Setting up a router/firewall + server + static IP & network


I've had the rather daunting task to setting up a new office network using Windows Small Business Server 2003 today and I could use some advice as it's the first I've setup and I havent used SBS 2003 before.

I was asked to provide a network address/subnet which I have set as for the server with a subnet of
After doing this I realised my router which is attached to a second NIC is on with a subnet of

To complicate things our ISP will activate our broadband over the next few days with a static IP of which I will need somehow assign to the server so that VPN, remote access and email are possible.

How to I get the static IP to point to the server, there is an option for the static IP on the router but I don't see how this woud help (or would it?)  Does NAT on the router need to be disabled and enabled on the server instead?  What about DCHP it's currently enabled on both the router and the server I believe which seems to be working as they are using different address ranges (router issues the server with an IP and the server issues the network computers with an IP) is that right?

If anyone could suggest a sensible config or offer some advice then I would really appreciate it.
Who is Participating?
Fatal_ExceptionSystems EngineerCommented:
One thing you will need to change here...  especially if you are setting up a Domain..  You need to run DNS on your server, not on your router...  This is very important for proper AD integration...

And, I assume by your config above that this is a multihomed server..  Are you planning on using RRAS?  If so, your IP address scheme will work well, actually subnetting the internal lan from the external..
Fatal_ExceptionSystems EngineerCommented:
If you have never done this before, you are in for some late nights.  Have you ever setup a Domain before?  If so, using SBS2K3 is similar, but the nice thing you will find is that the wizards do most of the work for you.  

I would reconfigure the IP address in the 192 range, since you will obviously be installing at the most 75 clients (as this is the limit of SBS2K3 Cals)..  Once you have the server setup, you will need to forward the requisite ports on the router for your VPN, remote access (port 3389), and email are possible.  Use NAT on the router, but I would disable DHCP and use the Server for this (although it does not really matter).  It is just that the server's DHCP is more configurable.

Incorrect:  (router issues the server with an IP and the server issues the network computers with an IP) is that right? NO.. The server should NEVER be getting it's IP address from DHCP, as it should always be set statically.  

All in all, it sounds like you need to do some heavy reading regarding setting up a server and network.  You may even need to bring in help from outside (a consultant maybe?)..  Too bad I am not in the neighborhood, as I would certainly be available to help...  :)


meagordAuthor Commented:
The wierd thing is I had everything working, network, shared printer, shared dialup access (waiting for broadband to be swtiched on) but then we decided to reboot the server and the whole lot stopped.

When I used the remote & routing panel to manually connect the dial up the window appeared saying connecting 1...2..3..4.. etc but never did (modem appeared to dial, connect then go silent.)  I then noticed that the client computers were unable to access any server resources or even ping the server (on the local network NIC  

I'm thinking this is because the internet facing NIC on the server was being configured by DHCP on the router (didn't think it would matter as the other local network NIC was static (

This is the config I plan to use

On the Internet facing NIC I setup
IP: (static network)
Gateway: (router ip address)
DNS: (router ip address)

...and on the Network NIC:

DHCP enabled on server, disabled on adsl router.

I wish I had left the local network on 192.163.0.x instead of changing it to 10.0.0.x (I thought it needed to be different to the network used by the router) but I'm assuming this won't matter (I'm not sure how exactly how I would change it or what places the setup wizard has used it.)

Is there a good reason to change the IP range?
meagordAuthor Commented:
The idea was to have an outer network to connect to the internet  and any unsecure wireless devices (via VPN) and an internel network joined together by the server.

I'm assuming that I don't really need to do anything difficult to join the two networks as long as I configure both network cards with the correct IP addresses etc.

Point taken on the DNS, I will set it up to use the server.

Thank you for your help with this.
Fatal_ExceptionSystems EngineerCommented:
No problem..  you are on your way now..  just make use of those wizards and you should be just fine...  

Best of luck, and if you have further questions, come back in and open a new thread..

BTW:  for SBS2K3 questions, you might try the Windows 2003 section..  just a thought..  :)

and thanks..

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.