Re: Changing from 1 NIC to 2 NIC's

From: Les Connor [SBS Community Member - SBS MVP] (les.connor_at_DEL.cfive.ca)
Date: 02/14/05

• Next message: Frank McCallister SBS MVP: "Re: Antivirus Software for SBS"
• Previous message: Steve Foster [SBS MVP]: "Re: Policies on SYSVOL are deleted. How to restore them?"
• In reply to: susan: "Re: Changing from 1 NIC to 2 NIC's"
• Next in thread: susan: "Re: Changing from 1 NIC to 2 NIC's"
• Reply: susan: "Re: Changing from 1 NIC to 2 NIC's"
• Messages sorted by: [ date ] [ thread ]

Date: Sun, 13 Feb 2005 21:25:36 -0600

Hi Susan,

The issue with the two nics on the same subnet is that RRAS (basic firewall)
cannot work unless they are separate, that give RRAS the ability to filter
traffic. As it is now, the only firewall you have is the router; all traffic
passes freely between the two nics.

The other issue is, to correct this - and maintain the wireless connections
on the lan (inside nic), you have to have an access point on the lan. If you
put your nics on separate networks, with the wireless access point being the
router - which would then be on the external network - the workstations are
outside the lan.

Your best bet would be to get an AP for the lan. Have SBS do DHCP for the
internal network, and (if you want), leave DHCP on the router for any
external connections that might be requried (such as guests or whatever).

-- 
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"susan" <smcrey@mindspring.com> wrote in message 
news:OaR1dkjEFHA.3780@TK2MSFTNGP09.phx.gbl...
> Ah -- money! Yes...definitely do that!
> SBS Standard edition...Linksys wireless router...basic stuff. I felt i
> needed the 2 NIC configuration since the firewall on that thing is just
> basic stuff and I wanted to also employ the SBS firewall. Was i wrong? I 
> set
> up a SBS Std. box at another company (my first) and we just used one NIC 
> but
> we had a top-of-the-line firewall appliance in that configuration, so i
> worried not.
>
> It's a very weird setup at this company...the guy has 2 desktops using
> wireless because there are no cables in the room where the users are --  
> and
> they will be moving at the end of summer, so he plans to change nothing
> until then. ALSO--3 laptops that use wireless and are in and out of the
> office using RWW when out and logging in normally when onsite.
>
> The 2 wireless desktops log into the network as if they were wired. No RWW
> or VPN. I have wondered about this alot (as i want to change DHCP from the
> router to SBS -- and also security issues). Since they authenticate (see 
> the
> shares, connect to exchange, etc), wouldnt SBS issue them an IP as if they
> were wired?
>
> Hope you're makin the big bucks!! Someone should....
> Thanks for all your help SG! I may feel a bit confused, but it's falling
> into place slowly but surely.
>
> "SuperGumby [SBS MVP]" <not@your.nellie> wrote in message
> news:Oqvsa8iEFHA.3536@TK2MSFTNGP15.phx.gbl...
>> ahahhhhh, wireless, got a couple of lappies in the mix connecting via
>> wireless?
>>
>> Ideally, we remove the connection from the router to the hub and change
> the
>> subnet in use on either the internal or external networks.
>>
>> With this setup your wireless connection is on the WAN side of SBS (which
> is
>> the way I prefer it) and wireless clients then VPN into the network, or
> come
>> in through RWW.
>>
>> As to which subnet we change, it's six of one or half a dozen of the
> other,
>> I'd probably change the router subnet because changing the IP of the
>> printer, and everyone's pointer to it, will probably take longer.
>>
>> Please respond about wireless use and whether you understand how things
> are
>> going to change. I need to go out, earn some money, hopefully someone 
>> else
>> will carry the ball while I'm away.
>>
>> BTW, we haven't discussed, SBS Standard or Premium? and what sort of WAP
>> router is that? I much prefer a 2 NIC solution but is it really the right
>> choice for you?
>>
>> "susan" <smcrey@mindspring.com> wrote in message
>> news:el%23cgmiEFHA.3824@TK2MSFTNGP10.phx.gbl...
>> > The ext. nic is connected directly to the wireless router (which has a
>> > network cable also from it to the hub)
>> > the int. nic is connected to the 24-port hub.
>> > workstations are connected to the 24-port hub.
>> > nothing else! no phones or print server in the mix except one network
>> > printer connected to the 24-port hub.
>> >
>> > Any clues for you in the above info?
>> >
>> > So, do i understand you that changing to 192.168.2.x is a sufficient
>> > enough
>> > distinction?
>> >
>> > I'm setting up another SBS network one in a couple of weeks, so this
>> > information is invaluable to me and I am a willing student!
>> > Thanks!
>> >
>> > "SuperGumby [SBS MVP]" <not@your.nellie> wrote in message
>> > news:evYRWLiEFHA.480@TK2MSFTNGP10.phx.gbl...
>> >> OK, there's what I needed and suspected was the case.
>> >>
>> >> The workstations are getting their IP's via DHCP from the router. You
>> >> have
>> >> not seperated the networks (and I suggest you don't just yet).
>> >>
>> >> The choice of 10.3.16.x/24 ( /24 is just shorthand for Subnet Mask
>> >> 255.255.255.0) is valid, if a little unusual. Many contributors here
> even
>> >> prefer such a radical distinction between the internal and external
>> >> networks. I DON'T. I don't because I've had problems with equipment
>> >> operating in 'classless' IP space. Don't worry if you don't know what
>> >> 'classless addressing' is about.
>> >>
>> >> 192.168.1.x/24 is a distinct subnet from 192.168.2.x/24
>> >>
>> >> SO, first we have to find out what is connected to what! Please detail
>> >> the
>> >> connections between whatever equipment you have.
>> >>
>> >> ie.
>> >> SBS External is connected to router
>> >> SBS Internal is connected to switch
>> >> Workstations are connected to switch
>> >> switch is connected to router (I think, and this is what we want to 
>> >> get
>> > rid
>> >> of, BUT NOT YET)
>> >> and anything else
>> >>
>> >> THEN, I believe a printserver was mentioned earlier. Is this part of
> the
>> >> router? or a seperate device?
>> >>
>> >> Any other non-PC items connected to the network? (Printers? Phone
>> >> Systems?
>> >> anything)
>> >>
>> >> "susan" <smcrey@mindspring.com> wrote in message
>> >> news:uqpgrYhEFHA.3824@TK2MSFTNGP10.phx.gbl...
>> >> > The workstations point to the int nic for dns and that's all the
>> >> > configuration i did on them. Here's sample output:
>> >> >
>> >> >        IP Address. . . . . . . . . . . . : 192.168.1.112
>> >> >        Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> >> >        Default Gateway . . . . . . . . . : 192.168.1.4
>> >> >        DHCP Server . . . . . . . . . . . : 192.168.1.1
>> >> >        DNS Servers . . . . . . . . . . . : 192.168.1.4
>> >> >        Primary WINS Server . . . . . . . : 192.168.1.4
>> >> >        Lease Obtained. . . . . . . . . . : Saturday, February 12,
> 2005
>> >> > 4:28:56 PM
>> >> >        Lease Expires . . . . . . . . . . : Tuesday, February 15, 
>> >> > 2005
>> >> > 4:28:56 PM
>> >> >
>> >> > Yes, i think I get the picture now on the subnet issue. Will change
> the
>> >> > internal nic to a 10.3.16.x configuration. That should work, right?!
>> >> >
>> >> > Any ideas for me are very very very welcomed!
>> >> >
>> >> > "SuperGumby [SBS MVP]" <not@your.nellie> wrote in message
>> >> > news:%23YSD0%23gEFHA.2508@TK2MSFTNGP09.phx.gbl...
>> >> >> I'm sometimes a hard a b.
>> >> >>
>> >> >> We still don't have the ipconfig of the workstation.
>> >> >>
>> >> >> You still have a problem in that the internal and external networks
>> >> >> are
>> >> >> in
>> >> >> the same subnet, 192.168.1.x, this is not a valid configuration. I
>> >> >> also
>> >> >> suspect that the physical connections between the server, router,
> and
>> >> >> PC's
>> >> >> may not be correct. This is why I have asked for the info.
>> >> >>
>> >> >> "susan" <smcrey@mindspring.com> wrote in message
>> >> >> news:OdZ1%23pgEFHA.464@TK2MSFTNGP15.phx.gbl...
>> >> >> > Yes yes and yes: this is the result: I very much want your input:
>> >> >> >
>> >> >> > Windows IP Configuration
>> >> >> >   Host Name . . . . . . . . . . . . : companyname01
>> >> >> >   Primary Dns Suffix  . . . . . . . : companyname.local
>> >> >> >   Node Type . . . . . . . . . . . . : Unknown
>> >> >> >   IP Routing Enabled. . . . . . . . : Yes
>> >> >> >   WINS Proxy Enabled. . . . . . . . : Yes
>> >> >> >   DNS Suffix Search List. . . . . . : companyname.local
>> >> >> >
>> >> >> > Ethernet adapter Server Local Area Connection:
>> >> >> >
>> >> >> >   Connection-specific DNS Suffix  . :
>> >> >> >   Description . . . . . . . . . . . : Broadcom NetXtreme 5751
>> >> >> > Gigabit
>> >> >> > Controller
>> >> >> >   Physical Address. . . . . . . . . : 00-11-11-BE-77-43
>> >> >> >   DHCP Enabled. . . . . . . . . . . : No
>> >> >> >   IP Address. . . . . . . . . . . . : 192.168.1.4
>> >> >> >   Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> >> >> >   Default Gateway . . . . . . . . . :
>> >> >> >   DNS Servers . . . . . . . . . . . : 192.168.1.4
>> >> >> >   Primary WINS Server . . . . . . . : 192.168.1.4
>> >> >> >
>> >> >> > Ethernet adapter Network Connection:
>> >> >> >
>> >> >> >   Connection-specific DNS Suffix  . :
>> >> >> >   Description . . . . . . . . . . . : Intel 8255x-based PCI
> Ethernet
>> >> >> > Adapter (10/100)
>> >> >> >   Physical Address. . . . . . . . . : 00-A0-C9-59-B1-1D
>> >> >> >   DHCP Enabled. . . . . . . . . . . : No
>> >> >> >   IP Address. . . . . . . . . . . . : 192.168.1.3
>> >> >> >   Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> >> >> >   Default Gateway . . . . . . . . . : 192.168.1.1
>> >> >> >   DNS Servers . . . . . . . . . . . : 192.168.1.4
>> >> >> >   Primary WINS Server . . . . . . . : 192.168.1.4
>> >> >> >
>> >> >> > "SuperGumby [SBS MVP]" <not@your.nellie> wrote in message
>> >> >> > news:eSSMtegEFHA.2508@TK2MSFTNGP09.phx.gbl...
>> >> >> >> Please give us the full output of 'ipconfig /all >
> c:\ipconfig.txt'
>> >> > from
>> >> >> > the
>> >> >> >> server and one workstation.
>> >> >> >>
>> >> >> >> The edited info you are giving us is not enough. I will not ask
>> > again.
>> >> >> >>
>> >> >> >> "Susan" <Susan@discussions.microsoft.com> wrote in message
>> >> >> >> news:78FC26F8-FB4C-4166-A269-A03DE0F3FE23@microsoft.com...
>> >> >> >> > Hi...i'd LOVE for you to check this and see if it's optimally
>> >> >> > configured.
>> >> >> >> > Here's what i've got:
>> >> >> >> > Here's what i've got:
>> >> >> >> > Int NIC:
>> >> >> >> > 192.168.1.4
>> >> >> >> > 255.255.255.0
>> >> >> >> > no gateway
>> >> >> >> > 192.168.1.1 (router ip)
>> >> >> >> > 192.168.1.4 (int nic ip)
>> >> >> >> >
>> >> >> >> > EXT NIC:
>> >> >> >> > 192.168.1.3
>> >> >> >> > 255.255.255.0
>> >> >> >> > 192.168.1.1 (gateway)
>> >> >> >> > 192.168.1.4 (dns)
>> >> >> >> >
>> >> >> >> > what do you think? does it look okay?
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > "SuperGumby [SBS MVP]" wrote:
>> >> >> >> >
>> >> >> >> >> but I want your ipconfigs 'coz I'm not sure you are optimally
>> >> >> > configured.
>> >> >> >> >>
>> >> >> >> >> "Susan" <Susan@discussions.microsoft.com> wrote in message
>> >> >> >> >> news:F4B8CA47-D971-448A-8CA2-24C0A3BC648E@microsoft.com...
>> >> >> >> >> > Hi SuperGumby!
>> >> >> >> >> > Posted somewhere in this thread is an appreciative thank 
>> >> >> >> >> > you
>> >> >> >> >> > to
>> >> > you
>> >> >> > for
>> >> >> >> >> > "mentioning" i might have to reboot the workstations and
> that
>> >> > solved
>> >> >> >> >> > the
>> >> >> >> >> > problem i was having with them -- and all else, with the
> help
>> > of
>> >> >> >> >> > you,
>> >> >> >> >> > Wes
>> >> >> >> >> > and
>> >> >> >> >> > Marina, worked out and I lived thru this latest crisis.
>> >> >> >> >> >
>> >> >> >> >> > I probably shouldn't admit this -- but I obviously need way
>> > more
>> >> >> >> >> > training
>> >> >> >> >> > (LOL!) ...
>> >> >> >> >> >
>> >> >> >> >> > Thank you all again so much. You're always there to help 
>> >> >> >> >> > and
> i
>> >> > truly
>> >> >> >> >> > appreciate it.
>> >> >> >> >> >
>> >> >> >> >> > "SuperGumby [SBS MVP]" wrote:
>> >> >> >> >> >
>> >> >> >> >> >> OK, what we need at this point is to take stock.
>> >> >> >> >> >>
>> >> >> >> >> >> Please give us the full output of 'ipconfig /all >
>> >> > c:\ipconfig.txt'
>> >> >> >> >> >> from
>> >> >> >> >> >> the
>> >> >> >> >> >> server and one workstation. You do not have to be 
>> >> >> >> >> >> concerned
>> >> >> >> >> >> about
>> >> >> >> >> >> disclosing
>> >> >> >> >> >> 'hacker' information, the router and your use of private 
>> >> >> >> >> >> IP
>> >> > ranges
>> >> >> >> >> >> (192.168.etc) makes the info of little value to anyone but
>> > those
>> >> >> >> >> >> helping.
>> >> >> >> >> >>
>> >> >> >> >> >>
>> >> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >
>> >> >> >
>> >> >>
>> >> >>
>> >> >
>> >> >
>> >>
>> >>
>> >
>> >
>>
>>
>
> 

• Next message: Frank McCallister SBS MVP: "Re: Antivirus Software for SBS"
• Previous message: Steve Foster [SBS MVP]: "Re: Policies on SYSVOL are deleted. How to restore them?"
• In reply to: susan: "Re: Changing from 1 NIC to 2 NIC's"
• Next in thread: susan: "Re: Changing from 1 NIC to 2 NIC's"
• Reply: susan: "Re: Changing from 1 NIC to 2 NIC's"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint