Announcement

Collapse
No announcement yet.

Access my Modem Router on Dual Nic SBS 2003

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Access my Modem Router on Dual Nic SBS 2003

    Hi guys,

    Very new to these forums. Every time I google trying to find answers to problems, there is always at least one link to these forums. Unfortunately I cannot find the latest problem with Google.

    Im sure this is a simple problem. I cannot get into my Modem Web Interface from SBS 2003 or any Desktop PC's behind it. Only way to get in is to plug my laptop directly into the router and set static IP address (Routers DHCP disabled as SBS 2003 handles it).

    Pretty basic setup. I have SBS 2003 R2 Standard Ed. I have the Router connected to the External Nic, and then from the Internal Nic to the Switch and Desktops.

    External Nic Settings
    IP Address: xx.xx.xx.105
    Subnet: 255.255.255.0
    Gateway: xx.xx.xx.254 (Routers IP address)
    DNS: xx.xx.xx.110

    Internal Nic Settings
    IP Address: xx.xx.xx.110
    Subnet: 255.255.255.0
    Gateway: BLANK
    DNS: xx.xx.xx.110

    I only just added the second Nic last night. Before that it was a Single Nic with the Router plugged directly into the Switch. Other than that, I don't believe anything has changed.

    Look forward to resolving this annoying issue. THanks in advance.

  • #2
    Re: Access my Modem Router on Dual Nic SBS 2003

    You are running Standard so why the 2 NICs? This is not a supported/recommended (can't remember which at the moment) configuration.

    Did you re-run the CEICW after installing the new NIC?

    If that doesn't work, we are going to need some IPs. The Default Gateway should still be on a Private IP Range so disclosing it or the other Internal IPs will not be a security problem. The only IP you need to keep private is your Public IP on the Internet side of the modem.

    The way you have it at present we can't tell if you have the xx.xx.xx.254 on the same Range as xx.xx.xx.105

    Alternatively disguise your IPs so we can at least differentiate between the 2 NICs.
    1 1 was a racehorse.
    2 2 was 1 2.
    1 1 1 1 race 1 day,
    2 2 1 1 2

    Comment


    • #3
      Re: Access my Modem Router on Dual Nic SBS 2003

      I have to second Biggles: Why the second NIC? Unless you are installing ISA server (which is only included in SBS Premium) there's no real need for it.

      I would suspect the problem is that you haven't configured SBS as a Router. The internal network will need to be on a private IP range (say 192.168.x.x) and the external on another private range (172.16.x.x or 10.x.x.x) and Routing and Remote Access must be configured to route between these networks. Re-running the CEICW is the best way to do this - almost everything in SBS is wizard driven.

      Do you still have internet access on the PCs connected to the internal network? I'd be very surprised if you did....
      BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
      sigpic
      Cruachan's Blog

      Comment


      • #4
        Re: Access my Modem Router on Dual Nic SBS 2003

        From very distant memory I thought even standard was setup with 2 NICs (apart from during the installation where it was best to disable one) so RRAS was setup to "protect" the rest of the network. The SBS was the gateway for the machines even without ISA installed with premium? Shows how long it has been for me I guess.

        c0cl3c - can you ping the router ok?
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: Access my Modem Router on Dual Nic SBS 2003

          Originally posted by AndyJG247 View Post
          From very distant memory I thought even standard was setup with 2 NICs (apart from during the installation where it was best to disable one) so RRAS was setup to "protect" the rest of the network. The SBS was the gateway for the machines even without ISA installed with premium? Shows how long it has been for me I guess.
          You may well be right, the last time I set SBS up was on my home server which was single NIC at the time. If it was installed with 1 NIC though there'll be no routing between the 2 NICs until the wizard is run again or RRAS is manually configured.
          BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
          sigpic
          Cruachan's Blog

          Comment


          • #6
            Re: Access my Modem Router on Dual Nic SBS 2003

            Originally posted by biggles77 View Post
            You are running Standard so why the 2 NICs? This is not a supported/recommended (can't remember which at the moment) configuration.
            It is supported - the wizard gives you the option of making SBS Standard a router, but best practices say to avoid putting a DC at the network edge. SBS Premium is the exception to the rule, purely because of the limitations applied to SBS. There are arguements for and against - as Andy pointed out, at least if you use this configuration and setup RRaS there is another layer of firewall protection.

            Originally posted by cruachan
            until the wizard is run again or RRAS is manually configured
            Generally best with SBS not to manually configure anything that can be configured with a wizard.
            Gareth Howells

            BSc (Hons), MBCS, MCP, MCDST, ICCE

            Any advice is given in good faith and without warranty.

            Please give reputation points if somebody has helped you.

            "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

            "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

            Comment


            • #7
              Re: Access my Modem Router on Dual Nic SBS 2003

              Well seems I came to the correct place. Great replys from all. Cannot thank you enough.

              Few weeks ago I had a client ask for me to setup their network so that they can choose which users are able to connect t the Net. I believe this is a job for ISA.

              Is this correct, or can someone recommend an easier way to do it with maybe a third party program.

              I have never used ISA before. I have done many single Nic SBS 2003 installs for my business and my clients and never had a problem. I got a copy of ISA 2004 to trial. I want to research it so that I can support it on my clients machine. We will probably get SBS 2008 for my client but I beleive it has a similar setup to ISA 2004.

              Some IP's
              SBS 2003 External: 20.1.1.105
              SBS 2003 Internal: 20.1.1.110
              Modem Router: 20.1.1.100 (Once again, DHCP on Modem is disabled)
              Subnet for all: 255.255.255.0
              Port Forwarding: I have set the port forwarding up manually as my modem has an extremely good hardware firewall built in. Just a little scared to set up a DMZ and let Windows do all the filtering. Have not had a problem connecting externally after doing this.

              At the moment ISA is NOT installed. I believe I need to get my network sorted before I get into anything else.

              Originally posted by AndyJG247 View Post
              c0cl3c - can you ping the router ok?
              No. Also also just noticed that I cannot ping my Linux server, nor can I connect to it from inside the local network. The server is outside the SBS 2003 network, connected directly to the Modem Router.
              Last edited by c0cl3c; 11th January 2009, 23:16.

              Comment


              • #8
                Re: Access my Modem Router on Dual Nic SBS 2003

                Originally posted by biggles77 View Post
                Did you re-run the CEICW after installing the new NIC?
                Yes I did. All seems to be working. Email works as does VPN.

                I should mention that this Server hosts email locally. Our employees do not have the patience to wait for POP Connect to do it's thing haha.

                Comment


                • #9
                  Re: Access my Modem Router on Dual Nic SBS 2003

                  Make sure the internal nic is set to primary in the bindings (i'm going to guess it is in this situ because of the next sentence.

                  Out of interest I thought the internal and external NICs needed to be on different networks? The SBS won't know which NIC to send the traffic out so will, to condense, send it out the internal and not get a reply.

                  20.x.x.x is also not a private IP range.
                  cheers
                  Andy

                  Please read this before you post:


                  Quis custodiet ipsos custodes?

                  Comment


                  • #10
                    Re: Access my Modem Router on Dual Nic SBS 2003

                    hahahahahah!!!

                    so happy I could cry

                    I actually figured it out, then went back into these forums to post my findings and Andy's also figured it out.

                    It was exactly that. Such a n00b mistake.

                    I set my modem and my External network card to 20.1.50.105 (SBS) and 20.1.50.254 (modem) and it was instantly working. I am guessing that all I need to do now is change the IP on the Linux Server now being that it is external.

                    Eventually I plan on putting the Linux server between SBS and the net, just to confuse any curious fellows who stumble onto our network. It's only used for a XMPP IM server so perfect as a frontline defense.

                    Thank you all again for your responses.

                    My question about ISA still stands though. Let me know if you want it in it's own post.

                    Is ISA the best way to choose which users can access the net, and which cannot? Or is there a better program out there for this. Any suggestions would help. There will only be 6 Desktops. I am guessing that Dual Nics will still be needed whatever the solution as a Proxy Server will still need to do the work. Unless someone recommends software installed on each desktop

                    Comment


                    • #11
                      Re: Access my Modem Router on Dual Nic SBS 2003

                      Without ISA or a similar proxy server, the only way to prevent users from accessing the internet is to configure invalid proxy settings in theor browser. That is easily changed by the users back to a valid setting, or they could just use an alternative browser - even without being able to install software they could still run something like FirefoxPortable. If you need to control access to the internet, invest in a proxy server. ISA would be my product of choice.
                      Gareth Howells

                      BSc (Hons), MBCS, MCP, MCDST, ICCE

                      Any advice is given in good faith and without warranty.

                      Please give reputation points if somebody has helped you.

                      "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                      "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                      Comment


                      • #12
                        Re: Access my Modem Router on Dual Nic SBS 2003

                        gforceindustries pretty much covered it there. You can use GPOs to enforce an invalid proxy and then deny access to the relevant parts of the Internet Explorer menus to prevent them changing it back, but then you would also need to setup policies to block any alternative browsers from being installed as they will not be AD aware and so you can't enforce policies on them. There is a GPO aware version of Firefox I think, but still in Beta.

                        If you configure ISA as a proxy (default behaviour in SBS cos I just set one up last week!) then a browser needs the proxy details configured and also the user needs to authenticate with their AD username and password. (this is done by Integrated Windows Authentication in IE, so transparent to the users. Other browsers will prompt for credentials) Create a group called Internet Users and add all the users who are allowed access and then in ISA replace the All Users group with the Internet Users group in the default SBS Internet Access Rule and also in any other appropriate rules.
                        BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
                        sigpic
                        Cruachan's Blog

                        Comment


                        • #13
                          Re: Access my Modem Router on Dual Nic SBS 2003

                          Originally posted by cruachan View Post
                          There is a GPO aware version of Firefox I think, but still in Beta.
                          Last time I checked, it was also horribly out of date. And it's really not a good idea to be running a browser that old.

                          Originally posted by cruachan View Post
                          gforceindustries pretty much covered it there
                          I do my best
                          Gareth Howells

                          BSc (Hons), MBCS, MCP, MCDST, ICCE

                          Any advice is given in good faith and without warranty.

                          Please give reputation points if somebody has helped you.

                          "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                          "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                          Comment


                          • #14
                            Re: Access my Modem Router on Dual Nic SBS 2003

                            Now I am absolutely sure I came to the right place to research these things.

                            I will continue with my original course of action. Last time I installed ISA I couldnt get any computers connected to the internet, but I know understand what I did wrong with the networking which would have been the cause of my problems.

                            Thanks again guys. I will check these forums as often as I can and try to contribute when I see posts that I might know a bit about from past experiences.

                            Sure you all would know, lot of PAST EXPERIENCES in the IT industry.

                            Comment

                            Working...
                            X