Re: 2 NICs Configuration Problem

---

• From: "Bill Grant" <not.available@online>
• Date: Wed, 11 Apr 2007 18:06:06 +1000

---

That clears up the setup, but it doesn't really mean that you are not
bypassing the firewall. Connecting a server to the DMZ port is effectively
bypassing firewall filtering to that server. That is what it is for - to
allow a direct connection to the Internet. If that server also has a NIC in
the LAN, then the LAN is at risk.

"Paul" <paulbockmann@xxxxxxxxxxxxx> wrote in message
news:3B644E6F-2C5B-4ADF-8881-E3BED511E56C@xxxxxxxxxxxxxxxx

Firstly, nothing is bypassing the firewall - SB2003 server (192.168.16.2)
is
behind the firewall on the LAN port (192.168.16.1); The multihome server
(192.168.16.3 internal & 192.168.20.2 external) is behind the firewall on
the
DMZ port (192.168.20.1).

The SBS2003 server is physically connected to the LAN switch.
The multihome's internal nic is connected to the switch and its external
is
connected to the DMZ port on the firewall.
The switch is connected to the LAN port on the firewall.

Hope this clears things up. Again, no errors, all lan connectivity is
good,
just cant get the multihome to get out to the internet on its external
nic.
Talked to Sonicwall and they inform me that there is nothing blocking the
DMZ
outbound - so it should go.
Thanks
Paul
--
Paul Bockmann


"Bill Grant" wrote:

That all looks pretty dicey to me. Having a server on the LAN which
bypasses the firewall is never a good idea. What is the external NIC on
the
multihomed server physically connected to? Is the 192.168.20 network your
DMZ?

"Paul" <paulbockmann@xxxxxxxxxxxxx> wrote in message
news:E0CB6183-B201-4D92-A24D-737A4F1C8857@xxxxxxxxxxxxxxxx

I have seen a number of write-ups on this - good and bad, but none seem
to
make my situation work.
So, I have an SBS2003 (no ISA) with 1 nic > switch > Firewall LANport >
Internet as follows:

Host Name . . . . . . . . . . . . : thor
Primary Dns Suffix . . . . . . . : Removersgroup.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : Removersgroup.local

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.19
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Server Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
Network Co
nnection
Physical Address. . . . . . . . . : 00-03-47-30-63-68
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.16.1
DNS Servers . . . . . . . . . . . : 192.168.16.2
Primary WINS Server . . . . . . . : 192.168.16.2
*******************************************
I would like to add amember server2003 with 2 nics - 1 for Internal >
switch(WSUS, Backup Exec, Aux storage) and 1 for External > Firewall
DMZ
port (websites, WSUS updates) as follows:

Host Name . . . . . . . . . . . . : Quigley
Primary Dns Suffix . . . . . . . : Removersgroup.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Removersgroup.local

Ethernet adapter DMZ:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
Network Co
nnection
Physical Address. . . . . . . . . : 00-03-47-32-EE-EF
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.20.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.20.1
DNS Servers . . . . . . . . . . . : 192.168.16.2
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
Network Co
nnection #2
Physical Address. . . . . . . . . : 00-03-47-32-EE-EE
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.16.2
Primary WINS Server . . . . . . . : 192.168.16.2

Right now I am unable to connect to the internet via the External nic
on
the
webserver, although website service runs fine. I can also tie into the
webserver over the LAN with no problems. All in all, everything but
the
ability to call out to the internet via the webservers external nic
(192.168.20.2) works great; Unfortunately I would like to have WSUS
updates
follow this path.
I do not have DNS, WINS, or RRAS setup on the member server2003. I am
getting no errors to post here so I am somewhat at a loss - please
help.
Thanks
Paul


--
Paul Bockmann

.

---

• Follow-Ups:
  • Re: 2 NICs Configuration Problem
    • From: Bill Grant

• References:
  • 2 NICs Configuration Problem
    • From: Paul
  • Re: 2 NICs Configuration Problem
    • From: Bill Grant
  • Re: 2 NICs Configuration Problem
    • From: Paul

• Prev by Date: Remote taskkill say's "RPC is unavailable"
• Next by Date: Re: Remote taskkill say's "RPC is unavailable"
• Previous by thread: Re: 2 NICs Configuration Problem
• Next by thread: Re: 2 NICs Configuration Problem
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: More on Remote Desktop ... Chances are good, though, that he's already got VPN capabilities on his ... firewall to do it for $100. ... > server at home...or purchase additional/new hardware... ... >> my firewall makes the PPPoE connection to my ADSL ISP. ... (microsoft.public.windowsxp.network_web) Re: More on Remote Desktop ... on your firewall to the world, you will almost certainly get hacked. ... between your clients and server on your own LAN. ... your laptop into that LAN server has got to be making these two public IP's ... PPPoE connection to my ADSL ISP. ... (microsoft.public.windowsxp.network_web) Re: More on Remote Desktop ... Also note that if you use the default listening port for Remote Desktop there is no need to append ... >> point it to the Static IP of the internal server. ... >> firewall to get between your clients and server on your own LAN. ... >> mine setup so that my firewall makes the PPPoE connection to my ADSL ISP. ... (microsoft.public.windowsxp.network_web) Re: 2 NICs Configuration Problem ... Servers on the DMZ are public, ... provides NAT for the LAN machines, allowing them to reach the Internet ... effectively bypassing firewall filtering to that server. ... Ethernet adapter Server Local Area Connection: ... (microsoft.public.windows.server.networking) Re: SBS 2003 Firewall, joining domain, logons ... Windows firewall doesn't run on the SBS - if it's running then we'd have ... The main windows of the firewall has a message 'windows firewall is using ... Ethernet adapter Server Local Area Connection: ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.networking  > 2007-04