Solved

Setting up a router/firewall + server + static IP & network

Posted on 2004-09-07
5
333 Views
Last Modified: 2013-12-14
Hi,

I've had the rather daunting task to setting up a new office network using Windows Small Business Server 2003 today and I could use some advice as it's the first I've setup and I havent used SBS 2003 before.

I was asked to provide a network address/subnet which I have set as 10.0.0.10 for the server with a subnet of 255.0.0.0.
After doing this I realised my router which is attached to a second NIC is on 192.168.0.1 with a subnet of 255.255.255.0.

To complicate things our ISP will activate our broadband over the next few days with a static IP of 80.229.45.70 which I will need somehow assign to the server so that VPN, remote access and email are possible.

How to I get the static IP to point to the server, there is an option for the static IP on the router but I don't see how this woud help (or would it?)  Does NAT on the router need to be disabled and enabled on the server instead?  What about DCHP it's currently enabled on both the router and the server I believe which seems to be working as they are using different address ranges (router issues the server with an IP and the server issues the network computers with an IP) is that right?

If anyone could suggest a sensible config or offer some advice then I would really appreciate it.
0
Comment
Question by:meagord
  • 3
  • 2
5 Comments
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12010183
If you have never done this before, you are in for some late nights.  Have you ever setup a Domain before?  If so, using SBS2K3 is similar, but the nice thing you will find is that the wizards do most of the work for you.  

I would reconfigure the IP address in the 192 range, since you will obviously be installing at the most 75 clients (as this is the limit of SBS2K3 Cals)..  Once you have the server setup, you will need to forward the requisite ports on the router for your VPN, remote access (port 3389), and email are possible.  Use NAT on the router, but I would disable DHCP and use the Server for this (although it does not really matter).  It is just that the server's DHCP is more configurable.

Incorrect:  (router issues the server with an IP and the server issues the network computers with an IP) is that right? NO.. The server should NEVER be getting it's IP address from DHCP, as it should always be set statically.  

All in all, it sounds like you need to do some heavy reading regarding setting up a server and network.  You may even need to bring in help from outside (a consultant maybe?)..  Too bad I am not in the neighborhood, as I would certainly be available to help...  :)

FE

0
 

Author Comment

by:meagord
ID: 12010560
The wierd thing is I had everything working, network, shared printer, shared dialup access (waiting for broadband to be swtiched on) but then we decided to reboot the server and the whole lot stopped.

When I used the remote & routing panel to manually connect the dial up the window appeared saying connecting 1...2..3..4.. etc but never did (modem appeared to dial, connect then go silent.)  I then noticed that the client computers were unable to access any server resources or even ping the server (on the local network NIC 10.0.0.10)  

I'm thinking this is because the internet facing NIC on the server was being configured by DHCP on the router (didn't think it would matter as the other local network NIC was static (10.0.0.10)

This is the config I plan to use

On the Internet facing NIC I setup
IP: 192.168.0.10 (static network)
Subnet: 255.255.255.0
Gateway: 192.168.0.1 (router ip address)
DNS: 192.168.0.1 (router ip address)

...and on the Network NIC:
IP: 10.0.0.10
Subnet: 255.0.0.0

DHCP enabled on server, disabled on adsl router.

I wish I had left the local network on 192.163.0.x instead of changing it to 10.0.0.x (I thought it needed to be different to the network used by the router) but I'm assuming this won't matter (I'm not sure how exactly how I would change it or what places the setup wizard has used it.)

Is there a good reason to change the IP range?
0
 
LVL 40

Accepted Solution

by:
Fatal_Exception earned 500 total points
ID: 12010735
One thing you will need to change here...  especially if you are setting up a Domain..  You need to run DNS on your server, not on your router...  This is very important for proper AD integration...

And, I assume by your config above that this is a multihomed server..  Are you planning on using RRAS?  If so, your IP address scheme will work well, actually subnetting the internal lan from the external..
0
 

Author Comment

by:meagord
ID: 12010841
The idea was to have an outer network to connect to the internet  and any unsecure wireless devices (via VPN) and an internel network joined together by the server.

I'm assuming that I don't really need to do anything difficult to join the two networks as long as I configure both network cards with the correct IP addresses etc.

Point taken on the DNS, I will set it up to use the server.

Thank you for your help with this.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12010938
No problem..  you are on your way now..  just make use of those wizards and you should be just fine...  

Best of luck, and if you have further questions, come back in and open a new thread..

BTW:  for SBS2K3 questions, you might try the Windows 2003 section..  just a thought..  :)

and thanks..

FE
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

    Over the past few years, small business and home owners have become so dependent on internet that a need for redundancy has arisen.    What happens when your small business or home / home office loses its internet connection?  The results c…
Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now