Re: PPPoE vs Double-NAT?

Hi Frank:

Thanks for the quick response, and your preference is the consensus best
practice. However, whether the Home-SBS's external NIC is static or dynamic,
I still have the same problem with running RWW-RDP to the Work-SBS from the
Home-PC. On the Westell DSL Modem/Router that I use, there is an option
called "IP Passthrough" which gives the Home-SBS's external interface the
public IP (a DMZ-like setting), but that didn't do much for this problem.

On the Home-PC, I run a netstat when attempting to connect to the RDP
session and see that it's sending SYN to port 4125 before the attempt fails.
This I am allowing 4125 on the Home-SBS's ISA packet filter, and I do not see
any entries in the ISA Logs.

The Home-SBS CAN run the RWW-RDP session however, and shutting the 4125
filter will make the session fail, so from the perspective of Home-SBS,
everything is cool.

I hesistate to repeat this experiment with SP1 :-). Alternatively, is there
any way to have the server automatically bring up the PPPoE connection upon
boot?

---K

"Frank McCallister SBS MVP" wrote:

> My preference is PPPoE with the External NIC Static on the Routers LAN
> Subnet with DHCP disabled. ie if Router LAN is 192.168.1.1 I set the NIC to
> 192.168.1.2 and then Port forward the ports I want to that IP
>
> --
> Frank McCallister SBS MVP
> COMPUMAC
> "ckennylin" <ckennylin@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:0F020DC2-81C5-4312-A618-92FE355958A2@xxxxxxxxxxxxxxxx
> > Hi All:
> >
> > I have an SBS 2003 Premium server that I need to relocate and reconnect to
> > the Internet. It currently has 2 nics with a public and private IP
> > address,
> > and its internet connection is a DSL router, with multiple public IPs and
> > a
> > gateway. I'm running ISA as well as some basic packet filters on the
> > router
> > for security.
> >
> > The new location will have DSL as well, with a DSL router that can be
> > reconfigured as a bridge. It will have a static public IP, but that will
> > be
> > assigned upon PPPoE authentication.
> >
> > From what I've been able to gather from the newsgroup and various MVP
> > sites,
> > the accepted best practice is to do a double-NAT i.e. have the router
> > establish & maintain the PPPoE link, and let the SBS's external adapter
> > pick
> > up a DHCP address from the router.
> >
> > As a dry run, I tried doing that at my DSL connection at home with an SBS
> > box (Action Pack, Yay!) and ran into some weird behavior when running RWW.
> > To make the rest of this post easier to decipher, here's the entire chain
> > of
> > machines:
> >
> > HPC -> HSBS -> DSL -> Internet -> DSL -> WSBS -> WTS
> >
> > Where:
> >
> > HPC = Home client PC
> > HSBS = Home SBS Server
> > WSBS = Work SBS Server
> > WTS = Work Term Server
> >
> > Note the Work SBS network hasn't changed yet, and it has a public IP
> > address
> > on the external interface. ISA is running on both SBSs.
> >
> > * Scenario 1: Best Practices using double-NAT on HSBS
> >
> > On the HSBS, I can remote into WSBS via RWW and run a RDP session on WTS.
> >
> > On the HPC, I can remote into WSBS via RWW, but CANNOT run the RDP
> > session.
> > It made no difference whether the HC is a SecureNAT or Firewall Client.
> >
> > * Scenario 2: Configuring the DSL Router as a Bridge, and using CEICW to
> > create a PPPoE Connection on HSBS
> >
> > On both HSBS and HPC, RWW to WSBS/WTS runs as expected.
> >
> > The downside with Scenario 2 is that if HSBS gets rebooted, I will need to
> > MANUALLY log in to re-establish the DSL connection, unless I'm missing
> > something silly.
> >
> > So before I relocate the WSBS to the new location, I'm looking for the
> > best
> > way to keep the remaining hair on my head. If I can get RWW/RDP to run on
> > the HPC with Double-NAT, I'd be really happy. Otheriwse, I'm forced to
> > consider running PPPoE on my server, and hope the server doesn't reboot at
> > some inconvenient time.
> >
> > Thanks!
> >
> > ---K
> >
>
>
>
.

Relevant Pages

  • Re: Server/Network setup question
    ... currently the users are getting IP addresses from DHCP on the router. ... SBS server a static IP address in the same range as the router. ... be in a subnet that is different from the SBS LAN (with their own Internet ...
    (microsoft.public.windows.server.sbs)
  • Re: Server/Network setup question
    ... By performing a full installation yourself, looking at what you may wish to ... IP Address/mask, same subnet as router. ... An SBS installation is complete _ONLY_ after all items in the ... My server is coming with SBS pre-installed. ...
    (microsoft.public.windows.server.sbs)
  • Re: Urgent! New router and big disaster
    ... DNS on your server is broken. ... Les Connor [SBS Community Member - SBS MVP] ... and put in the ip of the router. ... The local router has the broadband connection ...
    (microsoft.public.windows.server.sbs)
  • Re: Urgent! New router and big disaster
    ... seleting full time broadband connection. ... Les Connor [SBS Community Member - SBS MVP] ... check the router as well and unless I missed a firewall setting on it, ... Anyway the Server Ipconfig /all is this... ...
    (microsoft.public.windows.server.sbs)
  • Re: Urgent! New router and big disaster
    ... I checked the router, I am running a laptop off of it so I can post. ... Les Connor [SBS Community Member - SBS MVP] ... make sure the DHCP Client Service is running on the server. ... First Page of the Internet Connection Wizard, ...
    (microsoft.public.windows.server.sbs)