Re: 2 NICs Configuration Problem

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Bill,
Thanks you for the clarification - you need a job at Sonicwall; I have an
open case on this and they have been working with me to no avail. This
article certainly helps me to clear things up, now I need to talk to
Sonicwall and see to setting up the DMZ properly.
Many thanks for your assistance

--
Paul Bockmann


"Bill Grant" wrote:

See this diagram which shows more clearly what I am talking about.
Servers on the DMZ are public, not private.

http://www.ssimail.com/Zoneguard.htm

"Bill Grant" <not.available@online> wrote in message
news:OQoc3bCfHHA.2332@xxxxxxxxxxxxxxxxxxxxxxx
It also explains why your server cannot access the Internet. The firewall
provides NAT for the LAN machines, allowing them to reach the Internet
using the firewall's public IP. Machines in the DMZ are not behind the
NAT, so they neeed a routable public IP to access the Internet directly.
Private IPs cannot cross the Internet. The Internet routers are programmed
to drop packets with private IP addresses.

"Bill Grant" <not.available@online> wrote in message
news:ujpccDBfHHA.2396@xxxxxxxxxxxxxxxxxxxxxxx
That clears up the setup, but it doesn't really mean that you are not
bypassing the firewall. Connecting a server to the DMZ port is
effectively bypassing firewall filtering to that server. That is what it
is for - to allow a direct connection to the Internet. If that server
also has a NIC in the LAN, then the LAN is at risk.

"Paul" <paulbockmann@xxxxxxxxxxxxx> wrote in message
news:3B644E6F-2C5B-4ADF-8881-E3BED511E56C@xxxxxxxxxxxxxxxx
Firstly, nothing is bypassing the firewall - SB2003 server
(192.168.16.2) is
behind the firewall on the LAN port (192.168.16.1); The multihome server
(192.168.16.3 internal & 192.168.20.2 external) is behind the firewall
on the
DMZ port (192.168.20.1).

The SBS2003 server is physically connected to the LAN switch.
The multihome's internal nic is connected to the switch and its external
is
connected to the DMZ port on the firewall.
The switch is connected to the LAN port on the firewall.

Hope this clears things up. Again, no errors, all lan connectivity is
good,
just cant get the multihome to get out to the internet on its external
nic.
Talked to Sonicwall and they inform me that there is nothing blocking
the DMZ
outbound - so it should go.
Thanks
Paul
--
Paul Bockmann


"Bill Grant" wrote:

That all looks pretty dicey to me. Having a server on the LAN which
bypasses the firewall is never a good idea. What is the external NIC on
the
multihomed server physically connected to? Is the 192.168.20 network
your
DMZ?

"Paul" <paulbockmann@xxxxxxxxxxxxx> wrote in message
news:E0CB6183-B201-4D92-A24D-737A4F1C8857@xxxxxxxxxxxxxxxx
I have seen a number of write-ups on this - good and bad, but none
seem to
make my situation work.
So, I have an SBS2003 (no ISA) with 1 nic > switch > Firewall LANport
>
Internet as follows:

Host Name . . . . . . . . . . . . : thor
Primary Dns Suffix . . . . . . . : Removersgroup.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : Removersgroup.local

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.19
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Server Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
Network Co
nnection
Physical Address. . . . . . . . . : 00-03-47-30-63-68
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.16.1
DNS Servers . . . . . . . . . . . : 192.168.16.2
Primary WINS Server . . . . . . . : 192.168.16.2
*******************************************
I would like to add amember server2003 with 2 nics - 1 for Internal >
switch(WSUS, Backup Exec, Aux storage) and 1 for External > Firewall
DMZ
port (websites, WSUS updates) as follows:

Host Name . . . . . . . . . . . . : Quigley
Primary Dns Suffix . . . . . . . : Removersgroup.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Removersgroup.local

Ethernet adapter DMZ:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
Network Co
nnection
Physical Address. . . . . . . . . : 00-03-47-32-EE-EF
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.20.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.20.1
DNS Servers . . . . . . . . . . . : 192.168.16.2
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
Network Co
nnection #2
Physical Address. . . . . . . . . : 00-03-47-32-EE-EE
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.16.2
Primary WINS Server . . . . . . . : 192.168.16.2

Right now I am unable to connect to the internet via the External nic
on
the
webserver, although website service runs fine. I can also tie into
the
webserver over the LAN with no problems. All in all, everything but
the
ability to call out to the internet via the webservers external nic
(192.168.20.2) works great; Unfortunately I would like to have WSUS
updates
follow this path.
I do not have DNS, WINS, or RRAS setup on the member server2003. I
am
getting no errors to post here so I am somewhat at a loss - please
help.
Thanks
Paul


--
Paul Bockmann










.

Relevant Pages

  • Re: Outgoing POP3 email missing/lost/not received
    ... ISP's mail server instead of the domain name on the ... SUMMARY OF SETTINGS FOR CONFIGURE E-MAIL AND INTERNET ... Internet Connection Wizard. ... After the wizard completes, the following network connection ...
    (microsoft.public.windows.server.sbs)
  • Re: Urgent! New router and big disaster
    ... Anyway the Server Ipconfig /all is this... ... Server Local Area Connection: ... Les Connor [SBS Community Member - SBS MVP] ... First Page of the Internet Connection Wizard, ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN breaks after installing patches
    ... Now I understand that you are using the PPPoE connection and no router is ... a virtual network adapter will be ... 825763 How to configure Internet access in Windows Small Business Server ... Run the Change Server IP Address to change the internal IP address. ...
    (microsoft.public.windows.server.sbs)
  • Re: Urgent! New router and big disaster
    ... I checked the binding order and the Server Local area connection is at the top. ... I should have been more clear about internet connection.. ... I wonder if I may have missed a firewall setting on the router as well. ...
    (microsoft.public.windows.server.sbs)
  • Re: Non-domain connection problem
    ... Ethernet adapter Local Area Connection: ... Connection-specific DNS Suffix. ... I hard coded the DNS server to a known DNS on the internet: ... Again this had no effect on the ability to connect to the internet. ...
    (microsoft.public.windows.server.sbs)