Re: Dual NIC Default Gateway Configuration

From: Jack (anonymous_at_discussions.microsoft.com)
Date: 07/16/04 

Date: Fri, 16 Jul 2004 11:42:21 -0700

David,

>> It's extremely unclear what the purpose of this setup
is, and where you really want traffic from the LAN to
go. Could you explain your setup in a bit more detail
maybe? <<

Sure.

The servers with public access are all behind a hardware
firewall that NATs their addresses in the 192.168.2.x
network segment. This firewall opens ports for e-mail,
web, ftp, and other services.

The workstations on the LAN, and their file servers sit
behind a different hardware firewall. That firewall opens
very few ports and NATs the addresses to the 192.168.1.x
network segment.

The Windows 2003 SBS in question serves multiple
purposes. To the Internet, it serves the purpose of
hosting an e-mail server and the firewall only allows
port 25 and 100 traffic to it through the WAN NIC. The
mail server will bind to that IP address and that IP
address only. To the LAN, the SBS box also serves the
purpose of hosting applications and acting as a file
server. The LAN firewall no ports to this box's LAN NIC.

Ideally, once I get everything working on the new SBS
box, I hope to employ protocol isolation by having the
LAN PCs communicating via IPX and the server WAN NICs
only employing TCP.

>>Typically, the LAN default gateway should be blank,
assuming you want all outbound traffic to go out the WAN
interface (which is the normal configuration with a 2 NIC
SBS setup, as SBS will configure itself to act as
a NAT router also). Running the 'Connect to the Internet'
wizard will configure all this for you. <<

Thanks for that. As noted, I really don't want SBS doing
the NATting, as I already have firewall routers handling
this for me.

Honestly, while I really like Windows XP and 2003 SBS,
but I simply can't entrust my network's security to
Windows. For now I prefer to employ dedicated appliances
to handle my firewall needs.

Thanks for the help.

Relevant Pages

  • Re: SBS VPN setup?
    ... And if you have a hardware firewall you haven't flashed in years they just got in through a exploit. ... SBS plugs into a switch with the other computers and the switch is plugged into a firewall appliance with 2-nics. ... To compare apples to apples, let us assume there is a network setup as I outlined above...and the firewall appliance is an ISA server, such as those available from Celestix. ... > learn and test the RWW solution before deploying it. ...
    (microsoft.public.windows.server.sbs)
  • Re: LAN Security - Stopping unknown machines accessing the LAN
    ... In a 2nic setup or with a hardware firewall that needs authentication, only those workstation that authenticated could go out the door. ... I am not sure whether this is an SBS question or not. ... Our SBS 2003 Prem server is the DC and runs ISA 2004. ... Can the SBS server prevent an unknown client from accessing the LAN and external resources? ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS VPN setup?
    ... The 2-nic configuration is used when the SBS server will *also* act as your network's firewall. ... You purchase 2k3 PREMIUM and that comes with ISA to handle the firewall duties. ... To compare apples to apples, let us assume there is a network setup as I outlined above...and the firewall appliance is an ISA server, such as those available from Celestix. ...
    (microsoft.public.windows.server.sbs)
  • Re: Internet on nodes
    ... disabled state (someone please confirm this for SBS Standard, ... firewall service should result in 'ISA lockdown'. ... print' from both the server and a WS. ... Was not able to connect to the internet on the WS. ...
    (microsoft.public.windows.server.sbs)
  • Re: ceicw failure on e-mail config
    ... Merv Porter [SBS MVP] ... Ethernet adapter Server Local Area Connection: ... Call to Reading the firewall selection returned ok. ... Firewall Rule: SBS DHCP Client ...
    (microsoft.public.windows.server.sbs)