Solved

SBS Server 2003 with one NIC

Posted on 2006-11-16
11
371 Views
Last Modified: 2010-04-10
Hi,

I am looking for some advise .

I have a SBS 2003 server running a network in the following configuration.

Netgear ADSL firewall router (DG834 V2) connected to broadband through DSL phone line and RJ45 connection to a 1GIG SMCGS24 10/100/1000 switch.
The Small Business Server has only one NIC and is connected to the same SMC switch as the router.
10 network PC's are also connected to the switch.

Internet----------->ADSL Router-------> SMC Switch
                                                           |   |
SBS NIC--------------------------------------    |
10 XP PC's NICs---------------------------------

So, the SBS and all the PC's are directly connected to the router through the switch.
I am also allowing remote access through the router for members of the SBS domain to VPN into the network.

I have been told that SBS should really be set up with two NICS where one goes to the router and the other goes to the internal network (1O PC's)?
Will there be any difference in the way the PC's get broadband access compared to getting it through the SBS?
Would I be correct in saying that there will be less control over the broadband access since the PC's are not getting access through the SBS?

Is there are any potential pitfalls with my configuration above that I should review or should I be OK.

thanks.

0
Comment
Question by:gmoconno
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 9

Expert Comment

by:tim1731
ID: 17955231
in sbs there is an option for 1 nic as we normally put them behind a netscreen and so far havnt had any problems
0
 

Accepted Solution

by:
Erutan409 earned 75 total points
ID: 17955615
"Will there be any difference in the way the PC's get broadband access compared to getting it through the SBS?
Would I be correct in saying that there will be less control over the broadband access since the PC's are not getting access through the SBS?"

Depending on the software you have installed on your server, you won't have much control over the access to the Internet if your PC's were connecting to the Internet via your server.  By default, the server software doesn't have built in tools to control access in the way you may want it to, but it does log all of the Internet activity of all of your PC's.  It's pretty useful when I want to see when a user has been using the Internet the most and from any specific day.  You can access these logs by going to "http://YOURSERVERNAME/monitoring".  I would suggest that it would probably be in your favor to setup your PC's to route through your server.,  You don't have to have two NIC's though to do this.  You can point your PC's gateway and DNS IP address to your server and still track your user's Internet activity.

Hope that helps!
0
 

Expert Comment

by:Erutan409
ID: 17955931
I forgot to add, that if you decide either way to install an additional NIC or just use one NIC and route your PC's through your server for Internet activity, that it's recommended that you run the Internet & Email Wizard from the Server Management App on your server to successfully configure your setup.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 6

Assisted Solution

by:sr1xxon
sr1xxon earned 75 total points
ID: 17956975
if you use 1 nic in SBS, you need to put it behind a firewall. This will be fine for outbound, but not for inbound connections.
This is moreso the case if you want to allow inbound access for management, remote desktop or whatever. Not sure if the netgear allows configuration for OpenVPN or the like.. but I'm pretty sure that netgear is a broadband router with basic firewalling (blocks any inbound) - though it has an unprotected DMZ port, this is a far cry from a managed firewall.

SBS does have it's own security stuff integrated, and this only really properly works when it's used with 2 nic's.
There's no way I would allow access to any microsoft server without it being correctly firewalled (and I don't mean by the inbuilt microsoft firewall)

connecting everything directly to the switch, you're relying on the netgear for security. If you connect the pc's to your SBS server (via a switch) and then your SBS to the broadband switch, then your SBS server is being used to manage the clients - this is how it is intended to be deployed.

considering you are using a gigabit switch, your 10 pc's should be fine. your bottleneck will be the broadband connection.

First, get a second nic, reconfigure connection/email as suggested by Erutan409, and be very careful with what you allow for remote access using only your broadband router for protection.

good luck.

 
0
 

Author Comment

by:gmoconno
ID: 17960178

Guys,

Thanks to all for feedback. Just a few things.

sr1xxon

The netgear router/firewall is not a basic unit. Maybe I'm smoking but it looks prety good to me but what would I know as I'm only making it up as I go along. Please check it out.
http://www.netgear.com/Products/RoutersandGateways/WiredRouters/DG834.aspx

Erutan409

All the PC's are auto getting IP's from SBS DHCP service. Does this not mean they will automatically get the Server DNS also?
0
 

Expert Comment

by:Erutan409
ID: 17960437
You can configure your PC's WINS, DNS, and Gateway IP address in your server's DHCP server settings on SBS so that when your PC's obtain their IP address from your server, their Gateway and DNS is configured as well.  You don't have to configure your WINS IP, but I personally recommend it.  You can also specifically assign an IP to each computer based upon their MAC address meaning everytime your users turn on their machines/renews their IP, they will be assigned the same IP everytime.

"All the PC's are auto getting IP's from SBS DHCP service. Does this "NOT" mean they will automatically get the Server DNS also?"

I can't say for sure that your PC's aren't already using your server for DNS and as their gateway to the Internet if they're already retrieving an IP from your server as you mentioned.  Do an IP config from the command prompt on your server and compare your PC's DNS, Gateway and WiNS (if set) IP addresses to your server's IP address.  If they match your server's IP address, since your server only has one NIC, then your PC's are already connecting to the Internet via your server.  If you need more information on what I'm talking about in regards to your DHCP server settings on your SBS server or anything else let me know!

Happy Networking gmoconno :)
0
 
LVL 6

Expert Comment

by:sr1xxon
ID: 17963814
hey gmoconno,
as I said, it's primarily a router, with an unrestricted dmz port, and basic firewalling functionality. I've configured that model router.
for outbound access it's fine, but for inbound access controls with no other measures in place, (and directly to a server without using a dmz bypass to an sslvpn or the like) it isn't enough on its own. just my opinion.

interrogating your DHCP service (on SBS) will let you know what services are being allocated. it's preferable to get SBS to do DNS as in that way it will populate its internal DNS server records and make lookups faster for your clients in future.

if SBS has been configured correctly, the clients will be using SBS for IP addressing, DNS and WINS (not to say that external DNS addressing won't work, but you won't get the advantages of integrated management with your SBS server.

HTH.




0
 

Author Comment

by:gmoconno
ID: 17994791
Thanks Erutan409 and  sr1xxon - I'm gonna increase the points to 150 and split them.

Tim 1731, thanks for taking the time to reply but I can't award any points as there wasn't much detail in your answer to my specific questions.
0
 
LVL 6

Expert Comment

by:sr1xxon
ID: 17995430
thx for the points, I hope everything works out for you.
0
 

Expert Comment

by:Erutan409
ID: 17995544
Same here.  Good luck.
0
 
LVL 9

Expert Comment

by:tim1731
ID: 17995599
ok no problem
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question