Re: Static IP Address HELP !!

From: Marina Roos [SBS-MVP] (marina_at_roos.nodontwantspam.nl.com)
Date: 07/10/04

Next message: Marina Roos [SBS-MVP]: "Re: Company Web and CEICW error"
Previous message: Malcolm \(vvaatvl\): "Re: Static IP Address HELP !!"
In reply to: Malcolm \(vvaatvl\): "Re: Static IP Address HELP !!"
Next in thread: Stuart Mackie [MCP, MSP]: "Re: Static IP Address HELP !!"
Messages sorted by: [ date ] [ thread ]

Date: Sat, 10 Jul 2004 02:12:45 +0200

Malcolm,

If using 2 nics and a router, you will always have to forward to your
external nic-IP, not to your internal one.

-- 
Regards,
Marina
Microsoft SBS-MVP
"Malcolm (vvaatvl)" <not@this.time> schreef in bericht
news:ens71FhZEHA.1152@TK2MSFTNGP09.phx.gbl...
> > After a nights sleep ?  I was talking with you this morning [UK time],
you
> > got a nights sleep in between ?  :)
>
> Yeah!!  Us ozzies lead the rest of the world you know - by 10-14 hours <G>
>
> > So with what you posted earlier and the default SBS2k3 settings in the
> above
> > document, your configuration should be :
> >
> > Router: External IP - 220.240.xxx.xxx
> >             Internal IP - 192.168.0.1
> >             Subnet Mask - 255.255.255.0
> >
> > Server External : IP - 192.168.0.2
> >                           Subnet Mask - 255.255.255.0
> >                           Gateway - 192.168.0.1 (Router Internal IP)
> >                           DNS - 192.162.16.2 (Server Internal IP)
> >
> > Server Internal : IP - 192.162.16.2
> >                          Subnet Mask - 255.255.255.0
> >                          Gateway - Empty
> >                           DNS - 192.162.16.2 (Server Internal IP -
itself)
> >
> >
> That's exactly how it is setup
>
>
> > Its unlikely your ISP is causing the problem, although some do block
SMTP
> > and VPN ports so it isn't completely impossible.
> >
>
> OK
>
> > If your server isn't handling your email at the minute, is your email
> hosted
> > externally ?
> >
> This is a new setup.  Our email is actually still going to our old ISP
which
> we
>  are reading with WebMail.  I have setup an account with dynDNS for our
> MX record and set it to our domain name.  Our CName is also setup.
> I can email myself at home but cannot get mail back in to the server
>
>
> > Does your router/gateway allow remote administration ?  Normally if it
> isn't
> > a specific option such as 'remote administration', you can normally
> forward
> > a port e.g. 8080 to the internal IP address of the router/firewall.  In
> your
> > case you would setup a Special Server and forward port 8080 to
> 192.168.0.2,
> > but this is only if the unit doesn't specifically support remote
> > administration.  If you have access to this, it makes it easier to alter
> > settings while your at home, and it also lets you test whether you can
at
> > least gain access to what should be an open port by any ISP.
>
> I remember turning remote administartion on.
>
> I have just looked at the DMZ in the router where it says:
> "DMZ - Allows (1) computer to have unrestricted 2-way
> communications with Internet Servers and Users."
> I have now turned this on and set 192.168.16.2 as the "unrestricted"
> computer.
>
> Malcolm
>
>
> >
> > -- 
> > Hth,
> > Stuart Mackie [MCP, MSP]
> > www.stu.uk.com
> >
> >
> > "Malcolm Cheyne" <malcolm@XXXXsbca.com.au> wrote in message
> > news:Oji%23KGgZEHA.212@TK2MSFTNGP12.phx.gbl...
> > > After a nights sleep and a clear head I just want to check
> > > something else with you before going on site and changing
> > > anything.
> > >
> > > When I do a status check on the Gateway it says my WAN
> > > address is xxx.xxx.xxx.xxx (what I emailed to you).  My
> > > Gateway is set to 192.168.0.1 and the NIC in my server
> > > 192.168.0.2.  Are you saying that I should change the
> > > Gateway address from 192.168.0.1 to xxx.xxx.xxx.xxx  If so
> > > what address do I use for the NIC on the server?
> > >
> > > Could it be that my ISP is blocking all input to my server
> > > and that all mail etc MUST go through them?
> > >
> > > Malcolm
> > >
> > >
> > > "Stuart Mackie [MCP, MSP]"
> > > <newsgroups@--REMOVE_THIS-NO_SPAM--stu.uk.com> wrote in
> > > message news:eFmSJraZEHA.1980@TK2MSFTNGP09.phx.gbl...
> > > > Hi. Strange, not sure why it bounced.   Glad you've got it
> > > sorted, post back
> > > > if you still have any problems.
> > > >
> > > > -- 
> > > > Hth,
> > > > Stuart Mackie [MCP, MSP]
> > > > www.stu.uk.com
> > > >
> > > >
> > > > "Malcolm Cheyne" <malcolm@XXXXsbca.com.au> wrote in
> > > message
> > > > news:u$MxIXaZEHA.1248@TK2MSFTNGP11.phx.gbl...
> > > > > Stuart
> > > > >
> > > > > my last email to you bounced back to me.
> > > > >
> > > > > Gateway was set to 192.168.0.1   I think you have hit
> > > the
> > > > > nail on the head.  I now know what I have to do.
> > > > > Everything should work once I change that gateway
> > > address.
> > > > >
> > > > > Ho, Ho its off to work I go,  TOMORROW.
> > > > >
> > > > > Thanks for your help Stuart.  You know some times I just
> > > > > can't see the trees for the forest.
> > > > >
> > > > > Malcolm
> > > > >
> > > > >
> > > > >
> > > > > "Malcolm Cheyne" <malcolm@XXXXsbca.com.au> wrote in
> > > message
> > > > > news:uEPdVbZZEHA.4092@TK2MSFTNGP11.phx.gbl...
> > > > > > Thanks Stuart
> > > > > >
> > > > > > IP address on its way.
> > > > > >
> > > > > > All Virtual Servers go to 192.168.16.2  (SBS server)
> > > > > >
> > > > > > Malcolm
> > > > > >
> > > > > >
> > > > > > "Stuart Mackie [MCP, MSP]"
> > > > > > <newsgroups@--REMOVE_THIS-NO_SPAM--stu.uk.com> wrote
> > > in
> > > > > > message
> > > news:%23doU3QZZEHA.3012@tk2msftngp13.phx.gbl...
> > > > > > > Hi Malcolm, glad to help.
> > > > > > >
> > > > > > > The setup you've listed seems to be ok.  The only
> > > thing
> > > > > > which you may want
> > > > > > > to change is to close your DNS Virtual Server on
> > > your
> > > > > > router.  If you're
> > > > > > > using dynDNS to host your DNS externally, you don't
> > > need
> > > > > > to allow external
> > > > > > > access to your internal DNS service.  Am I right in
> > > > > > thinking all of the
> > > > > > > Virtual Server List items are forwarded to your
> > > > > 'External'
> > > > > > Network card on
> > > > > > > your server ?
> > > > > > >
> > > > > > > Could you email me your IP address so I can see if
> > > it is
> > > > > > responding, you
> > > > > > > should be able to get a few of the services you've
> > > > > enabled
> > > > > > to respond, even
> > > > > > > if the whole setup isn't completely working.
> > > > > > >
> > > > > > > -- 
> > > > > > > Hth,
> > > > > > > Stuart Mackie [MCP, MSP]
> > > > > > > www.stu.uk.com
> > > > > > >
> > > > > > >
> > > > > > > "Malcolm Cheyne" <malcolm@XXXXsbca.com.au> wrote in
> > > > > > message
> > > > > > > news:ufxWsEZZEHA.136@TK2MSFTNGP11.phx.gbl...
> > > > > > > > Stuart
> > > > > > > >
> > > > > > > > From my onsite visits today (twice) I have
> > > confirmed
> > > > > the
> > > > > > > > following:
> > > > > > > >
> > > > > > > > CNet CNIG907BP Internet Broadband Gateway - IP
> > > > > > 192.168.0.1
> > > > > > > >
> > > > > > > > Virtual Server List
> > > > > > > > DNS    yes
> > > > > > > > Finger    No
> > > > > > > > FTP    No
> > > > > > > > Gopher    No
> > > > > > > > Mail (SMTP)    Yes
> > > > > > > > Mail (POP3)    No
> > > > > > > > News    Yes
> > > > > > > > Telnet    Yes
> > > > > > > > Web    Yes
> > > > > > > > WhoIs    No
> > > > > > > >
> > > > > > > > I can then setup Special Servers and Ports which I
> > > did
> > > > > > as
> > > > > > > > follows:
> > > > > > > >
> > > > > > > > RWW    4125    TCP
> > > > > > > > OWA    443    TCP
> > > > > > > > VPN    1723    TCP
> > > > > > > > WSS    444    TCP
> > > > > > > >
> > > > > > > > I reran CEICW and changed DNS server to point to
> > > my
> > > > > ISPs
> > > > > > > > primary and secondary servers.  From my CEICW
> > > report
> > > > > it
> > > > > > now
> > > > > > > > says:
> > > > > > > >
> > > > > > > > Routing and Remote Access is configured as
> > > follows:
> > > > > > > > Enable Basic Firewall for Routing and Remote
> > > Access.
> > > > > > > > blah,blah,blah
> > > > > > > > Create the following additional filters:
> > > > > > > > EMail
> > > > > > > > Virtual Private Networking (VPN)
> > > > > > > > Web server
> > > > > > > > Secure Web Server (HTTPS)
> > > > > > > > Create the following custom filters:
> > > > > > > > Remote Web Workplace, 4125, TCP
> > > > > > > > Windows Sharepoint Services intranet site, 444,
> > > TCP
> > > > > > > >
> > > > > > > > Create a static incoming filter on the network
> > > adapter
> > > > > > used
> > > > > > > > to connect to the Internet.....
> > > > > > > >
> > > > > > > > Enable IP routing
> > > > > > > >
> > > > > > > > Add loopback adapter IP address 127.0.0.1
> > > > > > > >
> > > > > > > > IIS configured as follows:
> > > > > > > >
> > > > > > > > Restrict default web site to only respond to local
> > > > > > network.
> > > > > > > > Allow access to OWA
> > > > > > > > Allow access to WSS
> > > > > > > > Allow access to RWW
> > > > > > > > Allow access to Server reports
> > > > > > > > Allow access to OMA
> > > > > > > > Allow access to Outlook via Internet
> > > > > > > >
> > > > > > > > It goes on with Secure Web Site Summary which I
> > > can
> > > > > > relay if
> > > > > > > > necessary.
> > > > > > > >
> > > > > > > > I am now at home and can do an nslookup on the DNS
> > > > > > servers.
> > > > > > > > I cannot ping my static IP Address that is
> > > supplied by
> > > > > > my
> > > > > > > > ISP.
> > > > > > > >
> > > > > > > > If you require any more info just ask.
> > > > > > > >
> > > > > > > > Once again thank you for putting a young head on
> > > old
> > > > > > > > shoulders.  <G>
> > > > > > > >
> > > > > > > > Malcolm
> > > > > > > >
> > > > > > > >
> > > > > > > > "Stuart Mackie [MCP, MSP]"
> > > > > > > > <newsgroups@--REMOVE_THIS-NO_SPAM--stu.uk.com>
> > > wrote
> > > > > in
> > > > > > > > message
> > > > > news:%23j1AkdPZEHA.3132@TK2MSFTNGP10.phx.gbl...
> > > > > > > > > In your list of ports/services you've configured
> > > on
> > > > > > the
> > > > > > > > router you haven't
> > > > > > > > > mentioned Exchange Port 25.  Are you running
> > > your
> > > > > own
> > > > > > mail
> > > > > > > > server ?
> > > > > > > > >
> > > > > > > > > > When it asks UDP/TCP do I choose UDP?
> > > > > > > > >
> > > > > > > > > In terms of TCP/UDP all the services you
> > > mentioned
> > > > > > would
> > > > > > > > be TCP.
> > > > > > > > >
> > > > > > > > > > It also has a page for
> > > > > > > > > > "Servers" which says your WAN address is
> > > > > > 220.240.xxx.xxx
> > > > > > > > it
> > > > > > > > > > can then pass through various services like
> > > > > Telnet,
> > > > > > > > finger,
> > > > > > > > > > FTP, etc and then you set individual IP
> > > Addresses.
> > > > > > I
> > > > > > > > take
> > > > > > > > > > it this is the server 198.162.16.2 correct?
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Yes, this sounds correct.  Is the 'Servers' area
> > > > > also
> > > > > > > > where you
> > > > > > > > > configured/opened/forwarded the VPN and TS ports
> > > to
> > > > > > your
> > > > > > > > internet server ?
> > > > > > > > >
> > > > > > > > > So at the minute am I right in thinking your
> > > trying
> > > > > to
> > > > > > > > make any type of
> > > > > > > > > contact with your server ?  Or are you
> > > specifically
> > > > > > > > testing using VPN etc ?
> > > > > > > > >
> > > > > > > > > Is your server responding to anything ?  If your
> > > > > > running
> > > > > > > > Exchange and have
> > > > > > > > > opened/forwarded Port 25 for SMTP you could run
> > > > > 'cmd'
> > > > > > on
> > > > > > > > your workstation
> > > > > > > > > and use 'telnet 220.240.xxx.xxx 25'  If your
> > > > > > > > router/firewall is configured
> > > > > > > > > correctly and you are running Exchange you
> > > should
> > > > > get
> > > > > > a
> > > > > > > > connection banner
> > > > > > > > > saying 'domain.com Exchange' etc
> > > > > > > > >
> > > > > > > > > -- 
> > > > > > > > > Hth,
> > > > > > > > > Stuart Mackie [MCP, MSP]
> > > > > > > > > www.stu.uk.com
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > "Malcolm Cheyne" <malcolm@XXXXsbca.com.au> wrote
> > > in
> > > > > > > > message
> > > > > > > > > news:Ob91jROZEHA.3304@TK2MSFTNGP09.phx.gbl...
> > > > > > > > > > Hi Stuart
> > > > > > > > > >
> > > > > > > > > > Thanks for the response
> > > > > > > > > >
> > > > > > > > > > > Hi Malcolm.  Your server will not respond to
> > > > > pings
> > > > > > if
> > > > > > > > you
> > > > > > > > > > used the wizards
> > > > > > > > > > > and setup the firewall etc.  Depending on
> > > your
> > > > > > router
> > > > > > > > > > configuration you may
> > > > > > > > > > > also have to open ports depending on your
> > > > > > > > requirements.
> > > > > > > > > > How are you
> > > > > > > > > > > trying to access your server from the
> > > internet ?
> > > > > > If
> > > > > > > > you
> > > > > > > > > > are using a
> > > > > > > > > > > workstation inside your network and try to
> > > ping,
> > > > > > > > telnet or
> > > > > > > > > > use internet
> > > > > > > > > > > explorer to access your external IP address
> > > this
> > > > > > will
> > > > > > > > not
> > > > > > > > > > work.  You will
> > > > > > > > > > > have to use a totally external
> > > system/connection
> > > > > > to
> > > > > > > > test
> > > > > > > > > > this way e.g.
> > > > > > > > > > > external shell account, internet connection
> > > at
> > > > > > home.
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > Yes, I'm currently at home with a dialup
> > > > > connection.
> > > > > > I
> > > > > > > > go
> > > > > > > > > > on-site, do some work, then come home and
> > > check
> > > > > it.
> > > > > > > > 50km
> > > > > > > > > > round trip.  But I only do it once a day.
> > > > > > > > > >
> > > > > > > > > > > What router do you have and how has it been
> > > > > > configured
> > > > > > > > ?
> > > > > > > > > > e.g. does the
> > > > > > > > > > > router route all data to the server no
> > > matter
> > > > > > where it
> > > > > > > > > > came from, or does
> > > > > > > > > > > the router use NAT and only forward certain
> > > > > ports
> > > > > > to
> > > > > > > > your
> > > > > > > > > > server etc.
> > > > > > > > > >
> > > > > > > > > > Off the top of my head ......  It is a CNet 8
> > > port
> > > > > > > > > > switch/Gateway.  The WAN port is plugged into
> > > an
> > > > > > Alcatel
> > > > > > > > > > Broadband Modem.  The Gateways address is
> > > > > > 192.168.0.1 It
> > > > > > > > has
> > > > > > > > > > a DHCP server - enabled.  (I had another
> > > computer
> > > > > > > > outside
> > > > > > > > > > the network that still needed access to the
> > > > > > Internet.
> > > > > > > > > > That's why I left DHCP enabled)  The server
> > > NIC is
> > > > > > > > > > 192.168.0.2.  The gateway has NAT - enabled.
> > > I
> > > > > was
> > > > > > > > working
> > > > > > > > > > with Virtual Servers setup today and added
> > > VPN -
> > > > > > 1723
> > > > > > > > and
> > > > > > > > > > TS - 3389.  (I just read one of Marina's posts
> > > and
> > > > > > > > realise
> > > > > > > > > > that I should also setup OWA - 443  and RWW -
> > > > > 4125.)
> > > > > > > > When
> > > > > > > > > > it asks UDP/TCP do I choose UDP?  It also has
> > > a
> > > > > page
> > > > > > for
> > > > > > > > > > "Servers" which says your WAN address is
> > > > > > 220.240.xxx.xxx
> > > > > > > > it
> > > > > > > > > > can then pass through various services like
> > > > > Telnet,
> > > > > > > > finger,
> > > > > > > > > > FTP, etc and then you set individual IP
> > > Addresses.
> > > > > > I
> > > > > > > > take
> > > > > > > > > > it this is the server 198.162.16.2 correct?
> > > > > > > > > >
> > > > > > > > > > My local domain (on a second NIC and switch
> > > with
> > > > > > Belkin
> > > > > > > > > > Wireless AP) all appears to be working OK.
> > > > > > Addresses
> > > > > > > > are
> > > > > > > > > > 192.168.16.10-20
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > I haven't really used dynDNS before, but its
> > > > > > normal
> > > > > > > > > > practice to use your
> > > > > > > > > > > ISP's DNS servers, hopefully someone that
> > > uses
> > > > > > dynDNS
> > > > > > > > can
> > > > > > > > > > comment on this.
> > > > > > > > > >
> > > > > > > > > > Maybe this is where I stuffed things up.  If
> > > > > > necessary,
> > > > > > > > I'll
> > > > > > > > > > set it back again tomorrow.
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > > The DNS server you specify on your server
> > > > > network
> > > > > > > > settings
> > > > > > > > > > will not affect
> > > > > > > > > > > external access to the server.
> > > > > > > > > > >
> > > > > > > > > > > -- 
> > > > > > > > > > > Hth,
> > > > > > > > > > > Stuart Mackie [MCP, MSP]
> > > > > > > > > > > www.stu.uk.com
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > "Malcolm Cheyne" <malcolm@XXXXsbca.com.au>
> > > wrote
> > > > > > in
> > > > > > > > > > message
> > > > > > > > > > >
> > > news:OewluvNZEHA.2456@TK2MSFTNGP10.phx.gbl...
> > > > > > > > > > > > I am having no end of problems trying to
> > > get
> > > > > to
> > > > > > my
> > > > > > > > > > server
> > > > > > > > > > > > via Internet.
> > > > > > > > > > > >
> > > > > > > > > > > > When we signed up with the new ISP we were
> > > > > > supposed
> > > > > > > > to
> > > > > > > > > > get a
> > > > > > > > > > > > static IP and for all practical reasons it
> > > > > looks
> > > > > > > > like
> > > > > > > > > > that
> > > > > > > > > > > > is what we have.  I have set my router to
> > > this
> > > > > > > > address
> > > > > > > > > > as a
> > > > > > > > > > > > fixed address and it appears to be
> > > functioning
> > > > > > > > > > correctly.
> > > > > > > > > > > > At least when I disconnect and reconnect I
> > > > > have
> > > > > > the
> > > > > > > > same
> > > > > > > > > > IP
> > > > > > > > > > > > address.  Is it OK to publish this
> > > addresss in
> > > > > > this
> > > > > > > > NG?
> > > > > > > > > > I
> > > > > > > > > > > > cannot ping this address at all.  I did a
> > > > > > nslookup
> > > > > > > > and
> > > > > > > > > > the
> > > > > > > > > > > > name has been resolved to a different
> > > domain.
> > > > > > > > (Should I
> > > > > > > > > > > > publish these here?)  I'm starting to
> > > wonder
> > > > > > about
> > > > > > > > this
> > > > > > > > > > ISP
> > > > > > > > > > > > !!  Reflecting back, I remember talking to
> > > a
> > > > > > tech
> > > > > > > > guy at
> > > > > > > > > > the
> > > > > > > > > > > > ISP a couple of weeks ago to confirm that
> > > it
> > > > > > must be
> > > > > > > > > > static
> > > > > > > > > > > > IP.  I think he said it was like static
> > > but no
> > > > > > > > really
> > > > > > > > > > static
> > > > > > > > > > > > ??  When I stated what was on their
> > > website
> > > > > "One
> > > > > > > > Static
> > > > > > > > > > IP
> > > > > > > > > > > > Address" he said that  was just for
> > > marketing.
> > > > > > > > > > > >
> > > > > > > > > > > > I signed up with dynDNS for customDNS and
> > > have
> > > > > > setup
> > > > > > > > our
> > > > > > > > > > MX
> > > > > > > > > > > > record to ourdomain.org.au.  Using CEICW I
> > > set
> > > > > > our
> > > > > > > > > > preferred
> > > > > > > > > > > > DNS servers to point to the ones
> > > recommended
> > > > > by
> > > > > > > > dynDNS.
> > > > > > > > > > Is
> > > > > > > > > > > > this correct?
> > > > > > > > > > > >
> > > > > > > > > > > > Can somebody please help me.  I am
> > > floundering
> > > > > > > > around
> > > > > > > > > > with
> > > > > > > > > > > > this problem going nowhere.
> > > > > > > > > > > >
> > > > > > > > > > > > Malcolm
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Next message: Marina Roos [SBS-MVP]: "Re: Company Web and CEICW error"
Previous message: Malcolm \(vvaatvl\): "Re: Static IP Address HELP !!"
In reply to: Malcolm \(vvaatvl\): "Re: Static IP Address HELP !!"
Next in thread: Stuart Mackie [MCP, MSP]: "Re: Static IP Address HELP !!"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Help again please
... I assume this is your linux box. ... Port 80 is the port that a web server will run on such as apache. ... As a router can support multiple machines, ... a good firewall when setup correctly. ...
(comp.os.linux.security)
Re: Port Forwarding?
... Here is my current setup at home. ... D-Link Wireless Router ... The term "Virtual Server" is D-Link speak for port forwarding. ... supports VPN passthru, so you'll have to setup a VPN client on the ...
(microsoft.public.windowsxp.network_web)
Re: Unable to establish internet connection w/server or desktops
... /all> machinename.txt" on your server and workstation. ... >> plugs into the TrueMobile Router which also is plugged ... >> desktops and the server and desktops are each available on ... >> the webpage setup for the TrueMobile Router. ...
(microsoft.public.windows.server.sbs)
Re: LinkSys RV-082 VPN Router and SBS 2003 Premium
... didn't have to setup RAS for the locations because the routers handles that. ... If you setup the RAS again and have your remote workstations VPN to ... DHCPs should be handled by the router at each romote location with DNS ... > worksttions each) to a new server at main office running SBS 2003 premium ...
(microsoft.public.windows.server.sbs)
Re: Static IP Address HELP !!
... DMZ to eliminate configuration issues with the router, ... It looks as though the Virtual Server List you configured isn't taking ... "Malcolm " wrote in message ... > This is a new setup. ...
(microsoft.public.windows.server.sbs)