fl4ian
asked on
2 NICs SBS 2003, which NIC should the router use for port forwarding?
in a two NIC sbs 2003 setup, should the port forwarding from the router go to the externally facing sbs nic, or the internally facing sbs nic?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i've just seen that you replied to one of the others as well.
maybe i'm not doing this correctly. i was under the impression that you should have both a router and TWO nics, not a router and one nic, or no router and 2 nics.
what i have is a router and 2 nics. how am i supposed to configure this?
maybe i'm not doing this correctly. i was under the impression that you should have both a router and TWO nics, not a router and one nic, or no router and 2 nics.
what i have is a router and 2 nics. how am i supposed to configure this?
ASKER
https://www.experts-exchange.com/questions/22397186/SBS-2003-2-NICs-unable-to-telnet-into-SMTP-from-outside-network.html
has the details of how my network is setup.
has the details of how my network is setup.
Chk the other post for your answer.
For reference only here is the solution is proposed.
HI,
Your setup should be changed, you should either take the router out or disable the second nic of the SBS server. You are adding a second router which will make it very difficult to port forward without have to 1-1 nat devices. There is no need to have dual router configuration. In your case i would change the Router LAN ip to 192.168.16.254. Run the internet wizard again and tell it that you are using a local router. After that disable the external NIC.
SO config should look like the following.
internet
cable modem (external static ip address)
router (192.168.16.254)
switch
sbs lan nic (192.168.16.1) & other networked PCs and printers
SBS Lan and clients should be pointing to 192.168.16.254 for router and 192.168.16.1 for DNS
Port forwarding should be setup on the router pointing to 192.168.16.1
Hope this helps
HI,
Your setup should be changed, you should either take the router out or disable the second nic of the SBS server. You are adding a second router which will make it very difficult to port forward without have to 1-1 nat devices. There is no need to have dual router configuration. In your case i would change the Router LAN ip to 192.168.16.254. Run the internet wizard again and tell it that you are using a local router. After that disable the external NIC.
SO config should look like the following.
internet
cable modem (external static ip address)
router (192.168.16.254)
switch
sbs lan nic (192.168.16.1) & other networked PCs and printers
SBS Lan and clients should be pointing to 192.168.16.254 for router and 192.168.16.1 for DNS
Port forwarding should be setup on the router pointing to 192.168.16.1
Hope this helps
i was under the impression that you should have both a router and TWO nics, not a router and one nic, or no router and 2 nics.
it is not recommended to have a router and TWO nics configuration.
When you do the wizard, don't choose server is connected directy to internet with broadband connection. The correct setting would be local router connected to ISP.
it is not recommended to have a router and TWO nics configuration.
When you do the wizard, don't choose server is connected directy to internet with broadband connection. The correct setting would be local router connected to ISP.
It is SBS so if it's set up normally it is using ISA firewall/proxy for the internal clients. There's no port forwarding required for the internal LAN, any port forwarding on the router is just to the server itself.
You therefore setup port forwarding on the router to point to the outside interface of the server (the one which the PC clients are not connected to)
There's no need for a switch between the server and the router, just use a crossover cable.
>so, should the router (192.168.0.1) port forward to the external nic of sbs (192.168.0.2), or to the internal, lan facing nic of the sbs (192.168.16.1)?
It should port forward to 192.168.0.2, it doesn't know where 192.168.16.1 is, nor should it know anything about the internal LAN.
It's a standard setup for Small Business Server. LAN with clients and one NIC of server, other NIC connects server to router/modem.
You therefore setup port forwarding on the router to point to the outside interface of the server (the one which the PC clients are not connected to)
There's no need for a switch between the server and the router, just use a crossover cable.
>so, should the router (192.168.0.1) port forward to the external nic of sbs (192.168.0.2), or to the internal, lan facing nic of the sbs (192.168.16.1)?
It should port forward to 192.168.0.2, it doesn't know where 192.168.16.1 is, nor should it know anything about the internal LAN.
It's a standard setup for Small Business Server. LAN with clients and one NIC of server, other NIC connects server to router/modem.
"it is not recommended to have a router and TWO nics configuration"
That is totally a false statement. Please see http://sbsurl.com/twonics
fl4ian, you've asked this identical question now in FIVE separate questions. Please do not cross-post like this in the future. I am going to try and see if we can narrow these down, because the issue is really all the same.
Jeff
TechSoEasy
That is totally a false statement. Please see http://sbsurl.com/twonics
fl4ian, you've asked this identical question now in FIVE separate questions. Please do not cross-post like this in the future. I am going to try and see if we can narrow these down, because the issue is really all the same.
Jeff
TechSoEasy
TechSoEasy, it's actually only two questions; it appears five times due to the cross-posting "feature" of the new site. Ask a test question and see for yourself, you can make on Q appear in 3 TAs.
Yes, I realize I was exagerating a bit.
ASKER
yes, you can have it "cross-posted" for absolutely free by experts-exchange itself.
also, as for having more than one question at the same time about a related topic:
i was not 100% sure that the problems were the same, and as such, wanted to cover my bases.
also, as for having more than one question at the same time about a related topic:
i was not 100% sure that the problems were the same, and as such, wanted to cover my bases.
Completely wrong answer, you don't setup port-forwarding from the external interface of the SBS server to clients on the inside. Why would you allow any access at all from the internet to internal PCs?
EE is getting beyond a joke.
EE is getting beyond a joke.
ASKER
the internal interface was the server. how else is 25 or 3389 or whatever else going to find the server?
>Port fowarding should be setup on the external interface of the SBS server.
Wrong,
Port fowarding should be setup *TO* the external interface of the SBS server.
>Client comes in from the internet to the external interface. Then external interface port forwards to your security lan (internal interface).
Wrong.
Internal interface is where your clients are. port forwarding is setup to the external interface of the SBS server.
You're either doing it wrong or you're pretending the accepted answer means something it doesn't mean.
Wrong,
Port fowarding should be setup *TO* the external interface of the SBS server.
>Client comes in from the internet to the external interface. Then external interface port forwards to your security lan (internal interface).
Wrong.
Internal interface is where your clients are. port forwarding is setup to the external interface of the SBS server.
You're either doing it wrong or you're pretending the accepted answer means something it doesn't mean.
ASKER
i would suppose that i'm in the latter half. while, i can understand what you are saying, i also read the statement rather conversationally, and took "on" to be "to" or whatever. but thanks for being my online poser conscience. i will not be replying should you choose to puff out your chest any further.
That's why I posted a link to a concrete example of how to set this up. Here it is again: http://sbsurl.com/twonics
Jeff
TechSoEasy
Jeff
TechSoEasy
ASKER
please choose for me. thank you.
#1
When i said
Port fowarding should be setup on the external interface of the SBS server.
I meant in a dual nic configuration, where external interface is public and internal interface is private. If you wish to access an internal server like a webserver that is on the same subnet as the internal interface then you would need to setup port forwarding to on the external interface or SBS Server.
#2
When the user says
in a two NIC sbs 2003 setup, should the port forwarding from the router go to the externally facing sbs nic, or the internally facing sbs nic?
A router is a device that routes traffic, so in a dual nic configuration the router in this case would be the SBS server.
#3 after the above statements I then realized that the user was using a dual nic configuration and a router. WHich i then provided the solution.
Your setup should be changed, you should either take the router out or disable the second nic of the SBS server. You are adding a second router which will make it very difficult to port forward without have to 1-1 nat devices. There is no need to have dual router configuration. In your case i would change the Router LAN ip to 192.168.16.254. Run the internet wizard again and tell it that you are using a local router. After that disable the external NIC.
SO config should look like the following.
internet
cable modem (external static ip address)
router (192.168.16.254)
switch
sbs lan nic (192.168.16.1) & other networked PCs and printers
SBS Lan and clients should be pointing to 192.168.16.254 for router and 192.168.16.1 for DNS
Port forwarding should be setup on the router pointing to 192.168.16.1
#4
Someone was recommending a dual nic configuration with router in place as a SBS setup. That is fine, but in my opinion it is silly to add second router in the mix,
It doesn't save any bandwidth. If your trying to save resources from port scanning attempts, then you need to either upgrade something or move away from SBS. If your trying to protect the network from being hacked into, then get a router with a built in firewall and skip the dual nic configuration.
I would strongly discurage that someone using SBS in a dual nic configuration, add a router to the mix. Somone mentioned that SBS is meant to be installed like that, that is a false statement. It is true that Microsoft recommends a dual nic configuration with ISA. Because SBS is driven for small businesses to save cost, why would anyone want to complicate the setup and add another router. I think its silly but others disagree. If was a popular topic, you would be able to find documentation that other people created easily. I have not seen any Microsoft documentation mentioning dual nic SBS with another router in place.
If its an enterprise solution and it need to be protected and adding mutiple firewalls is the correct thing to do, thats another story. But this is SBS, and is intended for Small Businesses with no more than 75 users.
Maybe the user clicked on the wrong answer i provided as an answer and meant to click accept on the above one.
When i said
Port fowarding should be setup on the external interface of the SBS server.
I meant in a dual nic configuration, where external interface is public and internal interface is private. If you wish to access an internal server like a webserver that is on the same subnet as the internal interface then you would need to setup port forwarding to on the external interface or SBS Server.
#2
When the user says
in a two NIC sbs 2003 setup, should the port forwarding from the router go to the externally facing sbs nic, or the internally facing sbs nic?
A router is a device that routes traffic, so in a dual nic configuration the router in this case would be the SBS server.
#3 after the above statements I then realized that the user was using a dual nic configuration and a router. WHich i then provided the solution.
Your setup should be changed, you should either take the router out or disable the second nic of the SBS server. You are adding a second router which will make it very difficult to port forward without have to 1-1 nat devices. There is no need to have dual router configuration. In your case i would change the Router LAN ip to 192.168.16.254. Run the internet wizard again and tell it that you are using a local router. After that disable the external NIC.
SO config should look like the following.
internet
cable modem (external static ip address)
router (192.168.16.254)
switch
sbs lan nic (192.168.16.1) & other networked PCs and printers
SBS Lan and clients should be pointing to 192.168.16.254 for router and 192.168.16.1 for DNS
Port forwarding should be setup on the router pointing to 192.168.16.1
#4
Someone was recommending a dual nic configuration with router in place as a SBS setup. That is fine, but in my opinion it is silly to add second router in the mix,
It doesn't save any bandwidth. If your trying to save resources from port scanning attempts, then you need to either upgrade something or move away from SBS. If your trying to protect the network from being hacked into, then get a router with a built in firewall and skip the dual nic configuration.
I would strongly discurage that someone using SBS in a dual nic configuration, add a router to the mix. Somone mentioned that SBS is meant to be installed like that, that is a false statement. It is true that Microsoft recommends a dual nic configuration with ISA. Because SBS is driven for small businesses to save cost, why would anyone want to complicate the setup and add another router. I think its silly but others disagree. If was a popular topic, you would be able to find documentation that other people created easily. I have not seen any Microsoft documentation mentioning dual nic SBS with another router in place.
If its an enterprise solution and it need to be protected and adding mutiple firewalls is the correct thing to do, thats another story. But this is SBS, and is intended for Small Businesses with no more than 75 users.
Maybe the user clicked on the wrong answer i provided as an answer and meant to click accept on the above one.
fl4ian,
If you feel like the answer i provided below resovled your issue, please let the admins know and they will configure the question with the correct answer.
Your setup should be changed, you should either take the router out or disable the second nic of the SBS server. You are adding a second router which will make it very difficult to port forward without have to 1-1 nat devices. There is no need to have dual router configuration. In your case i would change the Router LAN ip to 192.168.16.254. Run the internet wizard again and tell it that you are using a local router. After that disable the external NIC.
SO config should look like the following.
internet
cable modem (external static ip address)
router (192.168.16.254)
switch
sbs lan nic (192.168.16.1) & other networked PCs and printers
SBS Lan and clients should be pointing to 192.168.16.254 for router and 192.168.16.1 for DNS
Port forwarding should be setup on the router pointing to 192.168.16.1
I apologize for any inconvenience this has caused. By the way is everything working ok now?
If you feel like the answer i provided below resovled your issue, please let the admins know and they will configure the question with the correct answer.
Your setup should be changed, you should either take the router out or disable the second nic of the SBS server. You are adding a second router which will make it very difficult to port forward without have to 1-1 nat devices. There is no need to have dual router configuration. In your case i would change the Router LAN ip to 192.168.16.254. Run the internet wizard again and tell it that you are using a local router. After that disable the external NIC.
SO config should look like the following.
internet
cable modem (external static ip address)
router (192.168.16.254)
switch
sbs lan nic (192.168.16.1) & other networked PCs and printers
SBS Lan and clients should be pointing to 192.168.16.254 for router and 192.168.16.1 for DNS
Port forwarding should be setup on the router pointing to 192.168.16.1
I apologize for any inconvenience this has caused. By the way is everything working ok now?
#1, It's SBS, why would you forward traffic to an internal web server when SBS provides IIS?
#2, SBS is not a router, in the case if the networking component ISA server it is a firewall.
#3.1, If they take the broadband router out where will they plug the cable modem into? It's probably USB or RS232. If it was Ethernet then it would be a cable modem/router combo.
#3.2 if you've got two NICs why not use them, clients are better protected behind a router that does NAT and basic packet filtering and ISA server than they are behind just the router.
#4, see #2; there aren't two routers. The hardware setup is fine, they just have the router forwarding to the wrong NIC on the SBS server.
Mods, I wouldn't bother about unaccepting if your admin tools don't work at the moment, it's not worth making a fuss about.
#2, SBS is not a router, in the case if the networking component ISA server it is a firewall.
#3.1, If they take the broadband router out where will they plug the cable modem into? It's probably USB or RS232. If it was Ethernet then it would be a cable modem/router combo.
#3.2 if you've got two NICs why not use them, clients are better protected behind a router that does NAT and basic packet filtering and ISA server than they are behind just the router.
#4, see #2; there aren't two routers. The hardware setup is fine, they just have the router forwarding to the wrong NIC on the SBS server.
Mods, I wouldn't bother about unaccepting if your admin tools don't work at the moment, it's not worth making a fuss about.
You mean it doesn't come with ISA server any more so you can disable routing and use proxy instead? I didn't realise that, what a rip off.
ISA Server is included with the Premium Edition of SBS.
Jeff
TechSoEasy
Jeff
TechSoEasy
And SBS is HARDLY a rip off... it's just about the best value around for what you get.
Whatever. It's hardly .../hardware/servers though, isn't it a software product?
The new EE site allows posting in multiple zones. Whatever zone is selected first is what will show up at the top of the question. This question was in other zones as well... as is appropriate.
I think that the question does have to do with hardware as well considering that we're discussing the number of NICs as well as the need for an additional hardware router.
Jeff
TechSoEasy
I think that the question does have to do with hardware as well considering that we're discussing the number of NICs as well as the need for an additional hardware router.
Jeff
TechSoEasy
Sorry this has become such a problem. I just want to make is clear that i am not disputing the fact the I don't recommend a dual nic configuration. I do recommend it given the correct circumtances (such as ISA). The portion which i don't recommend is using a dual nic configuration with SBS AND including a router in the mix.
TechSoEasy,
I respect your opinion, you have donated a lot of time to a lot of people on this site. I should have said "I do not recommend a two nic configuration", instead of "It is not recommended to use a two nic config with a router". I have ran into a lot of posts regarding this topic and its recommendations, including one with your name on another forum. I think this is a subjective question that will go on and on. Lesson learned on my end on which words I choose to use.
Andy, I have no comment about your post. I think TechSoEasy answered it enough.
TechSoEasy,
I respect your opinion, you have donated a lot of time to a lot of people on this site. I should have said "I do not recommend a two nic configuration", instead of "It is not recommended to use a two nic config with a router". I have ran into a lot of posts regarding this topic and its recommendations, including one with your name on another forum. I think this is a subjective question that will go on and on. Lesson learned on my end on which words I choose to use.
Andy, I have no comment about your post. I think TechSoEasy answered it enough.
ASKER
plimpias - everything in regards to this question (and the installation in general) is working just fine. I am using the router, and one NIC. They will not be using ISA. thanks again for the guidance.
techsoeasy - i'm glad you have adopted a more middle-line stance.
techsoeasy - i'm glad you have adopted a more middle-line stance.
ASKER
so, should the router (192.168.0.1) port forward to the external nic of sbs (192.168.0.2), or to the internal, lan facing nic of the sbs (192.168.16.1)?
also, please see my other 2 questions that's i've posted today. they're all releated.