Saturday, January 29, 2011

Static IP question

If I want to set a static IP for my AD DS, do I need an ISP which provides this facility? Also, if my VMS also need a static IP, would this have to be another IP or can it be the same? (I know this sounds a bit noobish).

Thanks

  • If you are talking about an incoming IP address, then yes the ISP must provide it to you. You could technically create your own but only your internal DNS would point to it, and no one outside your network could get to it.

    You could use the same IP if you have a router in place that does NAT, or use a version of port filtering (e.g. anything incoming from outside on port x redirects to your VMS on port y).

    From Theo
  • First, are we talking about DSL/cable style ISPs for home or small business networks?

    In this case, you would likely just give your AD server a static private IP address inside your LAN (like 192.168.10.100) and create a corresponding local DNS zone. If you want a public static address (accessible from the outside), you would indeed need an ISP offering this service. I generally consider this to be a very bad idea, as there is normally no reason for an AD server to be accessible worldwide. Also, you would likely need to make your AD server the router/gateway of your network, which is an ever worse idea IMHO.

    What is VMS in this context? I doubt you mean VAX/VMS :) Should you mean virtual machines, then just give them additional private (but static) addresses and set the VM network mode to bridged. Use portforwarding on your router to make them accessible from the outside.

    blade : Well my internet package is known as DSL - http://www.plus.net/ , I have the basic package (does need an upgrade I am sure). Everything you said makes snese, but how would I arrive to an IP value (like you got 192.168.10.100)? VMS means Virtual Machines, indeed.
    From SvenW
  • Short answer: No. Just set a static internal IP like 192.168.0.10. When you DCPROMO your first domain controller it complains if you're using DHCP to set the server address, and I'm guessing this is what prompted your post.

    Long answer: Active Directory is an internal service that you should be running on an Internal (non-routed) IP address range (like 192.168.x.x which would not be a valid address on the Internet). If you wish to expose a part of your internal LAN to the external Internet or other networks, you need to look at using Network Address Translation (NAT) on your router. Then you'd use that to 'map' your Internet IP back to your internal IPs as needed.

    As for external static IPs... you probably DO want one of these, but not for anything to do with AD. If your running a business and will be hosting any kind of externally-accessible service on your network, and serving to the Internet, then yes, you need an ISP that will provide you with a static IP. Many business-grade connections include this. You also need sufficiently powerful networking equipment that will allow you to isolate a De-Militarized network zone (DMZ).

0 comments:

Post a Comment