Is that possible to virtualize MS Exchange Server 2007 without stopping it's services? In particular I'm interested in using VMware vCenter Converter Standalone Client for that purpose.
There is about 60 UTP cables coming from some different offices into a server room. Every cable could be lead to a single computer or the unmanaged network switch. I need to give them all an Internet-access, but the one thing I don't need is some of them must not be in the same subnet, like the others.
The second thing, is the number of the subnets could be changed time after time and I need to be able to move the relevant ports on the switch into a new subnet quickly.
So I need some managed network switches, to be able to manage all of the cables in such a way, to be able to put them all in one subnet, or split all of them by 60 different subnets. I choose the FreeBSD server as a router.
For example, we've got five subnets:
- 192.168.0.0/24 takes 30 ports, gets 192.168.0.1 VLAN interface as the gateway
- 192.168.1.0/24 takes 10 ports, gets 192.168.1.1 VLAN interface as the gateway
- 192.168.2.0/24 takes 5 ports, gets 192.168.2.1 VLAN interface as the gateway
- 192.168.3.0/24 takes another 5 ports, gets 192.168.3.1 VLAN interface as the gateway
- 192.168.4.0/24 takes 10 ports, gets 192.168.4.1 VLAN interface as the gateway
Can I do this with only two stacked L2 switches (48+24 pots, and if I can, how can I do this) or I have to use at least one L3 switch? Which hardware is better to use in that case (has to be not too expensive)?
In one of the offices, we have a 50-computers network, which had only one server machine:
- Windows 2003 Server
- Microsoft ISA Server
- Microsoft Exchange 2003
This server worked as a gateway (proxy server), mail server, file server, firewall and domain controller. It had two network interfaces, one for WAN (let's say 222.222.222.222) and one for LAN (192.168.1.1). I set up a Linux box to be the gateway (without a proxy), so the Linux box now has the following interfaces: 222.222.222.222 (our external IP, we removed it from the Windows machine) and 192.168.1.100 (internal IP), but we need to keep the old Windows server as a mail server and a proxy for some of our users, until we prepare another Linux machine for that, so I need the mail server on that machine to be available from the Internet. I set up iptables rules to redirect all the incoming connections on the 25th and 110th ports of our external IP to 192.168.1.1:25 and 192.168.1.1:110 and when I try to telnet our SMTP service
telnet 222.222.222.222 25
I get the greetings from our windows server's (192.168.1.1) SMTP service, and that's works fine. But when I telnet POP3 service
telnet 222.222.222.222 110
I only get the blank black screen and the connection seem to disappear if I press any button. I've checked the ISA rules - everything seems to be the same for 110th and 25th ports. When I telnet on 110th ports of our Windows server from our new gateway machine like this:
telnet 192.168.1.1 110
I get the acces to it's POP3 service:
+OK Microsoft Exchange Server 2003 POP3 server version 6.5.7638.1
(...) ready.
What sould I do, to make the POP3 service available through our new gateway?
UPD: my iptables config looks like this:
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-N bad_packets
-N bad_tcp_packets
-N icmp_packets
-N tcp_inbound
-N tcp_outbound
-N udp_inbound
-N udp_outbound
-A INPUT -i lo -j ACCEPT
-A INPUT -j bad_packets
-A INPUT -d 224.0.0.1/32 -j DROP
-A INPUT -s 192.168.1.0/24 -i eth0 -j ACCEPT
-A INPUT -d 192.168.1.255/32 -i eth0 -j ACCEPT
-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -p tcp -j tcp_inbound
-A INPUT -i eth1 -p udp -j udp_inbound
-A INPUT -i eth1 -p icmp -j icmp_packets
-A INPUT -m pkttype --pkt-type broadcast -j DROP
-A INPUT -j LOG --log-prefix "fp=INPUT:99 a=DROP "
-A FORWARD -j bad_packets
-A FORWARD -i eth0 -p tcp -j tcp_outbound
-A FORWARD -i eth0 -p udp -j udp_outbound
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j LOG --log-prefix "fp=FORWARD:99 a=DROP "
-A FORWARD -d 192.168.1.1/32 -i eth1 -p udp -m udp --dport 110 -j ACCEPT
-A FORWARD -d 192.168.1.1/32 -i eth1 -p udp -m udp --dport 25 -j ACCEPT
-A OUTPUT -p icmp -m state --state INVALID -j DROP
-A OUTPUT -s 127.0.0.1/32 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -s 192.168.1.100/32 -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -o eth1 -j ACCEPT
-A OUTPUT -j LOG --log-prefix "fp=OUTPUT:99 a=DROP "
-A bad_packets -s 192.168.1.0/24 -i eth1 -j LOG --log-prefix "fp=bad_packets:2 a=DROP "
-A bad_packets -s 192.168.1.0/24 -i eth1 -j DROP
-A bad_packets -m state --state INVALID -j LOG --log-prefix "fp=bad_packets:1 a=DROP "
-A bad_packets -m state --state INVALID -j DROP
-A bad_packets -p tcp -j bad_tcp_packets
-A bad_packets -j RETURN
-A bad_tcp_packets -i eth0 -p tcp -j RETURN
-A bad_tcp_packets -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j LOG --log-prefix "fp=bad_tcp_packets:1 a=DROP "
-A bad_tcp_packets -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j LOG --log-prefix "fp=bad_tcp_packets:2 a=DROP "
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j LOG --log-prefix "fp=bad_tcp_packets:3 a=DROP "
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j LOG --log-prefix "fp=bad_tcp_packets:4 a=DROP "
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j LOG --log-prefix "fp=bad_tcp_packets:5 a=DROP "
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "fp=bad_tcp_packets:6 a=DROP "
-A bad_tcp_packets -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j LOG --log-prefix "fp=bad_tcp_packets:7 a=DROP "
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A bad_tcp_packets -p tcp -j RETURN
-A icmp_packets -p icmp -f -j LOG --log-prefix "fp=icmp_packets:1 a=DROP "
-A icmp_packets -p icmp -f -j DROP
-A icmp_packets -p icmp -m icmp --icmp-type 8 -j DROP
-A icmp_packets -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A icmp_packets -p icmp -j RETURN
-A tcp_inbound -p tcp -m tcp --dport 113 -j REJECT --reject-with icmp-port-unreachable
-A tcp_inbound -p tcp -m tcp --dport 80 -j ACCEPT
-A tcp_inbound -p tcp -m tcp --dport 21 -j ACCEPT
-A tcp_inbound -p tcp -m tcp --sport 20 -j ACCEPT
-A tcp_inbound -p tcp -m tcp --dport 22 -j ACCEPT
-A tcp_inbound -p tcp -m tcp --dport 25 -j ACCEPT
-A tcp_inbound -p tcp -m tcp --dport 110 -j ACCEPT
-A tcp_inbound -p tcp -j RETURN
-A tcp_outbound -p tcp -j ACCEPT
-A udp_inbound -p udp -m udp --dport 137 -j DROP
-A udp_inbound -p udp -m udp --dport 138 -j DROP
-A udp_inbound -p udp -m udp --dport 113 -j REJECT --reject-with icmp-port-unreachable
-A udp_inbound -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A udp_inbound -p udp -j RETURN
-A udp_outbound -p udp -j ACCEPT
A lot of network devices has a terminal RJ-45 socket, which is usually a simple COM-port. So, to configure such a device, you have to connect RJ-45 socket to PC's (or terminal's) DB-9 COM-port. Documentation usually says: "use the terminal cable, provided with the device", and then the awful discovery shows up: "Hmm... uh... terminal cable? That tiny little thing, which I threw out just after buying the device five years ago?"
The only way to patch situation up quickly - to use handmade cable, which you could do in couple of minutes, knowing the propper pinout.
So that is the case, which terminal cable pinouts for such things as CISCO or D-link devices do you know?