Questions

Answer for:

Need to configure server for software purpose, ICS and NAT

Message 2 of 2

View entire thread
+
0 Votes
gechurch

This is a really loaded set of questions. I'll give a broad idea of your options, but will need you to implement what you can and specify some of your goals more clearly in order to get specific. For example:
- Do you want the server to do DNS/DHCP?
- How will the server communicate to head office? NAT/Port forwarding? VPN? HTTP?
- Do you simply want to enable Internet access for the workstations, or do you need to monitor/filter access?

Anyway, you will want a DHCP server to dish out IP addresses. You can either configure the modem to do this, or can set it up as a role on the server. The modem will likely be configured as a DHCP server out of the box, and will dish out your ISPs DNS servers (or other ones if you specify something different). In other words, there's probably nothing else to do, except make sure the static IP of the server is not in the DHCP scope. If you want server 2003 to be the DHCP server you will need to go to Add Role and add the DHCP Server role. You then configure a scope (tell it which range of IP addresses to hand out). As scope options you will need to add a Router (ie. default gateway) and DNS servers at minimum. The router will obviously be the static IP of your modem. The DNS servers can either be something public (like 8.8.8.8) or can be the servers IP address if you choose to set up the DNS role on the server.

So on to DNS - if you want the server to handle this you again install it as a role. You'll need to tell it how to find DNS servers that it doesn't know about. The easiest way to do this is to set up forwarders - that is, a public DNS server that DNS requests can be passed on to if your server can't resolve it). You can use your ISPs or other public DNS servers (again, like 8.8.8.8).

An alternate to the above is if you want to monitor the clients Internet access. If this is the case you would set the server as your proxy server, and configure the server with the monitoring/filtering software. You'd also plug the modem into one network card on the server, and plug the other server card into the rest of the network. That way all traffic must physically pass through your server to get out to the Internet.

Next you'll need to enable access to head office. If head office needs to communicate over a TCP or UDP port then yuo need to set up port forwarding on the modem. You do this by logging in to the modem and finding the port forwarding (sometimes called virtual server) settings. Add a new rule, tell it which TCP/UDP port to forward, and tell it where to send traffic that comes in over this port (which will be the static IP of you server by the sounds of it). You might also have to enable a firewall rule on the server and/or modem to have the port forward work.

If the app will instead talk to head office over a VPN connection you can either buy a VPN router (preferred option) and configure it with the correct VPN settings, or can have the server VPN in to head office.

If the app is a simple web-based thing then you shouldn't have to configure anything extra.


As you can see when generic questions are asked, the answers tend to be long-winded and not very specific. I encourage you to start implementing whichever of the above suits you best. The keywords I have mentioned will be enough for you to Google all of the how-to information you need. If you need some advice specific to your situation or get stuck on something specific then by all means come back and ask more questions. Just be sure to be clear about what it is you are trying to achieve and what it is you have tried so far.