Routing & Remote Access Question


I have a test lab set up with SBS2003 and a Linksys Wireless Router that is connected to a cable modem.

What I would like to do is configure SBS to be a router between a local subnet, where the clients are, and the Linksys/Cable Modem.  The server has two NICS labelled WAN and LAN respectively.  The LAN subnet is, and the WAN subnet is  The Linksys' IP is and that side of the SBS is  Locally, the SBS uses the IP address,  A Win XP client is addressed  The XP client cannot get out to the web, nor can it ping the Linksys router's interface.

RRAS is enabled but I cannot create a default route to the Linksys router.  RRAS gives an error telling me the subnet is wrong for the default gateway.  I am not sure how to set up default gateways on multi-homed servers.  The server's DNS is set to forward all queries to my ISP's DNS servers, and to only listen on the local interface (   Iwas under the impression that Windows will automatically route between subnets for locally connected interfaces.  Am I wrong?

LVL 27
Jason WatkinsIT Project LeaderAsked:
Who is Participating?
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
The recommended configuration for two nics is here:

You must run the Configure Email and Internet Connection Wizard (CEICW -- labeled "Connect to the Internet" on the To-Do list) in order to make all of this work.  You should NOT create any of these routes manually.

Furthermore, I don't know why you would not just want to use a Class C Subnet for both sides.  As you can see in the example linked above, it works quite well that way, and you won't run out of IP's with 254 available.  The suggested default IP for the SBS is so with the subnet being

You should ONLY have the SBS's IP on both NIC's DNS settings, and then you will enter your ISP's DNS IP's in the appropriate screen of the CEICW (see for a visual how-to).  The WAN nic's gateway is the IP of the router, and the LAN nic's gateway is blank.  You also need to put the server's IP in the LAN's WINS setting.

NETBIOS over TCP/IP is disabled on the WAN nic.

Then, did you manually configure the network settings on the WinXP client or did they get their settings via DHCP (recommended -- running from the SBS).  

Lastly, if the workstations were not joined to the network using the SBS method of http://<servername>/connectcomputer then you will need to fix that because there are about 20 different settings that need to be made on the workstations in order for them to live happily in SBS-ville.

Here's an overview of what connectcomputer does:

If you didn't use that method, please follow these steps to correct the problem:

The following needs to be done with the client machine:
1.  Log in with THAT machine's LOCAL administrator account.
2.  Unjoin the domain into a WORKGROUP
3.  Change the name of the computer
4.  Delete or rename the following directory C:\Program Files\Microsoft Windows Small Business Server\Clients if it exists
5.  Ensure that DHCP is enabled and there are  no manually configured network settings
6.  Reboot

Then on the server, from the Server Management Console:
1.  Remove the client computers if it still shows in the Client Computer screen on the Server Management Console
2.  Add the client with it's NEW name using the Add Computer wizard

Then, go back to the client machine and join the domain by opening Internet Explorer and navigating to http://servername/connectcomputer

Jason WatkinsIT Project LeaderAuthor Commented:

I did end up running the CEICW and following the suggestions it made.  One part of my network was already subnetted, so that is why I chose that side. was thought to be a good alternative just to prevent confusion.  

I had the configuration pretty much as you described above with the exception of having the SBS server IP for DNS on both connections.

The workstation in question was an XP Home Edition machine, so domain membership is out of the question.  My end goal was to set up ISA 2004 and use SBS as a firewall for the LAN.  Perhaps that is not the best idea?  After all, I was just testing, WS2003 would route between networks automatically.

Thanks again
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Yeah... you can't really get any benefit out of using XP Home... for the $149.00 or so it costs to upgrade it you'll spend significantly more time and effort just managing it manually instead of through group policy.

But the fact is that non-domain computers should still be able to access the Internet and get an IP through DHCP.  They just won't get much else.  If you create a domain user account that exactly matches a local user account on the machine (same password too) then the authentication will pass through to the domain, at least... so you don't have to reauthenticat for file access.

I don't really use ISA much because the majority of my clients have less than 15 users and unless they have something like HIPAA to comply with they don't feel that it's worth the additional cost for me to configure and maintain it.  Even though most all of them have it because I strongly encourage my clients to get SBS Premium for the sole purpose of full-text search in SharePoint (which only happens with SQL Server).

I would still have a hardware firewall in front of ISA, just as you do now with one in front of RRAS (which is a firewall as well).

What do you mean WS2003 would route between networks automatically????

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Jason WatkinsIT Project LeaderAuthor Commented:
The Linksys just has a small firmware firewall built in to it.  I am not 100% vested in it's capability, but it is better than nothing.  The local machines use their own firewall software (XP's client).  I set up ISA for a client a few months back, and was looking to provide a similar set up for my lab.  

Another alternative was FreeBSD, but I little experience with that as well.  I have not done too much of anything with SharePoint Services.

WS2003 would pass data between two locally connected subnets automatically because RRAS is turned on by default.  SBS does not seem to have RRAS enabled as a default.  

Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Yes, SBS has RRAS enabled as a default it's what's configured when you run the CEICW.  The premium edition of SBS includes ISA so I wouldn't ever go for something different... just a choice of whether to use it or not.  ISA would also be configured automatically with the CEICW should you have it installed.

To see what that sucker really does... take a look at C:\Program Files\Microsoft Windows Small Business Server\Networking\ICW\IcwdetailsXX.htm (where XX is the incremental sequence number for each time you run the wizard).

The raw log with about 500 command lines per run is here:
C:\Program Files\Microsoft Windows Small Business Server\Support\isalog.txt

Do you realize that you cannot create domain trusts with an SBS?  That's why I asked about passing data between the two subnets... it's not really possible unless you VPN into the SBS's environment.  

Since SBS seems to be somewhat new to you, I'd suggest that you read a few things about it because it can't be treated as a standard Server 2003... since it's not.  It contains Server 2003, but you would never put all those other things on the same box in an Enterprise environment... so it must be managed the "SBS-way".  (see:  http:Q_21831460.html)

Check out for an overview of the differences and has a bunch of other links to important resources.  This is one computer that requires one to read the manual.


Jason WatkinsIT Project LeaderAuthor Commented:
Yes, I do understand about trusts and SBS, and that it is pretty much a one system show.  By passing data, I meant routing between the LAN and WAN connections without additional configuration.  

I should probably get a book...

Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Best Practices book:

Advanced book:

Just my recommendations!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.