install another switch before the internal network switch in order to have the server on the "outside". I've not done much router configuration and am not sure if there is a way to route these users to this server if it is behind their current router. Since it would have a different address would this even be possible? Any advice would be greatly appreciated.




#2 episode

episode

    Neowinian Fanatic

  • Tech Issues Solved: 3
  • Joined: 11-December 01

Posted 08 July 2014 - 19:54

Normally, you should assign the static IP to the router/firewall and use port forwarding for the services the external users need.

 

You can assign the IP directly to the server and then put the server in the router's DMZ as well.

 

Or like you said, deploy a switch and then assign the statics to the router and server. This will basically completely separate the two networks, but leaves the server fully out 'in the wild'.



#3 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 93
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 08 July 2014 - 20:06

keep in mind exposing a server that is on your network to the public internet for inbound traffic is risk. Normally servers that allow inbound traffic from the internet would be in a dmz (isolated from your normal network) Where there would be a firewall between this dmz and the local network.

You could mitigate risk by only allowing the IP address from this remote location to talk to your server.

What exactly are they going to access on this server? Http, ftp, what?

A switch would not isolate anything to be honest, what hardware are you working with? What is your router that connects you to the internet?

#4 +ChuckFinley

ChuckFinley

    member_id=28229

  • Joined: 14-May 03

Posted 08 July 2014 - 20:10

What equipment are you working with currently? Or plan on working with? 



#5 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 25
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 08 July 2014 - 20:17

What type of server is this?  Is this a web server?  Is this a file server?  If it is a file server you are better off setting up a vpn for access as it could open up a can of worms that you would not want open to the outside world.  If you have a corporate firewall you can make specific rules as to what outside IPs have access to this, but it still is highly not recommended to do so. 



#6 fusi0n

fusi0n

    Don't call it a come back

  • Tech Issues Solved: 3
  • Joined: 08-July 04
  • OS: OSX 10.9\Elementary OS
  • Phone: iPhone 5S 64GB

Posted 08 July 2014 - 20:40

Yeah, what are they needing to access? You have to be very careful with this kinda stuff.. 



#7 OP ginjammer

ginjammer

    Neowinian

  • Joined: 08-July 14

Posted 08 July 2014 - 20:48

This will be just a standard server running Server 2012 Essentials. They have a program that they want everyone to be able to get to. Basically this program is a medical type scheduling program. They enter notes about patients into the database. I'm guessing the setup I originally suggested is definitely not the way to go. They have cable for internet service and just a small cisco router connected to that for the local network. I wasn't sure if I could utilize the external IP address within the local network and have the router access it some way? Thanks for all of the input!



#8 fusi0n

fusi0n

    Don't call it a come back

  • Tech Issues Solved: 3
  • Joined: 08-July 04
  • OS: OSX 10.9\Elementary OS
  • Phone: iPhone 5S 64GB

Posted 08 July 2014 - 20:53

This will be just a standard server running Server 2012 Essentials. They have a program that they want everyone to be able to get to. Basically this program is a medical type scheduling program. They enter notes about patients into the database. I'm guessing the setup I originally suggested is definitely not the way to go. They have cable for internet service and just a small cisco router connected to that for the local network. I wasn't sure if I could utilize the external IP address within the local network and have the router access it some way? Thanks for all of the input!

Then you would have to open port 3389 and forward that port to the hosting server.. Which is horrible to expose to the internet. I would just keep the server local, and add a VPN, then they can use remote desktop to access the app..  What model is the Cisco Router? Also, does your company use any Citrix or VMware? There might be a better and safer way to do this.. 



#9 +ChuckFinley

ChuckFinley

    member_id=28229

  • Joined: 14-May 03

Posted 08 July 2014 - 20:59

I hope its nothing medical related when you said this....

 

http://ico.org.uk/enforcement/fines



#10 fusi0n

fusi0n

    Don't call it a come back

  • Tech Issues Solved: 3
  • Joined: 08-July 04
  • OS: OSX 10.9\Elementary OS
  • Phone: iPhone 5S 64GB

Posted 08 July 2014 - 21:06

You also mentioned "users in another location".. There already might be a dedicated VPN link setup between the two offices.. 



#11 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 25
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 08 July 2014 - 21:06

You can do the same as citrix with a microsoft server with remote app (there are licensing fees on top of the microsoft server license to enable this).  This will allow you to publish the app on a website through secure ports, similar to citrix xenapp server.  the citrix protocol is nicer and has more features and has an associated cost with these nicer and more features option on top of a windows server, which you need the license mentioned before on top of the citrix licensing to be properly licensed and working...unless in recent years they have changed their license model.



#12 fusi0n

fusi0n

    Don't call it a come back

  • Tech Issues Solved: 3
  • Joined: 08-July 04
  • OS: OSX 10.9\Elementary OS
  • Phone: iPhone 5S 64GB

Posted 09 July 2014 - 12:31

Hello,

 

I've been asked to help set up a server with an external IP address so that users in another location can access it. I'm not entirely sure how to go about this. I've been given the external IP address that their Internet provider supplied. Should I install another switch before the internal network switch in order to have the server on the "outside". I've not done much router configuration and am not sure if there is a way to route these users to this server if it is behind their current router. Since it would have a different address would this even be possible? Any advice would be greatly appreciated.

Any updates on this? I was actually curious to see where this was going?



#13 JonnyLH

JonnyLH

    I say things.

  • Joined: 15-February 13
  • Location: UK
  • OS: W8, W7, WP8, iOS, Ubuntu
  • Phone: Nokia Lumia 920

Posted 09 July 2014 - 13:04

This will be just a standard server running Server 2012 Essentials. They have a program that they want everyone to be able to get to. Basically this program is a medical type scheduling program. They enter notes about patients into the database. I'm guessing the setup I originally suggested is definitely not the way to go. They have cable for internet service and just a small cisco router connected to that for the local network. I wasn't sure if I could utilize the external IP address within the local network and have the router access it some way? Thanks for all of the input!

Is there a free interface on the small router? Or if not, you could make an argument to buy a cheap one. Plug it in there and depending if there's any protocol running on the links between offices/ISP then you can advertise the server out of it.

 

Always stay simple. Depending on how much the router is utilised, adding port-forwarding or DMZ's through NAT can add quite a lot of load on those small things.   



#14 OP ginjammer

ginjammer

    Neowinian

  • Joined: 08-July 14

Posted 09 July 2014 - 14:21

I'm thinking a VPN will be the way to go. Thanks for all of your input! Setting up the VPN would the server have an internal IP address and then just forward the correct ports to that address?



#15 JonnyLH

JonnyLH

    I say things.

  • Joined: 15-February 13
  • Location: UK
  • OS: W8, W7, WP8, iOS, Ubuntu
  • Phone: Nokia Lumia 920

Posted 09 July 2014 - 14:30

I'm thinking a VPN will be the way to go. Thanks for all of your input! Setting up the VPN would the server have an internal IP address and then just forward the correct ports to that address?

Personally, I don't think its the right way to go. It's over complicating something thats simple. Even putting it on a DMZ would be better than a VPN.