Solved

Setting up a router/firewall + server + static IP & network

Posted on 2004-09-07
5
332 Views
Last Modified: 2013-12-14
Hi,

I've had the rather daunting task to setting up a new office network using Windows Small Business Server 2003 today and I could use some advice as it's the first I've setup and I havent used SBS 2003 before.

I was asked to provide a network address/subnet which I have set as 10.0.0.10 for the server with a subnet of 255.0.0.0.
After doing this I realised my router which is attached to a second NIC is on 192.168.0.1 with a subnet of 255.255.255.0.

To complicate things our ISP will activate our broadband over the next few days with a static IP of 80.229.45.70 which I will need somehow assign to the server so that VPN, remote access and email are possible.

How to I get the static IP to point to the server, there is an option for the static IP on the router but I don't see how this woud help (or would it?)  Does NAT on the router need to be disabled and enabled on the server instead?  What about DCHP it's currently enabled on both the router and the server I believe which seems to be working as they are using different address ranges (router issues the server with an IP and the server issues the network computers with an IP) is that right?

If anyone could suggest a sensible config or offer some advice then I would really appreciate it.
0
Comment
Question by:meagord
  • 3
  • 2
5 Comments
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12010183
If you have never done this before, you are in for some late nights.  Have you ever setup a Domain before?  If so, using SBS2K3 is similar, but the nice thing you will find is that the wizards do most of the work for you.  

I would reconfigure the IP address in the 192 range, since you will obviously be installing at the most 75 clients (as this is the limit of SBS2K3 Cals)..  Once you have the server setup, you will need to forward the requisite ports on the router for your VPN, remote access (port 3389), and email are possible.  Use NAT on the router, but I would disable DHCP and use the Server for this (although it does not really matter).  It is just that the server's DHCP is more configurable.

Incorrect:  (router issues the server with an IP and the server issues the network computers with an IP) is that right? NO.. The server should NEVER be getting it's IP address from DHCP, as it should always be set statically.  

All in all, it sounds like you need to do some heavy reading regarding setting up a server and network.  You may even need to bring in help from outside (a consultant maybe?)..  Too bad I am not in the neighborhood, as I would certainly be available to help...  :)

FE

0
 

Author Comment

by:meagord
ID: 12010560
The wierd thing is I had everything working, network, shared printer, shared dialup access (waiting for broadband to be swtiched on) but then we decided to reboot the server and the whole lot stopped.

When I used the remote & routing panel to manually connect the dial up the window appeared saying connecting 1...2..3..4.. etc but never did (modem appeared to dial, connect then go silent.)  I then noticed that the client computers were unable to access any server resources or even ping the server (on the local network NIC 10.0.0.10)  

I'm thinking this is because the internet facing NIC on the server was being configured by DHCP on the router (didn't think it would matter as the other local network NIC was static (10.0.0.10)

This is the config I plan to use

On the Internet facing NIC I setup
IP: 192.168.0.10 (static network)
Subnet: 255.255.255.0
Gateway: 192.168.0.1 (router ip address)
DNS: 192.168.0.1 (router ip address)

...and on the Network NIC:
IP: 10.0.0.10
Subnet: 255.0.0.0

DHCP enabled on server, disabled on adsl router.

I wish I had left the local network on 192.163.0.x instead of changing it to 10.0.0.x (I thought it needed to be different to the network used by the router) but I'm assuming this won't matter (I'm not sure how exactly how I would change it or what places the setup wizard has used it.)

Is there a good reason to change the IP range?
0
 
LVL 40

Accepted Solution

by:
Fatal_Exception earned 500 total points
ID: 12010735
One thing you will need to change here...  especially if you are setting up a Domain..  You need to run DNS on your server, not on your router...  This is very important for proper AD integration...

And, I assume by your config above that this is a multihomed server..  Are you planning on using RRAS?  If so, your IP address scheme will work well, actually subnetting the internal lan from the external..
0
 

Author Comment

by:meagord
ID: 12010841
The idea was to have an outer network to connect to the internet  and any unsecure wireless devices (via VPN) and an internel network joined together by the server.

I'm assuming that I don't really need to do anything difficult to join the two networks as long as I configure both network cards with the correct IP addresses etc.

Point taken on the DNS, I will set it up to use the server.

Thank you for your help with this.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12010938
No problem..  you are on your way now..  just make use of those wizards and you should be just fine...  

Best of luck, and if you have further questions, come back in and open a new thread..

BTW:  for SBS2K3 questions, you might try the Windows 2003 section..  just a thought..  :)

and thanks..

FE
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

This solves the problem of diagnosing why an internet connection is no longer working. It also helps identify the likely cause of the lost connection if the procedure fails to re-establish your internet connection. It helps to pinpoint the likely co…
Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now