Application with DB Server not having direct access

[Chuck]

Here is my setup.

Netgear Router with a webserver and database server NAT'd behind the
firewall.

Microsoft Windows 2000, IIS 5 - Web Server
Microsoft Windows 2000, MySQL - Database Server

What I would like to have is a web application served up off my WS
(web server) and that application access my DS (db server) without
giving direct access to the user, so in this case, the DS is not
accessible by the users on the internet, to keep it secure.

I would like to build this with ASP is there a way to do this with
MySQL and ASP?

Thanks
Chuck

 

[Ray at]

If your webserver and database server are on the same side of the firewall,
there's no issue. Just don't forward anything from the firewall to your db
server. There isn't any reason to, since the webserver is on the same side
as the db server.

Ray at work

 

[Chuck]

Sorry I should have noted that, I will be moving the WS outside of the
firewall, and have access through it. I basically want the code to
grab information on the backend and display it to the user.

 

[Ray at]

Sorry I should have noted that, I will be moving the WS outside of the
firewall, and have access through it.

Do you have to move it outside? Can you not just open up port 80/443 on the
firewall and forward that traffic to the IIS server?

I basically want the code to
grab information on the backend and display it to the user.

I'm not sure what kind of options may exist in your Netgear router. I know
on my home router, a DLink, I can choose to open a port and forward traffic
to an internal IP, but that's the extent of the options. I can't do
anything like IPSec to only allow requests from specific IPs or subnets. I
believe that if your MySQL server is behind a firewall, all requests will
come from the Internet IP of the firewall, not the IP of the webserver.
But, if that were NOT the case, you could use IPSec to only allow traffic
from your IIS server's IP. One way you could test this is to install IIS on
your MySQL Server, make a page with "response.write
request.servervariables("remote_addr")" and load that page from your IIS
server. If you see the IIS server's IP as opposed to the firewall, you can
use IPSec (post back for info). If not, your web server will be the same as
any other machine on the Internet, and you will not be able to control
access. I'm 99% sure that the IP that you'll see will be that of the
firewall. So, if that's the case, I suggest rethinking the reasoning for
putting the IIS server outside of the firewall.

Ray at work