Re: PPPoE vs Double-NAT?
- From: ckennylin <ckennylin@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 15 Jun 2005 08:39:06 -0700
Thanks, Frank. I'll reconfigure the Westell as a bridge, and introduce a
router into the HOME side to maintain the PPPoE connection.
I'll let you know if that fixes the RWW-RDP issue from the HomePC. My money
is on that it won't :-(. Could this be a software issue with RWW instead?
My new DSL modem/router is a BritePort that can handle multiple IPs in
theory, so I can futz around with setting up the static IP instead using this
box. The current DSL modem is a Zyxel and is handling multiple public static
IPs.
---K
---K
"Frank McCallister SBS MVP" wrote:
> Hooking the server NIC directly to the Mdem usng PPPoE is usually
> problematic due to timing issues on server restarts. I would hook an
> inexpensive DLink or Linksys between the westell and the external nic to
> maintain a constant connectionand a private ip on the external nic
>
> --
> Frank McCallister SBS MVP
> COMPUMAC
> "ckennylin" <ckennylin@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:443C6AE3-185F-41B1-97A5-AD30396CEC41@xxxxxxxxxxxxxxxx
> > Hi Frank:
> >
> > Thanks for the quick response, and your preference is the consensus best
> > practice. However, whether the Home-SBS's external NIC is static or
> > dynamic,
> > I still have the same problem with running RWW-RDP to the Work-SBS from
> > the
> > Home-PC. On the Westell DSL Modem/Router that I use, there is an option
> > called "IP Passthrough" which gives the Home-SBS's external interface the
> > public IP (a DMZ-like setting), but that didn't do much for this problem.
> >
> > On the Home-PC, I run a netstat when attempting to connect to the RDP
> > session and see that it's sending SYN to port 4125 before the attempt
> > fails.
> > This I am allowing 4125 on the Home-SBS's ISA packet filter, and I do not
> > see
> > any entries in the ISA Logs.
> >
> > The Home-SBS CAN run the RWW-RDP session however, and shutting the 4125
> > filter will make the session fail, so from the perspective of Home-SBS,
> > everything is cool.
> >
> > I hesistate to repeat this experiment with SP1 :-). Alternatively, is
> > there
> > any way to have the server automatically bring up the PPPoE connection
> > upon
> > boot?
> >
> > ---K
> >
> > "Frank McCallister SBS MVP" wrote:
> >
> >> My preference is PPPoE with the External NIC Static on the Routers LAN
> >> Subnet with DHCP disabled. ie if Router LAN is 192.168.1.1 I set the NIC
> >> to
> >> 192.168.1.2 and then Port forward the ports I want to that IP
> >>
> >> --
> >> Frank McCallister SBS MVP
> >> COMPUMAC
> >> "ckennylin" <ckennylin@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> news:0F020DC2-81C5-4312-A618-92FE355958A2@xxxxxxxxxxxxxxxx
> >> > Hi All:
> >> >
> >> > I have an SBS 2003 Premium server that I need to relocate and reconnect
> >> > to
> >> > the Internet. It currently has 2 nics with a public and private IP
> >> > address,
> >> > and its internet connection is a DSL router, with multiple public IPs
> >> > and
> >> > a
> >> > gateway. I'm running ISA as well as some basic packet filters on the
> >> > router
> >> > for security.
> >> >
> >> > The new location will have DSL as well, with a DSL router that can be
> >> > reconfigured as a bridge. It will have a static public IP, but that
> >> > will
> >> > be
> >> > assigned upon PPPoE authentication.
> >> >
> >> > From what I've been able to gather from the newsgroup and various MVP
> >> > sites,
> >> > the accepted best practice is to do a double-NAT i.e. have the router
> >> > establish & maintain the PPPoE link, and let the SBS's external adapter
> >> > pick
> >> > up a DHCP address from the router.
> >> >
> >> > As a dry run, I tried doing that at my DSL connection at home with an
> >> > SBS
> >> > box (Action Pack, Yay!) and ran into some weird behavior when running
> >> > RWW.
> >> > To make the rest of this post easier to decipher, here's the entire
> >> > chain
> >> > of
> >> > machines:
> >> >
> >> > HPC -> HSBS -> DSL -> Internet -> DSL -> WSBS -> WTS
> >> >
> >> > Where:
> >> >
> >> > HPC = Home client PC
> >> > HSBS = Home SBS Server
> >> > WSBS = Work SBS Server
> >> > WTS = Work Term Server
> >> >
> >> > Note the Work SBS network hasn't changed yet, and it has a public IP
> >> > address
> >> > on the external interface. ISA is running on both SBSs.
> >> >
> >> > * Scenario 1: Best Practices using double-NAT on HSBS
> >> >
> >> > On the HSBS, I can remote into WSBS via RWW and run a RDP session on
> >> > WTS.
> >> >
> >> > On the HPC, I can remote into WSBS via RWW, but CANNOT run the RDP
> >> > session.
> >> > It made no difference whether the HC is a SecureNAT or Firewall Client.
> >> >
> >> > * Scenario 2: Configuring the DSL Router as a Bridge, and using CEICW
> >> > to
> >> > create a PPPoE Connection on HSBS
> >> >
> >> > On both HSBS and HPC, RWW to WSBS/WTS runs as expected.
> >> >
> >> > The downside with Scenario 2 is that if HSBS gets rebooted, I will need
> >> > to
> >> > MANUALLY log in to re-establish the DSL connection, unless I'm missing
> >> > something silly.
> >> >
> >> > So before I relocate the WSBS to the new location, I'm looking for the
> >> > best
> >> > way to keep the remaining hair on my head. If I can get RWW/RDP to run
> >> > on
> >> > the HPC with Double-NAT, I'd be really happy. Otheriwse, I'm forced to
> >> > consider running PPPoE on my server, and hope the server doesn't reboot
> >> > at
> >> > some inconvenient time.
> >> >
> >> > Thanks!
> >> >
> >> > ---K
> >> >
> >>
> >>
> >>
>
>
>
.
- References:
- PPPoE vs Double-NAT?
- From: ckennylin
- Re: PPPoE vs Double-NAT?
- From: Frank McCallister SBS MVP
- Re: PPPoE vs Double-NAT?
- From: ckennylin
- Re: PPPoE vs Double-NAT?
- From: Frank McCallister SBS MVP
- PPPoE vs Double-NAT?
- Prev by Date: Re: Symantec Web Security & ISA 2000
- Next by Date: Re: WAN Link Connectivity
- Previous by thread: Re: PPPoE vs Double-NAT?
- Next by thread: Asset Management
- Index(es):
Relevant Pages
|
