• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 381
  • Last Modified:

SBS Server 2003 with one NIC

Hi,

I am looking for some advise .

I have a SBS 2003 server running a network in the following configuration.

Netgear ADSL firewall router (DG834 V2) connected to broadband through DSL phone line and RJ45 connection to a 1GIG SMCGS24 10/100/1000 switch.
The Small Business Server has only one NIC and is connected to the same SMC switch as the router.
10 network PC's are also connected to the switch.

Internet----------->ADSL Router-------> SMC Switch
                                                           |   |
SBS NIC--------------------------------------    |
10 XP PC's NICs---------------------------------

So, the SBS and all the PC's are directly connected to the router through the switch.
I am also allowing remote access through the router for members of the SBS domain to VPN into the network.

I have been told that SBS should really be set up with two NICS where one goes to the router and the other goes to the internal network (1O PC's)?
Will there be any difference in the way the PC's get broadband access compared to getting it through the SBS?
Would I be correct in saying that there will be less control over the broadband access since the PC's are not getting access through the SBS?

Is there are any potential pitfalls with my configuration above that I should review or should I be OK.

thanks.

0
gmoconno
Asked:
gmoconno
  • 4
  • 3
  • 2
  • +1
2 Solutions
 
tim1731Commented:
in sbs there is an option for 1 nic as we normally put them behind a netscreen and so far havnt had any problems
0
 
Erutan409Commented:
"Will there be any difference in the way the PC's get broadband access compared to getting it through the SBS?
Would I be correct in saying that there will be less control over the broadband access since the PC's are not getting access through the SBS?"

Depending on the software you have installed on your server, you won't have much control over the access to the Internet if your PC's were connecting to the Internet via your server.  By default, the server software doesn't have built in tools to control access in the way you may want it to, but it does log all of the Internet activity of all of your PC's.  It's pretty useful when I want to see when a user has been using the Internet the most and from any specific day.  You can access these logs by going to "http://YOURSERVERNAME/monitoring".  I would suggest that it would probably be in your favor to setup your PC's to route through your server.,  You don't have to have two NIC's though to do this.  You can point your PC's gateway and DNS IP address to your server and still track your user's Internet activity.

Hope that helps!
0
 
Erutan409Commented:
I forgot to add, that if you decide either way to install an additional NIC or just use one NIC and route your PC's through your server for Internet activity, that it's recommended that you run the Internet & Email Wizard from the Server Management App on your server to successfully configure your setup.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
sr1xxonCommented:
if you use 1 nic in SBS, you need to put it behind a firewall. This will be fine for outbound, but not for inbound connections.
This is moreso the case if you want to allow inbound access for management, remote desktop or whatever. Not sure if the netgear allows configuration for OpenVPN or the like.. but I'm pretty sure that netgear is a broadband router with basic firewalling (blocks any inbound) - though it has an unprotected DMZ port, this is a far cry from a managed firewall.

SBS does have it's own security stuff integrated, and this only really properly works when it's used with 2 nic's.
There's no way I would allow access to any microsoft server without it being correctly firewalled (and I don't mean by the inbuilt microsoft firewall)

connecting everything directly to the switch, you're relying on the netgear for security. If you connect the pc's to your SBS server (via a switch) and then your SBS to the broadband switch, then your SBS server is being used to manage the clients - this is how it is intended to be deployed.

considering you are using a gigabit switch, your 10 pc's should be fine. your bottleneck will be the broadband connection.

First, get a second nic, reconfigure connection/email as suggested by Erutan409, and be very careful with what you allow for remote access using only your broadband router for protection.

good luck.

 
0
 
gmoconnoAuthor Commented:

Guys,

Thanks to all for feedback. Just a few things.

sr1xxon

The netgear router/firewall is not a basic unit. Maybe I'm smoking but it looks prety good to me but what would I know as I'm only making it up as I go along. Please check it out.
http://www.netgear.com/Products/RoutersandGateways/WiredRouters/DG834.aspx

Erutan409

All the PC's are auto getting IP's from SBS DHCP service. Does this not mean they will automatically get the Server DNS also?
0
 
Erutan409Commented:
You can configure your PC's WINS, DNS, and Gateway IP address in your server's DHCP server settings on SBS so that when your PC's obtain their IP address from your server, their Gateway and DNS is configured as well.  You don't have to configure your WINS IP, but I personally recommend it.  You can also specifically assign an IP to each computer based upon their MAC address meaning everytime your users turn on their machines/renews their IP, they will be assigned the same IP everytime.

"All the PC's are auto getting IP's from SBS DHCP service. Does this "NOT" mean they will automatically get the Server DNS also?"

I can't say for sure that your PC's aren't already using your server for DNS and as their gateway to the Internet if they're already retrieving an IP from your server as you mentioned.  Do an IP config from the command prompt on your server and compare your PC's DNS, Gateway and WiNS (if set) IP addresses to your server's IP address.  If they match your server's IP address, since your server only has one NIC, then your PC's are already connecting to the Internet via your server.  If you need more information on what I'm talking about in regards to your DHCP server settings on your SBS server or anything else let me know!

Happy Networking gmoconno :)
0
 
sr1xxonCommented:
hey gmoconno,
as I said, it's primarily a router, with an unrestricted dmz port, and basic firewalling functionality. I've configured that model router.
for outbound access it's fine, but for inbound access controls with no other measures in place, (and directly to a server without using a dmz bypass to an sslvpn or the like) it isn't enough on its own. just my opinion.

interrogating your DHCP service (on SBS) will let you know what services are being allocated. it's preferable to get SBS to do DNS as in that way it will populate its internal DNS server records and make lookups faster for your clients in future.

if SBS has been configured correctly, the clients will be using SBS for IP addressing, DNS and WINS (not to say that external DNS addressing won't work, but you won't get the advantages of integrated management with your SBS server.

HTH.




0
 
gmoconnoAuthor Commented:
Thanks Erutan409 and  sr1xxon - I'm gonna increase the points to 150 and split them.

Tim 1731, thanks for taking the time to reply but I can't award any points as there wasn't much detail in your answer to my specific questions.
0
 
sr1xxonCommented:
thx for the points, I hope everything works out for you.
0
 
Erutan409Commented:
Same here.  Good luck.
0
 
tim1731Commented:
ok no problem
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now