SBS Server 2003 with one NIC

Posted on 2006-11-16
Last Modified: 2010-04-10

I am looking for some advise .

I have a SBS 2003 server running a network in the following configuration.

Netgear ADSL firewall router (DG834 V2) connected to broadband through DSL phone line and RJ45 connection to a 1GIG SMCGS24 10/100/1000 switch.
The Small Business Server has only one NIC and is connected to the same SMC switch as the router.
10 network PC's are also connected to the switch.

Internet----------->ADSL Router-------> SMC Switch
                                                           |   |
SBS NIC--------------------------------------    |
10 XP PC's NICs---------------------------------

So, the SBS and all the PC's are directly connected to the router through the switch.
I am also allowing remote access through the router for members of the SBS domain to VPN into the network.

I have been told that SBS should really be set up with two NICS where one goes to the router and the other goes to the internal network (1O PC's)?
Will there be any difference in the way the PC's get broadband access compared to getting it through the SBS?
Would I be correct in saying that there will be less control over the broadband access since the PC's are not getting access through the SBS?

Is there are any potential pitfalls with my configuration above that I should review or should I be OK.


Question by:gmoconno
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1

Expert Comment

ID: 17955231
in sbs there is an option for 1 nic as we normally put them behind a netscreen and so far havnt had any problems

Accepted Solution

Erutan409 earned 75 total points
ID: 17955615
"Will there be any difference in the way the PC's get broadband access compared to getting it through the SBS?
Would I be correct in saying that there will be less control over the broadband access since the PC's are not getting access through the SBS?"

Depending on the software you have installed on your server, you won't have much control over the access to the Internet if your PC's were connecting to the Internet via your server.  By default, the server software doesn't have built in tools to control access in the way you may want it to, but it does log all of the Internet activity of all of your PC's.  It's pretty useful when I want to see when a user has been using the Internet the most and from any specific day.  You can access these logs by going to "http://YOURSERVERNAME/monitoring".  I would suggest that it would probably be in your favor to setup your PC's to route through your server.,  You don't have to have two NIC's though to do this.  You can point your PC's gateway and DNS IP address to your server and still track your user's Internet activity.

Hope that helps!

Expert Comment

ID: 17955931
I forgot to add, that if you decide either way to install an additional NIC or just use one NIC and route your PC's through your server for Internet activity, that it's recommended that you run the Internet & Email Wizard from the Server Management App on your server to successfully configure your setup.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Assisted Solution

sr1xxon earned 75 total points
ID: 17956975
if you use 1 nic in SBS, you need to put it behind a firewall. This will be fine for outbound, but not for inbound connections.
This is moreso the case if you want to allow inbound access for management, remote desktop or whatever. Not sure if the netgear allows configuration for OpenVPN or the like.. but I'm pretty sure that netgear is a broadband router with basic firewalling (blocks any inbound) - though it has an unprotected DMZ port, this is a far cry from a managed firewall.

SBS does have it's own security stuff integrated, and this only really properly works when it's used with 2 nic's.
There's no way I would allow access to any microsoft server without it being correctly firewalled (and I don't mean by the inbuilt microsoft firewall)

connecting everything directly to the switch, you're relying on the netgear for security. If you connect the pc's to your SBS server (via a switch) and then your SBS to the broadband switch, then your SBS server is being used to manage the clients - this is how it is intended to be deployed.

considering you are using a gigabit switch, your 10 pc's should be fine. your bottleneck will be the broadband connection.

First, get a second nic, reconfigure connection/email as suggested by Erutan409, and be very careful with what you allow for remote access using only your broadband router for protection.

good luck.


Author Comment

ID: 17960178


Thanks to all for feedback. Just a few things.


The netgear router/firewall is not a basic unit. Maybe I'm smoking but it looks prety good to me but what would I know as I'm only making it up as I go along. Please check it out.


All the PC's are auto getting IP's from SBS DHCP service. Does this not mean they will automatically get the Server DNS also?

Expert Comment

ID: 17960437
You can configure your PC's WINS, DNS, and Gateway IP address in your server's DHCP server settings on SBS so that when your PC's obtain their IP address from your server, their Gateway and DNS is configured as well.  You don't have to configure your WINS IP, but I personally recommend it.  You can also specifically assign an IP to each computer based upon their MAC address meaning everytime your users turn on their machines/renews their IP, they will be assigned the same IP everytime.

"All the PC's are auto getting IP's from SBS DHCP service. Does this "NOT" mean they will automatically get the Server DNS also?"

I can't say for sure that your PC's aren't already using your server for DNS and as their gateway to the Internet if they're already retrieving an IP from your server as you mentioned.  Do an IP config from the command prompt on your server and compare your PC's DNS, Gateway and WiNS (if set) IP addresses to your server's IP address.  If they match your server's IP address, since your server only has one NIC, then your PC's are already connecting to the Internet via your server.  If you need more information on what I'm talking about in regards to your DHCP server settings on your SBS server or anything else let me know!

Happy Networking gmoconno :)

Expert Comment

ID: 17963814
hey gmoconno,
as I said, it's primarily a router, with an unrestricted dmz port, and basic firewalling functionality. I've configured that model router.
for outbound access it's fine, but for inbound access controls with no other measures in place, (and directly to a server without using a dmz bypass to an sslvpn or the like) it isn't enough on its own. just my opinion.

interrogating your DHCP service (on SBS) will let you know what services are being allocated. it's preferable to get SBS to do DNS as in that way it will populate its internal DNS server records and make lookups faster for your clients in future.

if SBS has been configured correctly, the clients will be using SBS for IP addressing, DNS and WINS (not to say that external DNS addressing won't work, but you won't get the advantages of integrated management with your SBS server.



Author Comment

ID: 17994791
Thanks Erutan409 and  sr1xxon - I'm gonna increase the points to 150 and split them.

Tim 1731, thanks for taking the time to reply but I can't award any points as there wasn't much detail in your answer to my specific questions.

Expert Comment

ID: 17995430
thx for the points, I hope everything works out for you.

Expert Comment

ID: 17995544
Same here.  Good luck.

Expert Comment

ID: 17995599
ok no problem

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question