Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Use cPanel on DMZ
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Use cPanel on DMZ - 27.Apr.2007 2:40:53 PM
|
|
|
SyberWizard
Posts: 18
Joined: 24.Mar.2006
Status: offline
|
Just when I finally start getting a little comfortable with ISA 2006, I run into a hicup with attempting to use cPanel on a Linux-based LAMP server on the DMZ. I am using NAT from the DMZ to External, but it seems that pretty much everything breaks on the server when placed on the DMZ. cPanel (the company) does not officially support NAT, so that leaves me to either (a) figure it out on my own, along with all my other work, (b) learn how to use actual public addresses on the DMZ and use ROUTE instead of NAT, or (c) leave the LAMP server on the outside of the ISA 2006 server and hope the firewall I will be loading on it will sufice. At the moment, I will be doing (c), as I have to get these sites back up ASAP. I seriously considered using the public IP addresses on the DMZ, but am quite lost on how to set both External & DMZ NIC public IP addressses and then configure routing tables under this senario. To further confuse, I have two continuous IP blocks, so my normal subnet mask is 255.255.254.0. Any suggestions? 
|
|
|
|
|
RE: Use cPanel on DMZ - 28.Apr.2007 12:30:35 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
You would need to subnet your block, assign the external interface an IP address on one of the blocks and the DMZ interface an IP address on the other block. Then configure the upsteam router with the route information so it knows to send connections to the DMZ to the IP address on the external interface of the ISA Firewall.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Use cPanel on DMZ - 28.Apr.2007 4:54:12 PM
|
|
|
SyberWizard
Posts: 18
Joined: 24.Mar.2006
Status: offline
|
Hi Tom,
That is where my head starts hurting. The upstream router is not mine, but should be set at IP xx.xx.98.1 with a subnet of 255.255.254.0, which sets xx.xx.99.255 as the broadcast IP, giving me a range of 98.1 to 99.254. I can likely get them to program it however I need it to be, but I don't know the answer.
I know I can use a subnet of 255.255.255.252 and have a subnet of xx.xx.98.1 and .2, with broadcast at 98.4. I'm good to that point. What I do not understand is how I subnet xx.xx.98.5 (Subnet-ID) to xx.xx.99.255 (broadcast). In short, I understand how to create "even" subnets with something like 255.255.255.128 giving me two subnets from a Class C block. What I don't understand is how to use 255.255.255.252 for a really small subnet and then 255.255.?.? for the remainder and allow them to co-exist and play nice together. Doing "even" subnets would be a tremendous waste of addresses. Or am I overthinking this?
|
|
|
|
|
RE: Use cPanel on DMZ - 29.Apr.2007 10:03:55 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Subnetting does waste addresses, which is why I always prefer to add my addresses to the external interface of the ISA Firewall and NAT to hosts on ISA Firewall protected Networks.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
