[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 301
  • Last Modified:

Routing & Remote Access Question

Hello,

I have a test lab set up with SBS2003 and a Linksys Wireless Router that is connected to a cable modem.

What I would like to do is configure SBS to be a router between a local subnet, where the clients are, and the Linksys/Cable Modem.  The server has two NICS labelled WAN and LAN respectively.  The LAN subnet is 10.0.0.0/8, and the WAN subnet is 192.168.19.32/27.  The Linksys' IP is 192.168.19.61 and that side of the SBS is 192.168.19.41.  Locally, the SBS uses the IP address, 10.255.255.254.  A Win XP client is addressed 10.255.255.253.  The XP client cannot get out to the web, nor can it ping the Linksys router's interface.

RRAS is enabled but I cannot create a default route to the Linksys router.  RRAS gives an error telling me the subnet is wrong for the default gateway.  I am not sure how to set up default gateways on multi-homed servers.  The server's DNS is set to forward all queries to my ISP's DNS servers, and to only listen on the local interface (10.255.255.254).   Iwas under the impression that Windows will automatically route between subnets for locally connected interfaces.  Am I wrong?

Thanks
0
Jason Watkins
Asked:
Jason Watkins
  • 4
  • 3
1 Solution
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
The recommended configuration for two nics is here:  http://sbsurl.com/2nics

You must run the Configure Email and Internet Connection Wizard (CEICW -- labeled "Connect to the Internet" on the To-Do list) in order to make all of this work.  You should NOT create any of these routes manually.

Furthermore, I don't know why you would not just want to use a Class C Subnet for both sides.  As you can see in the example linked above, it works quite well that way, and you won't run out of IP's with 254 available.  The suggested default IP for the SBS is 192.168.16.2 so with the subnet being 192.168.16.0/24.

You should ONLY have the SBS's IP on both NIC's DNS settings, and then you will enter your ISP's DNS IP's in the appropriate screen of the CEICW (see http://sbsurl.com/ceicw for a visual how-to).  The WAN nic's gateway is the IP of the router, and the LAN nic's gateway is blank.  You also need to put the server's IP in the LAN's WINS setting.

NETBIOS over TCP/IP is disabled on the WAN nic.

Then, did you manually configure the network settings on the WinXP client or did they get their settings via DHCP (recommended -- running from the SBS).  

Lastly, if the workstations were not joined to the network using the SBS method of http://<servername>/connectcomputer then you will need to fix that because there are about 20 different settings that need to be made on the workstations in order for them to live happily in SBS-ville.

Here's an overview of what connectcomputer does:  http://sbsurl.com/connectcomputer

If you didn't use that method, please follow these steps to correct the problem:

The following needs to be done with the client machine:
1.  Log in with THAT machine's LOCAL administrator account.
2.  Unjoin the domain into a WORKGROUP
3.  Change the name of the computer
4.  Delete or rename the following directory C:\Program Files\Microsoft Windows Small Business Server\Clients if it exists
5.  Ensure that DHCP is enabled and there are  no manually configured network settings
6.  Reboot

Then on the server, from the Server Management Console:
1.  Remove the client computers if it still shows in the Client Computer screen on the Server Management Console
2.  Add the client with it's NEW name using the Add Computer wizard

Then, go back to the client machine and join the domain by opening Internet Explorer and navigating to http://servername/connectcomputer

Jeff
TechSoEasy
0
 
Jason WatkinsIT Project LeaderAuthor Commented:
Hello,

I did end up running the CEICW and following the suggestions it made.  One part of my network was already subnetted, so that is why I chose that side.  10.0.0.0/8 was thought to be a good alternative just to prevent confusion.  

I had the configuration pretty much as you described above with the exception of having the SBS server IP for DNS on both connections.

The workstation in question was an XP Home Edition machine, so domain membership is out of the question.  My end goal was to set up ISA 2004 and use SBS as a firewall for the LAN.  Perhaps that is not the best idea?  After all, I was just testing, WS2003 would route between networks automatically.

Thanks again
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Yeah... you can't really get any benefit out of using XP Home... for the $149.00 or so it costs to upgrade it you'll spend significantly more time and effort just managing it manually instead of through group policy.

But the fact is that non-domain computers should still be able to access the Internet and get an IP through DHCP.  They just won't get much else.  If you create a domain user account that exactly matches a local user account on the machine (same password too) then the authentication will pass through to the domain, at least... so you don't have to reauthenticat for file access.

I don't really use ISA much because the majority of my clients have less than 15 users and unless they have something like HIPAA to comply with they don't feel that it's worth the additional cost for me to configure and maintain it.  Even though most all of them have it because I strongly encourage my clients to get SBS Premium for the sole purpose of full-text search in SharePoint (which only happens with SQL Server).

I would still have a hardware firewall in front of ISA, just as you do now with one in front of RRAS (which is a firewall as well).

What do you mean WS2003 would route between networks automatically????

Jeff
TechSoEasy
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Jason WatkinsIT Project LeaderAuthor Commented:
The Linksys just has a small firmware firewall built in to it.  I am not 100% vested in it's capability, but it is better than nothing.  The local machines use their own firewall software (XP's client).  I set up ISA for a client a few months back, and was looking to provide a similar set up for my lab.  

Another alternative was FreeBSD, but I little experience with that as well.  I have not done too much of anything with SharePoint Services.

WS2003 would pass data between two locally connected subnets automatically because RRAS is turned on by default.  SBS does not seem to have RRAS enabled as a default.  

Jay
FireBar
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Yes, SBS has RRAS enabled as a default it's what's configured when you run the CEICW.  The premium edition of SBS includes ISA so I wouldn't ever go for something different... just a choice of whether to use it or not.  ISA would also be configured automatically with the CEICW should you have it installed.

To see what that sucker really does... take a look at C:\Program Files\Microsoft Windows Small Business Server\Networking\ICW\IcwdetailsXX.htm (where XX is the incremental sequence number for each time you run the wizard).

The raw log with about 500 command lines per run is here:
C:\Program Files\Microsoft Windows Small Business Server\Support\isalog.txt

Do you realize that you cannot create domain trusts with an SBS?  That's why I asked about passing data between the two subnets... it's not really possible unless you VPN into the SBS's environment.  

Since SBS seems to be somewhat new to you, I'd suggest that you read a few things about it because it can't be treated as a standard Server 2003... since it's not.  It contains Server 2003, but you would never put all those other things on the same box in an Enterprise environment... so it must be managed the "SBS-way".  (see:  http:Q_21831460.html)

Check out http://sbsurl.com/itpro for an overview of the differences and http://sbsurl.com/techguide has a bunch of other links to important resources.  This is one computer that requires one to read the manual.

Jeff
TechSoEasy

0
 
Jason WatkinsIT Project LeaderAuthor Commented:
Yes, I do understand about trusts and SBS, and that it is pretty much a one system show.  By passing data, I meant routing between the LAN and WAN connections without additional configuration.  

I should probably get a book...

Thanks
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Best Practices book:  http://sbsurl.com/best

Advanced book:  http://sbsurl.com/advanced

Just my recommendations!

Jeff
TechSoEasy
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now