Best practice SBS internet 2 nics and/or router? 2

[ceej]

There seems to be a couple of different ways to connect to an ISP w/ SBS2003.

Am I correct in thinking that its pretty much impossible and not recommended to try and use DHCP on a server that has 2 NICs and No router? (just a DSL modem)

I've read that some are using a Modem > Router (DHCP turned off) > External NIC (dynamic ip) > Internal NIC (Static) and then Users.

Is this what you would recommend? Or would you just attach the Router to the Switch (with AV/Firewall setup) and call it a day?

Thanks,

 

[LWComputingMVP]

Huh?

I've not seen any problems with a DHCP server and multiple NICs... what problem are you seeing?

 

[ceej]

lwcomputing,

I'm not certain how this would work: the DSL modem will want to assign an ip (dynamic) to the external NIC. If the external NIC is setup to Auto IP, then the DHCP will automatically assign an IP to it (preventing the connection to the DSL modem. The modem is not a router.

Right now in my test system I have a modem > router > 2003 server (DHCP) > switch > workstations. The 2003 server can connect to the internet, but the workstations can't. I'm sure the DNS server is at fault, but I'm not certain what to change.

CJ

 

[LWComputingMVP]

Your server should have one NIC that is static (on the LAN) and the other that is dynamic - getting the IP from the DSL modem. Then your clients will use the server as a router and DHCP will hand out addresses to the LAN side of things.

 

[Danny28]

I think the original intent of your question was, which is better, the DUAL NIC configuration, or using a router.

Either is just as good, but know that you must use the DUAL NIC configuration if you are going to use properly use the ISA product found in SBS 2003 Premium. One NIC is assigned an external IP address. Since all WAN traffic flows in and out of the server, ISA can then restrict certain addresses or ports.

I myself do not use ISA. I do all of my network control with a router/firewall. My WAN connection (DSL) comes into the WAN port of my firewall. My switches connect to the LAN port of my firewall, and other networks connect to the DMZ ports on my firewall. Although my server has two NICS installed, only one of them is activated. This NIC has a static address on my local LAN segment. The router is set forward various ports to the server for various services.

The benefit of not having your WAN connection flow through your server is that your LAN clients will still be able to access WAN resources when the server is being rebooted/down (provided they have another source of DNS).

The benefit of using the DUAL NIC configuration is that it will probably be easier for you to setup VPN and remote desktop functions of SBS (not that its that hard). Also, you will probably have more granular control with ISA since it integrates with your group policies and what not.

 

[ceej]

It seems the router is the easiest to setup & configure.

Going back to the DUAL NIC config. If the external NIC is setup for dynamic IP, what is preventing DHCP on the server from assigning a network IP to it? Also, how would the DNS server know where to forward?

On the other hand, if the external NIC is a static IP, then how does it connect to the dynamic ip of the modem?

I've installed 2003 server about 5 or 6 times with different configurations. The wizards are helpful, but so far I've been unable to setup it up correctly. My system has a dual nic config. One nic plugs into the switch, the other nic plugs into the router.

 

[Danny28]

Are you using ISA or not?

 

[Danny28]

Also, when you say router, is this a router in addition to the DSL router, or are you just referring to the DSL router?

If you have a router, and the DSL router, then you are actually doing a 2NIC + router config. That config is not supported in most documentation you will find. They intend for a dual NIC SBS server with ISA to have the external NIC plug directly into your DSL/CABLE router box, and the internal NIC plug into a switch/hub.

Here are some instructions that discuss that config:

http://www.smallbizserver.net/Default.aspx?tabid=266&articleType=ArticleView&articleId=76

 

[ceej]

The DSL is just a modem (not a combo). I plugged the DSL modem into a wireless router which is plugged into the external nic, the internal nic connects to the switch.

Generally, I've only installed AD, DNS, & DHCP. This install also has Remote Access.

I've followed the recommended instructions. Here is my setup

Router ip: 192.168.0.3
External ip: 192.168.0.2
GW ip: 192.168.0.3
DNS ip: 192.168.0.1
Internal ip: 192.168.0.1
GW ip: blank
DNS ip: 192.168.0.1
Client ip: 192.168.0.15
GW ip: 192.168.0.1
DHCP svr ip: 192.168.0.1
DNS ip: 192.168.0.1

From the server I can access the internet, but the workstations can't. Client can ping the server (192.168.0.1), but the server can't ping the client. Very strange.

 

[TechSoEasyMVP]

Your problem is that you need to have separate IP subnets on each of the SBS's NICs. An example of a TWO NIC configuration can be found here:

http://sbsurl.com/twonics

I'd suggest that you also review the recommended wireless configuration for SBS here:

http://sbsurl.com/wireless

Jeffrey B. Kane
TechSoEasy

http://www.techsoeasy.com

Blog:

http://techsoeasy.spaces.live.com

 

[ceej]

You were right. The workstations now have internet.

Thank you very much.

CJ

 

[Danny28]

I'm glad you found your error in making the external IP on the 192.168.0 net instead of the 192.168.1 net. Also, know that you can don't have to use those IPs ranges. You could use any other nonroutable IPs for your LAN such as 10.0.0.
Even though they go to exactly the same place, I guess TechsoEasy's url is easier to remember if you have to type it.

 

[TechSoEasyMVP]

They do go to the same place... sorry I didn't notice that you linked it above.



Jeffrey B. Kane
TechSoEasy

http://www.techsoeasy.com

Blog:

http://techsoeasy.spaces.live.com