Questions

SBS 2003 Internet Access 2NIC

Tags:
+
0 Votes
Locked

SBS 2003 Internet Access 2NIC

ciprian.ghita
I have a SBS 2003 with 2 NICs, Internal + External. External NIC is connected directly to the SDSL router that provide me an external IP (I have 192.168.0.3 that goes to 87.xxx.xxx.x)
The internal NIC is connected to the switch for clients LAN access, and this switch is connected to another router for users internet access. This switch can provide another address to my internal NIC server (192.168.1.2 can goes to 85.xx.xxx.xxx). This I used only when the main router is down.

My problem is that sometimes my server can?t access the internet or can?t be accessed from internet. I have a web page, ftp and OWA on this server. If I activate the gateway for the internal NIC is working fine.

I rerun the Internet and Email wizard but was working only 1 min. after I accessing from outside my web page the server was stuck. If I put manualy the Ip provided for internal NIC is working perfect !

After some minutes the external NIC is working again...

I have the next configuration:
Internal LAN
IP 192.168.1.2
mask 255.255.255.0
Gateway: nothing (192.168.1.1 only when I want to go out through this provider)
DNS 1: 192.168.1.2 (himself)
DNS 2: nothing

External NIC
IP 192.168.0.3 (the router is providing 87.xxx.xxx.1 for outside)
Mask 255.255.255.0
Gateway: 192.168.0.1
DNS 1: 192.168.1.2 (my internal DNS)
DNS 2: 87.xxx.xxx.x (my ISP dns)

What is wrong ?
  • +
    0 Votes
    bart777

    I would re-ip the firewall to be on the 192.168.1 network. Then change the PC's thru DHCP to point to firewall.
    Next change the server to point to the same place.
    Now set the firewall to forward the appropriate trafic to server. Things like SMTP, Web, SSL, Etc.

    All of the SBS setups I've done have been put together this way since the 2nd nic can cause such headaches.

    Good Luck

    +
    0 Votes
    kraig.godden

    Thanks for your quick reply, so what you?re saying is use one network card right, and are you saying to connect the router to the switch. If this is what you?re saying then that is what I did in the first place but I was told this might cause a security threat

    Sorry this is my first sbs 2003 server so I have little experience

    +
    0 Votes
    bart777

    However as long as your router is protecting your network you don't have an issue. Now the 1 thing to keep in mind is that the risk to your server is the same no matter which way you go. The thing is that wneh you add that second network between the server and the router you are really just adding a layer of additional headache for yourself.

    If you are overly concerned with the outside access to your network thru the router I would take a very close look at that device and make sure that all un needed ports are not open. Also verify that the ports that ARE open are routed to where they belong.

    +
    0 Votes
    kraig.godden

    thanks bart I am going to take your advice and go for it,

    fingers crossed

    thanks again, have a nice day

  • +
    0 Votes
    bart777

    I would re-ip the firewall to be on the 192.168.1 network. Then change the PC's thru DHCP to point to firewall.
    Next change the server to point to the same place.
    Now set the firewall to forward the appropriate trafic to server. Things like SMTP, Web, SSL, Etc.

    All of the SBS setups I've done have been put together this way since the 2nd nic can cause such headaches.

    Good Luck

    +
    0 Votes
    kraig.godden

    Thanks for your quick reply, so what you?re saying is use one network card right, and are you saying to connect the router to the switch. If this is what you?re saying then that is what I did in the first place but I was told this might cause a security threat

    Sorry this is my first sbs 2003 server so I have little experience

    +
    0 Votes
    bart777

    However as long as your router is protecting your network you don't have an issue. Now the 1 thing to keep in mind is that the risk to your server is the same no matter which way you go. The thing is that wneh you add that second network between the server and the router you are really just adding a layer of additional headache for yourself.

    If you are overly concerned with the outside access to your network thru the router I would take a very close look at that device and make sure that all un needed ports are not open. Also verify that the ports that ARE open are routed to where they belong.

    +
    0 Votes
    kraig.godden

    thanks bart I am going to take your advice and go for it,

    fingers crossed

    thanks again, have a nice day