Solved

SBS Setup Broadband Type? My server uses...

Posted on 2007-03-31
17
364 Views
Last Modified: 2009-12-16
I am setting up SBS 2003 R2.  At the beginning of the Configure Email and Internet Connection Wizard it asks what kind of Broadband connection that will be used.

I have a Bellsouth Netopia 3347 DSL Modem/Router. The router is assigned a static IP from Bellsouth. The router uses a PPPOE username and password to authenticate with Bellsouth. I will be using two network adapters so the server will be the gateway and firewall. I expect to access the server remotely via VPN or Remote Desktop. I may host a public webpage. I will be setting up Exchange to send/receive email directly to/from the server.

Do I select...
1. A local router device with an IP address,
2. A connection that requires a username and password (PPPoE),
or,
3. A direct broadband connection?

They all seem very similar and it is not clear which should be used.

Thanks in advance.
0
Comment
Question by:ArkAdmin
  • 6
  • 3
  • 3
  • +3
17 Comments
 
LVL 15

Expert Comment

by:plimpias
Comment Utility
In this case if you want to use the SBS server as the gateway and firewall. You will need to choose #2 and put in your settings for your ISP.


It will go modem/router to WAN on SBS.
LAN of sbs to switch
Switch to computers

Currently your Modem/router is acting as a router. Since you want to use the SBS server as your router you will need to call your ISP and have them change your configuration from router to bridge. This will enable your SBS wan interface to use the public ip and user settings for your ISP
0
 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
If for some reason #2 is incorrect (though I would suggest it as well), you can always run the wizard again and change it.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
Plimpias's comment is absolutely not correct.  I will also state that I really don't like the combined modem/router devices, especially those Netopia ones because they are really difficult to configured.

But for sure, you are not having the SBS authenticate your DSL connection, so the answer to your question is that you select #1.

Jeff
TechSoEasy
0
 
LVL 12

Assisted Solution

by:RWrigley
RWrigley earned 100 total points
Comment Utility
Well, since other people have suggested the other two, I guess I'll be contrary and go with option 3.

But ultimately, it comes down to how your server needs to be configured to access the internet.  
Does your server have a static IP address?  
Does your server have the router's internal IP address as its "gateway"?  
Does the server point to its own, internal DNS server (probably)?  
Does the internal DNS server forward DNS requests to the router, or to the BellSouth DNS servers?  
Is DHCP handled by the router or by the SBS server?  
Does the router provide NAT translation or point-to-point protocol routing?
0
 
LVL 22

Expert Comment

by:Olaf De Ceuster
Comment Utility
As Jeff said: Best results with 1 and 3 if you do not want the SBS wizard to automatically configure your router.
#2 is only applicable if you use one NIC only.
Olaf
0
 
LVL 15

Expert Comment

by:plimpias
Comment Utility
Plimpias's comment is absolutely not correct.  ?

Whats so not correct Jeff? Pleas explain so i can correct you.

 I will also state that I really don't like the combined modem/router devices, especially those Netopia ones because they are really difficult to configured.
These routers are usually handled by your ISP, hince call your ISP and have them change the config from router to bridge.

#2 is only applicable if you use one NIC only.
Olaf
Why is this only applicable if you use one NIC only?
0
 
LVL 15

Expert Comment

by:plimpias
Comment Utility
Here you go guys, everyone can read over this.

http://www.microsoft.com/technet/prodtechnol/sbs/2003/plan/gsg/appx_b.mspx

Please read carefully before you answer questions.
0
 
LVL 12

Expert Comment

by:RWrigley
Comment Utility
As I said, the correct option for his connection type is probably #3, because he's using 2 NIC's (although I admit to assuming that one of the NIC's is directly connected to the router appliance) and the broadband connection is managed by the router.  Option1 assumes that the router/gateway is connected to a hub/switch that is accessible to all computers in the network, while option 2 assumes that the SBS server needs to establish a PPOE connection.  Option 3 assumes that the server is only machine that connects to the actual internet, and that all other comptuers in the network are being routed through it.

In principle, you can use a two nic approach to option 1 as well, which makes it pretty much the same as option3.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:ArkAdmin
Comment Utility
A few thoughts that might help you guys...

When I originally signed up with Bellsouth (BST) I had a range of 15 static IPs, all on the same subnet. Two were to be assigned to the external and internal interface of the router. The others were to be assigned to the external interfaces of the various servers devices in my network. Under this scenario, the router was configured with NAT disabled.

For several reasons I opted to trade this range of multiple static IPs for a single public static IP address that must be assigned to the external interface of the router, not the SBS box. In this case, the router is configured with NAT turned on. The internal interface of the router and all my server devices are configured with private 192.168.1.### IP addresses.

In both cases I believe the router/modem performs the PPPoE authentication.
0
 

Author Comment

by:ArkAdmin
Comment Utility
Also...

Both NICs on the SBS box point to itself (the internal interface) for DNS.
The external interface of the SBS box points to the internal interface of the router/modem as the Gateway.
DHCP is handled by the SBS box. (Actually, DHCP is also enabled on the router/modem for now so that I can use the wireless access point located on the router/modem, but the external interface of the SBS box is configured statically of course.)
I believe the internal DNS server forwards DNS requests directly to the BST DNS servers, not to the router (although this might also work since the BST DNS server addresses also appear on the router/modem config page.)

I suppose that many of these settings depend on which number I pick (1, 2, or 3) during CEICW. I'm not really certain what is happening behind the scenes. I have already been through the CEICW once using option 1.
0
 
LVL 15

Expert Comment

by:plimpias
Comment Utility
I think the options that we are all recommending will work. It is just a matter of preference on your part.

I am recommending that your ISP turn off NAT on your device and your SBS server handle NAT request with the external NIC of the SBS beinghte internet connection with a public IP.

I think the other recommendations that others are making is to leave your router intact and having your SBS WAN connect to the LAN of the router. Then provide a different network for LAN


In my recommendation it would be

Internet - SBS WAN (PublicIP Used) - SBS LAN (PrivateIP)- CLIENTS

The other recommended option is

Internet - Netopia WAN (PublicIPUsed) - SBS WAN (PrivateIP) - SBS LAN (PrivateIP)- Clients

Hope that helps and clears it up whats giong on.
0
 
LVL 15

Expert Comment

by:plimpias
Comment Utility
Both NICs on the SBS box point to itself (the internal interface) for DNS.
It really doesn't matter where the external interface is pointing to. If the binding order is correct the SBS server should always use the internal interface for connection.

The external interface of the SBS box points to the internal interface of the router/modem as the Gateway.

The internal interface should not have a gateway entered. The external interface gateway will depend on which route you would like to take with the setup. Either route you take the gateway will not be pointing the the Internal inferface IP.

With my recommended setupthe gateway for the external is going to be whatever is currently setup on the router. So the your public ip info subnet and gateway will be taken off the router and put in the SBS WAN Nic. The internet interface will not have a gateway in place.

With the other recommended setup the gateway for the external interface will be the ip address of your router.(192.168.1.X) The internal interface does not have a gateway.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 300 total points
Comment Utility
The reason that #2 is not correct is because the SBS is not and should not be authenticating a PPOE connection.  This should be done at the Router.... as ArkAdmin has already stated.

And the reason that #3 is not correct is because  you have a router between your external NIC and the Internet... so it's not a direct connection.  Instead, it's double-NAT'd as shown in this example of how to configure an SBS with TWO NICs:  http://sbsurl.com/twonics

RWrigley... no offence... but have you ever set up a Windows Small Business Server?  Because the questions you have posed suggest that you are looking at this as a Standard Windows Server 2003 --- which is not the case.

Jeff
TechSoEasy
0
 
LVL 12

Expert Comment

by:RWrigley
Comment Utility
Jeff:

Yes, I have set up SBS...several different versions...in addition to standard windows server.  And I hasten to point out that SBS IS standard edition with some differences and lot of automation.  

If you read through the SBS installation document that plimpias linked to, its fairly clear that option 1 was designed for a system whereby all the computers in the network are accessing the internet via the router, not via the SBS server.  Now having said that, I've re-read some of Ark's comments, and the fact that his modem/router is also serving his wireless clients suggests that he probably should be using only one NIC (or teaming them), so that all of his equipment will be able to talk to each other.  In that case, option 1 in the way to go.  
0
 
LVL 15

Assisted Solution

by:plimpias
plimpias earned 100 total points
Comment Utility
I would agree in that not to use SBS with dual nic configuration and use option 1.

Jeff.

You said
The reason that #2 is not correct is because the SBS is not and should not be authenticating a PPOE connection.  This should be done at the Router.... as ArkAdmin has already stated.


Why should it not?
0
 

Author Comment

by:ArkAdmin
Comment Utility
Ok, Thanks to everyone. I don't feel so bad now for being confused ;)
For the sake of posterity I am using choice 1 with the 2 nics option. The public static ip is assigned to the external interface of the router. NAT is enabled.

In order to enable VPN access on my Netopia 3347W i had to use the Host Software option and host PPTP which forwards port 1723 and allows GRE encapsulation. The firewall must be set to ClearSailing which is a NAT controlled firewall setting.
As an alternative to port forwarding I could have used IP forwarding but I prefer not to have a public ip address assigned to the WAN side of my SBS box.

Again, thanks.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
ArkAdmin,

Glad you got it worked out.

RWrigley...  SBS is NOT Standard Edition with some differences and a lot of automation.  In fact, the whole reason that there is an SBS Zone here at EE is that I campaigned for it due to the fact that so many folks were being misguided with advice that would apply to a Stand-Alone Server 2003 configuration... but never on SBS.

To be exact... SBS "INCLUDES" Standard Server 2003, but only as a part of what all makes up SBS.  I'd suggest that you read my profile as well as this question which describes all this in greater detail: http:Q_21831460.html

plimpias...  why wouldn't you want to have the SBS authenticate a PPOE connection?  Mostly for security reasons.  With an SBS Standard Version that does not have ISA Server, if you have SBS authenticate the PPOE connection (or have a direct Internet connection of any kind) then the ONLY firewall is RRAS, which is not a very secure postion to be in.  That's why it's always a better idea to have a router/firewall out in front of your SBS.

Jeff
TechSoEasy
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now