Solved

SBS Server 2003 with one NIC

Posted on 2006-11-16
11
369 Views
Last Modified: 2010-04-10
Hi,

I am looking for some advise .

I have a SBS 2003 server running a network in the following configuration.

Netgear ADSL firewall router (DG834 V2) connected to broadband through DSL phone line and RJ45 connection to a 1GIG SMCGS24 10/100/1000 switch.
The Small Business Server has only one NIC and is connected to the same SMC switch as the router.
10 network PC's are also connected to the switch.

Internet----------->ADSL Router-------> SMC Switch
                                                           |   |
SBS NIC--------------------------------------    |
10 XP PC's NICs---------------------------------

So, the SBS and all the PC's are directly connected to the router through the switch.
I am also allowing remote access through the router for members of the SBS domain to VPN into the network.

I have been told that SBS should really be set up with two NICS where one goes to the router and the other goes to the internal network (1O PC's)?
Will there be any difference in the way the PC's get broadband access compared to getting it through the SBS?
Would I be correct in saying that there will be less control over the broadband access since the PC's are not getting access through the SBS?

Is there are any potential pitfalls with my configuration above that I should review or should I be OK.

thanks.

0
Comment
Question by:gmoconno
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 9

Expert Comment

by:tim1731
ID: 17955231
in sbs there is an option for 1 nic as we normally put them behind a netscreen and so far havnt had any problems
0
 

Accepted Solution

by:
Erutan409 earned 75 total points
ID: 17955615
"Will there be any difference in the way the PC's get broadband access compared to getting it through the SBS?
Would I be correct in saying that there will be less control over the broadband access since the PC's are not getting access through the SBS?"

Depending on the software you have installed on your server, you won't have much control over the access to the Internet if your PC's were connecting to the Internet via your server.  By default, the server software doesn't have built in tools to control access in the way you may want it to, but it does log all of the Internet activity of all of your PC's.  It's pretty useful when I want to see when a user has been using the Internet the most and from any specific day.  You can access these logs by going to "http://YOURSERVERNAME/monitoring".  I would suggest that it would probably be in your favor to setup your PC's to route through your server.,  You don't have to have two NIC's though to do this.  You can point your PC's gateway and DNS IP address to your server and still track your user's Internet activity.

Hope that helps!
0
 

Expert Comment

by:Erutan409
ID: 17955931
I forgot to add, that if you decide either way to install an additional NIC or just use one NIC and route your PC's through your server for Internet activity, that it's recommended that you run the Internet & Email Wizard from the Server Management App on your server to successfully configure your setup.
0
 
LVL 6

Assisted Solution

by:sr1xxon
sr1xxon earned 75 total points
ID: 17956975
if you use 1 nic in SBS, you need to put it behind a firewall. This will be fine for outbound, but not for inbound connections.
This is moreso the case if you want to allow inbound access for management, remote desktop or whatever. Not sure if the netgear allows configuration for OpenVPN or the like.. but I'm pretty sure that netgear is a broadband router with basic firewalling (blocks any inbound) - though it has an unprotected DMZ port, this is a far cry from a managed firewall.

SBS does have it's own security stuff integrated, and this only really properly works when it's used with 2 nic's.
There's no way I would allow access to any microsoft server without it being correctly firewalled (and I don't mean by the inbuilt microsoft firewall)

connecting everything directly to the switch, you're relying on the netgear for security. If you connect the pc's to your SBS server (via a switch) and then your SBS to the broadband switch, then your SBS server is being used to manage the clients - this is how it is intended to be deployed.

considering you are using a gigabit switch, your 10 pc's should be fine. your bottleneck will be the broadband connection.

First, get a second nic, reconfigure connection/email as suggested by Erutan409, and be very careful with what you allow for remote access using only your broadband router for protection.

good luck.

 
0
 

Author Comment

by:gmoconno
ID: 17960178

Guys,

Thanks to all for feedback. Just a few things.

sr1xxon

The netgear router/firewall is not a basic unit. Maybe I'm smoking but it looks prety good to me but what would I know as I'm only making it up as I go along. Please check it out.
http://www.netgear.com/Products/RoutersandGateways/WiredRouters/DG834.aspx

Erutan409

All the PC's are auto getting IP's from SBS DHCP service. Does this not mean they will automatically get the Server DNS also?
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Expert Comment

by:Erutan409
ID: 17960437
You can configure your PC's WINS, DNS, and Gateway IP address in your server's DHCP server settings on SBS so that when your PC's obtain their IP address from your server, their Gateway and DNS is configured as well.  You don't have to configure your WINS IP, but I personally recommend it.  You can also specifically assign an IP to each computer based upon their MAC address meaning everytime your users turn on their machines/renews their IP, they will be assigned the same IP everytime.

"All the PC's are auto getting IP's from SBS DHCP service. Does this "NOT" mean they will automatically get the Server DNS also?"

I can't say for sure that your PC's aren't already using your server for DNS and as their gateway to the Internet if they're already retrieving an IP from your server as you mentioned.  Do an IP config from the command prompt on your server and compare your PC's DNS, Gateway and WiNS (if set) IP addresses to your server's IP address.  If they match your server's IP address, since your server only has one NIC, then your PC's are already connecting to the Internet via your server.  If you need more information on what I'm talking about in regards to your DHCP server settings on your SBS server or anything else let me know!

Happy Networking gmoconno :)
0
 
LVL 6

Expert Comment

by:sr1xxon
ID: 17963814
hey gmoconno,
as I said, it's primarily a router, with an unrestricted dmz port, and basic firewalling functionality. I've configured that model router.
for outbound access it's fine, but for inbound access controls with no other measures in place, (and directly to a server without using a dmz bypass to an sslvpn or the like) it isn't enough on its own. just my opinion.

interrogating your DHCP service (on SBS) will let you know what services are being allocated. it's preferable to get SBS to do DNS as in that way it will populate its internal DNS server records and make lookups faster for your clients in future.

if SBS has been configured correctly, the clients will be using SBS for IP addressing, DNS and WINS (not to say that external DNS addressing won't work, but you won't get the advantages of integrated management with your SBS server.

HTH.




0
 

Author Comment

by:gmoconno
ID: 17994791
Thanks Erutan409 and  sr1xxon - I'm gonna increase the points to 150 and split them.

Tim 1731, thanks for taking the time to reply but I can't award any points as there wasn't much detail in your answer to my specific questions.
0
 
LVL 6

Expert Comment

by:sr1xxon
ID: 17995430
thx for the points, I hope everything works out for you.
0
 

Expert Comment

by:Erutan409
ID: 17995544
Same here.  Good luck.
0
 
LVL 9

Expert Comment

by:tim1731
ID: 17995599
ok no problem
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

What’s a web proxy server? A proxy server is a server that goes between clients and web servers, used in corporate to enforce corporate browsing policy and ensure security. Proxy servers are commonly used in three modes. A)    Forward proxy …
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now