Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Need help setting up IP routing to SBS 2003 with Public LAN/WAN

Posted on 2009-07-15
10
Medium Priority
?
1,166 Views
Last Modified: 2012-06-21
Experts-
I received static IP addresses from AT&T.  They gave me two sets, a public WAN and a public LAN (these are obviously not the real IPs):
WAN
IPs: 89.123.11.142/143
Subnet Mask: 255.255.255.252
Gateway: 89.123.11.141
LAN
Useable IPs: 79.123.22.241/245
Subnet Mask: 255.255.255.248
Gateway: 79.123.22.246

The office consists of a DSL modem ->Linksys WRT54G router -> SBS 2003 server ->workstations
Additionally, the SBS 2003 server is a mail server with an MX record and linked to a LAN IP.  I need to be able to see the server from the Internet (ping it, send mail, remote access, etc).  SBS has a dual NIC and from what I understand is supposed to be setup with one internal NAT network and one external ISP network.

Diagram below is how I have it setup now.
 
My problem is that I cannot see the server from the Internet.  I need the Linksys router for office wireless connectivity (printers, notebooks, etc).  AT&T will not allow the LAN IPs to be on their network and they control routing from the 89.x subnet to resolve to 79.x.  I can ping both 89.x IP addresses as well as the Linksys LAN side (79.123.22.246).  But, even putting the SBS server IP (79.123.22.245) in the DMZ does not allow me to see it from the Internet.  Port forwarding also doesnt work.  Am I missing something?

Thanks,
-Joe


PerkovichNetworkIssue.jpg
0
Comment
Question by:jetcosys
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
10 Comments
 
LVL 13

Expert Comment

by:murgroup
ID: 24863400
First you need to put the DSL modem in bridged mode so that it forwards all traffice to the Linksys. My guess is the modem is doing NAT and probably has a built in firewall. your DSL provider can help you get it into bridged mode.
Then setup the LInksys with your public IP of 142 or 143, the subnet of 255.255.255.252 and gateway of 141.
Once you have internet access create port forwarding rules for your needed services to the sbs server.
Keep in mind the Linksys is a home router and not intended for business. I would purchase a business class firewall.
0
 
LVL 6

Accepted Solution

by:
Citacomp earned 1000 total points
ID: 24864159
If you need the Linksys router for office printers, etc., why don't you have it on the LAN side of your SBS?  This should take care of your problems.

If you need to keep the Linksys at it's place in the chain for some reason, then I would think that static routing might need to be configured on the device.
0
 

Author Comment

by:jetcosys
ID: 24864901
Thanks for the quick responses!

murgroup: The modem is in bridged mode already and must be set to the WAN IP (141), so the Linksys WAN side is set to 142 and the Linksys LAN side to the 246.  That part all works as expected.  The forwarding of ports doesn't work however.  I can ping 246 and have ports forwarded to 245 (SBS Server), but the traffic never relays.  You're right, I should use a biz class router, but for a small office, this is fine.

Citacomp: interesting idea.  I actually never thought of that.  Do you know if this Linksys can be a router instead of a gateway and forward DHCP from the server?

Thanks for the help,
-Joe
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 13

Assisted Solution

by:murgroup
murgroup earned 1000 total points
ID: 24865109
Yes you can use the Linksys for wireless only. just plug it into your network and make sure it's on the same subnet at the internal LAN.
I've never heard of a Public LAN being assigned by the ISP. Normally you choose what your internal range is going to be ie 192.168.1.1-254
If the modem is in bridged mode your setup in the linksys would look like:
WAN:
Static IP: 89.123.11.142
Subnet: 255.255.255.252
Gateway: 89.123.11.141
DNS: your public DNS servers

LAN IP: 192.168.1.1 or whatever.
Subnet: 255.255.255.0

Then in SBS you would only use one NIC and it would have an IP of say:
IP: 192.168.1.5
SUB:255.255.255.0
Gateway: 192.168.1.1

Run the Internet connection wizard and tell it to use only one NIC. The defualt gateway of 192.168.1.1, your external dns servers and finish the wizard.
Everything should work fine if your modem is in bridged mode. If not the modem could be your issue.
Also I'm not sure if AT&T uses PPPoE or PPPoA. That can cause issues and the router should support PPPoE.

0
 

Author Comment

by:jetcosys
ID: 24865208
Ok, will move the Linksys and see what happens.  I've never heard of the ISP giving two IP ranges either, but it's what AT&T did this time.  The reason I need the Public LAN IP is because the server is an MX and to properly register the reverse lookup in DNS, I had to have AT&T assign the IP.  I had it setup as you described above exactly but too much mail has been non-deliverable due to the reverse DNS not being the mail.server.com address.  It's a mess man.
0
 
LVL 13

Expert Comment

by:murgroup
ID: 24865270
Strange, AT&T should control RDNS for your public IP and it should be an easy fix on their end. I have many many clients setup like that and the ISP always controls RDNS. Good luck with this issue.
0
 
LVL 6

Expert Comment

by:Citacomp
ID: 24865360
A further note about the Linksys.  When you connect it to your LAN side, don't plug anything in to the WAN port and make sure DHCP is off (assuming that the SBS is serving DHCP).  I suppose it'd be possible to use the WAN port if you turned of NAT, but instead of messing around with the configuration it's easier to just not use it.

Is your SBS Premium or Standard?
0
 

Author Comment

by:jetcosys
ID: 24865381
Yah, I already disabled DHCP on the router since SBS is issuing DHCP and will plug in on the LAN side only.  SBS is standard version.  Thanks for the advice!  :)

-J
0
 

Author Comment

by:jetcosys
ID: 24874724
Ok, I removed the Linksys router which did not work because my server must have an IP address on the public LAN side (79 subnet) and the DSL modem is on the WAN side (89 Subnet) which makes the gateway on the different ip segment.  Then, in looking at the options on the server NIC, I remembered that you can multi-home a single NIC.  I used the advanced TCP/IP settings and assigned the server NIC an IP address from 79, gateway from 89...then in the advanced area, an IP from 89 and the gateway from 79.  Not sure why or how, but this configuration works.
0
 

Author Closing Comment

by:jetcosys
ID: 31603911
Split the points evenly between the two experts as both assisted with advice on a solution I ultimately determined.
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question