I'm looking to set up a very simple firewall to prevent the old PDC (Primary Domain Controler) on windows to act as a PDC, yet to be visible for its web server part on the network with the actual newer PDC. In fact, I have to make a web application survive on the old PDC, without having it interfere with the newer one. The basic is really simple:
A gateway computer is to be set up who view the older machine on a different network segment, and the actual lan (two nics on the machine).
Wingate can then serve as a proxy that allows web traffic (can be routed on port 8080 or whatever) to pass and be directed to the old IIS on the old PDC acting as as web server only. The point here is to make sure neither the gateway, or the client machine, will hook to the old PDC as thier domain controler.
I need something as a simple recipe (go there do that, etc.) and didn't found it yet on the knowledge base on in the forums.
Thanks in advance!
JF
Newbie topic
Moderator: Qbik Staff
4 posts
• Page 1 of 1
Re: Newbie topic
by adrien » Jan 19 09 10:21 am
Hi
Can you not just demote that PDC, so it's no longer a domain controller?
http://support.microsoft.com/kb/299540
Regards
Adrien
Can you not just demote that PDC, so it's no longer a domain controller?
http://support.microsoft.com/kb/299540
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: Newbie topic
by jiepher » Jan 20 09 3:53 am
Adrien,
thank you for your advice, but, if it was that simple, why would I done it in the first place? ;)
The fact is I forgot to mention the PDC is SBS2000, which doesn't allow demoting. First SBS isn't allowed to be demoted. Second, even it has been a server 2000, it would have needed a BDC mounted in NT4, wich I don't have.
That's the reason why I need a firewall configured in a way it allows port 80 only to pass on a private network where my PDC (aka web server) is, and doesn't allow any other trafic to transit.
I'm looking for a recipe, to be concrete, to configure host 192.168.222.222 to serve as a webserver for any hosht in the network 192.168.102.X, using host 192.168.102.102 as a bridge (with two NIC's) or better, a firewalled proxy to 192.168.222.X network.
It should be something simple, and I want to do it with a time-proven solution such as Wingate (I could definately set it up on a router or a unix box box, but as the server is virtualised and need a pc to run, i find such approach overkill!), which I unfortunately don't have time to learn (users of the concerned application are pressing me to get them back to work), so I'm asking the Wingate user's community.
Thanks again in advance!
JF.
thank you for your advice, but, if it was that simple, why would I done it in the first place? ;)
The fact is I forgot to mention the PDC is SBS2000, which doesn't allow demoting. First SBS isn't allowed to be demoted. Second, even it has been a server 2000, it would have needed a BDC mounted in NT4, wich I don't have.
That's the reason why I need a firewall configured in a way it allows port 80 only to pass on a private network where my PDC (aka web server) is, and doesn't allow any other trafic to transit.
I'm looking for a recipe, to be concrete, to configure host 192.168.222.222 to serve as a webserver for any hosht in the network 192.168.102.X, using host 192.168.102.102 as a bridge (with two NIC's) or better, a firewalled proxy to 192.168.222.X network.
It should be something simple, and I want to do it with a time-proven solution such as Wingate (I could definately set it up on a router or a unix box box, but as the server is virtualised and need a pc to run, i find such approach overkill!), which I unfortunately don't have time to learn (users of the concerned application are pressing me to get them back to work), so I'm asking the Wingate user's community.
Thanks again in advance!
JF.
- jiepher
- Posts: 2
- Joined: Jan 17 09 9:14 am
Re: Newbie topic
by adrien » Jan 20 09 10:02 am
OK
If all you need is port 80, then if you install WinGate, simply mark all interfaces as "external", which will firewall them by default, and open port 80 to allow access to port 80 on that machine.
If you want inbound web to go via WinGate's proxy, you'd need instead to bind the WWW proxy in WinGate to all interfaces, and have it set up as a reverse proxy to the internal WWW server. To do that
a) open web server settings in the WWW proxy
b) click Add to add a new site
c) on the general tab select "Reverse proxy request", enter the server and port (you'll probably need to get the web server to run on another port if it's on the same IP address)
d) on the hosts tab enter the sites that you want to serve, e.g. www.yourcompany.com
Regards
Adrien
If all you need is port 80, then if you install WinGate, simply mark all interfaces as "external", which will firewall them by default, and open port 80 to allow access to port 80 on that machine.
If you want inbound web to go via WinGate's proxy, you'd need instead to bind the WWW proxy in WinGate to all interfaces, and have it set up as a reverse proxy to the internal WWW server. To do that
a) open web server settings in the WWW proxy
b) click Add to add a new site
c) on the general tab select "Reverse proxy request", enter the server and port (you'll probably need to get the web server to run on another port if it's on the same IP address)
d) on the hosts tab enter the sites that you want to serve, e.g. www.yourcompany.com
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 15 guests