With my company upgarding from ADSL to T1 line its going to present some other issues. Currently we have 2 web servers with a third ready to be added. Right now we have one public IP that goes through an ADSL modem and uses NAT to translate to the internal IP. To get the other webserver on line they have used NAT to also translate to that IP and assigned it a different port number. This wasn't a very good solution as anytime you wanted to go to that server you had to type the URL followed by the port number. With our new t1 line we will have a block of 5 usable IPs. I would like to assign each of the three web servers thier own IP so that now we won't have to specify the port number in the URL. I'm just a little unclear on exactly how to do this. When the change is made I will have to call the provider hosting our DNS services and have them update the A record for our main webserver www.mydomain.com. For our other two servers I was going to have them add A records computer_name.mydomain.com for both of them. Then will the public IPs automatically resolve to the internal IPs or am I going to have to NAT them in the router? I just can't see how thats going to work.

Can I ask if there is any reason you can't just run each website on the same server? Then you would require only the one port-forwarding rule.

Can I ask if there is any reason you can't just run each website on the same server? Then you would require only the one port-forwarding rule.

Its kind of a complicated setup and I still don't fully understand the complete infrastructure as I've just taken over this job a month ago. One webserver is running our corporate website and the other two webservers are running servers that access backend services through SQL. They serve up ASP pages that are supposed to be pretty intensive. The Cognos server so I'm told is very processor and network intensive. MY first thought and suggestion was to look at clustering the three webservers but I'm not teh boss and this is the way he wants to do it. He's been here 4 years so I have to trust that he has more insight to this. I have a sneaky feeling that as this company is expereincing a sudden growth expansion that the network infrastructure might possibly be growing as an after thought with some snap possibly bad decisions being made to address current solutions with no thought to future consequences.

With IIS you can specify IP, Port and name for a site. If the three servers are each assigned a differnt IP and each resolve to a different site then its pretty simple. Three IP's pointing to three separate sites. The way I understand how your site works now, is that, the cname points to an IP and then the sites are broken up by ports. All three box's take a look at the incoming traffic and whoever is assigned the port handles the request, application load balancing. Nasty way of doing it, if the people have to type in the port. I wonder why there are not scripts to handle the calls to the db. Why is it necessary to enter the port number at all.
Is the reason why you do not host your own DNS? If you did you would have much more control.

Well the way I see it this is very simple except it sounds like your other web servers are listening on different ports and will need changed, If you had a real router you could have done port redirection with your forwarding so all your servers could have been listening on the standard port 80 or 443 and the router would translate requests from another port to 80 or 443 so you could have left the servers alone oh well (now you need to change them back). but anyway to answer your question you will have 5 new IP addresses create a "A" record for each with different IP addresses and on your router you will have an IP address on the outside interface and then NAT statements for forwarding the others (basicly like having multiple IP addresses on the outside interface) so you will need to firewall these by only allowing port 80 or 443 or Port forward these ports from each of their new IP addresses then change the servers to listen on 80 or 443 so you dont need to type the port # anymore.

Then will the public IPs automatically resolve to the internal IPs or am I going to have to NAT them in the router?

the "A" record only translates the name to an IP (which will be a public address) and your router will translate the public IP to the private IP, you should have private addresses on your web servers so you will need to NAT.

If you have the hardware and the IP addresses I would not put all my web servers on the same box in virtual web servers especialy if they are running intensive apps or lots of hits on the boxes. It also lessens a single point of failure.