cancel
Showing results for 
Search instead for 
Did you mean: 

Q: I need to do everything - how do I do it?

N/A

Q: I need to do everything - how do I do it?

Quite a strange subject line, but let me explain.....

I have subscribed to the Plus.net Premiere 2mbps ADSL service. I have 3 desktop computers in my home office and 3 laptop computers scattered around the house - all having static IP addresses (10.10.10.1 through to Cool. I am using a SafeCom 802.11g+ Wireless ADSL router to connect to broadband. It is setup with the 3 desktop computers connected to it through ethernet cables and the laptops are connected to it via 802.11g connections. I have setup the router with my Plusdsl.net account information and static IP information, and have restricted access to the internet by using MAC authentication as well as WPA encryption for the WiFi. Everything is working fine.

I have a .com domain which I wish to run on a single server (one of the desktop PCs). I wish to use Windows Small Business Server 2003 (effectively Windows Server 2003) to run my own webserver, mailserver, and FTP.

I understand, from some reading I have done, I need to setup the IP address of my SBS2003 machine in the DMZ section of the router in order for all inbound requests to go to that machine. Is this correct?

From further reading of the posts on this forum it would appear I need to setup "IP Forwarding" for a number of ports (web, mail and ftp). Is this correct? If so, which ports do I need to setup?

Once the above is done, should I be able to do what I wish with my setup (ie. host a website, send/receive emails, and upload/download files via FTP all from the one machine)?

Am I missing anything?

TIA

Leigh
6 REPLIES
N/A

Q: I need to do everything - how do I do it?

Never put a windows machine in the DMZ for security reasons - if you keep it behind your router and then run port forwarding that will work fine.

Here's a list of ports for common services:
FTP ports 20 and 21
HTTP (web) port 80 and port 443 if you use SSL
SMTP (mail) port 25 - used if you want people to send you mails directly to your own mailserver
POP3 (mail) port 110 - used if you want to pick up your mails from the server externally

Another thing to be careful of is to avoid using what comes with windows - IIS (the webserver that comes with windows server) has a very bad history of security problems. Your best bet is to install the latest version of apache for web, and vsftpd for FTP (not sure if there's a windows port - take a look).

If you want to save money and remain secure, it might be worth looking at a better OS than windows - something like OpenBSD (www.openbsd.org) is brilliant for servers but complex for newbies. Another option is to look at the various linux distros.

Hope this helps
N/A

Not the Windows vs Linux debate again

Hi and many thanks for the reply. As my subject says, not the Windows versus Linux debate again. Although I hear what you are saying about Windows being weak in the security area plus Open/NetBSD being tighter than the proverbial camels in a sand storm, I havent a clue how to use BSD nor Linux to any great level of detail. Like it or not, at least the Windows products are easyish to install and setup. Im sure that keeping the software patched regularly I ought to be safe - and besides, I have all the legit Windows software which I can use.

Once thats up and running I can hone my skills with BSD/LINUX and see if its worth trying that route.

Many thanks for the port forwarding ideas - will try that this weekend.

-Leigh
N/A

Q: I need to do everything - how do I do it?

Leigh

You have a similar setup to myself - I have SBS2003 running on a server rig connected into my Smoothwall box as DMZ, then the internal interface of Smoothwall running into a 16 port switch with all my internal clients connected through that. In terms of added security if you have an old PC kicking aroung to run run Smoothwall off (yes I know it's linux, but you wouldn't know...) then that will increase your security massively.

Other than that SBS will happily run Exchange, the IIS webserver and FTP servers. Ports as described by aspiesforfreedom. If you want a slightly more secure webserver I'd disable IIS and install Apache (there are Windows binaries). Other than that make sure you only have the services you need running.
N/A

Q: I need to do everything - how do I do it?

Just thought i'd give you a warning against putting a windows box in the DMZ - a lot of vunerable services are enabled by default. And of course it's more expensive Smiley
N/A

Q: I need to do everything - how do I do it?

Well if you have lots of free MS stuff have a look at isa2004 firewall, use it at the min and its very secure indeed, works very well with all MS products and easy to set up.
N/A

Q: I need to do everything - how do I do it?

Will do - incidentally, if people are wondering how I got all this Microsoft *free stuff* - it wasnt exactly free - I subscribed to the Microsoft Action Pack which gives me most MS products for around £100 a year.

TTFN

-L