Re: 1 NIC v. 2 NICS & remote access questions from beginner

Russell,

None of the ports I indicated allow external access to files. You need to determine what method of file access you want. Example: you could use Remote Web Workplace for direct, remote control access of desktops, or you could use a VPN for general network connectivity followed by mapped drives to the file shares.

If using VPN, the usual security precautions apply. Make sure your remote users are locked down securely and checked for viruses, spyware, etc. Then, you need to determine what method of VPN you want. You can use the free Microsoft VPN by configuring RRAS on the server and opening TCP port 1723 on the firewall (redirected to the LAN IP address of the server), or you could use a firewall-provisioned client. You should weigh the balance of ease of configuration vs. cost vs. level of security.

SharePoint will also let you access server-based files, provided they are placed in the appropriate CompanyWeb document libraries, and that you've configured things properly for inbound HTTP or HTTPS access.

You should not need ANY public IP addresses on your server's NIC. All public addresses will be assigned to your firewall. Your firewall will then forward requests to the appropriate internal address based on the rules that you create.

Yours,
Brad Dinerman


______________________________________
Bradley J. Dinerman, MVP - Windows Server Systems
President, New England Information Security Group
http://www.neisg.org

Russell DeMarco wrote: 
There are a couple of ways that you could configure your network.  Since
you're using SBS Standard and not Premium, I'll assume that there is no
ISA Server on your network.

A typical configuration would be to have your ISP's router connected to
your firewall device.  [I'll assume that your Symantec router is really
your firewall.]  The firewall would have a public IP address assigned by
the ISP to the WAN port, and it would have a private address
(192.168.etc.etc) assigned to its LAN port.

The server needs to have only a single NIC on the same subnet as the
firewall LAN port.  So if the firewall LAN port is at 192.168.0.1, then
you could put your server at 192.168.0.2 and your workstations and
network printers would follow the pattern.



                    All of the above is correct.



To access features of the server remotely (such as Outlook Web Access or
Remote Web Workplace), you will need to setup port forwarding on the
firewall.  Examples: port 25 for inbound email, 443 for HTTPS needed for
OWA, 4125 needed for Remote Web, etc.



Which one of the above (or sharepoint?) allows our users to access files on
the server remotely?  Is it better to use the router/firewall's VPN?

Here's where I get confused.  Our router/firewall (Symantec) has public
ip...118 attached to it's WAN port that's our Gateway, correct?  (We have a
block of 5 IPs.)   We then followed SBS directions which stated we need to
have our ISP point a DNS "A" record to server.domainname.com and we told
them it'll be public ip...117.  I assume this was to access the server
locally.  We also had them point our MX pointer to .117.  We're not using
Exchange YET.

So do I setup the .117 on our server's NIC?  Do I port forward to the
servers private IP?

Thanks again.



______________________________________
Bradley J. Dinerman, MVP - Windows Server Systems
President, New England Information Security Group
http://www.neisg.org

Russell DeMarco wrote:

We have SBS 2003 std that we've been using for a few months now.  We now
want to access the server remotely and setup Exchange.  We have 1 NIC,


do we

need (or is it preferred) 2?  The first NIC is a local IP 192..., do we
setup the 2nd NIC with one of our public IPs?  Is there something I need


to

do in our Symantec router (forward ports or something)? (It's not 

recognized

by SBS.)  Is it better if I use the VPN in the router?

Thanks.





.

Relevant Pages

  • Re: How to Maintain an IIS Server?
    ... > server running on a Windows 2000 server. ... before a firewall and antivirus have been installed]. ... open ports; however, this will not identify which program is using the port. ...
    (microsoft.public.inetserver.iis.security)
  • Re: CEICW fails at firewall config
    ... ISA Server prevents connection to a remote desktop when you connect through ... Remote Web Workplace on a Windows Small Business Server 2003-based computer ... Acceleration Server as a firewall. ... connection uses TCP port 4125. ...
    (microsoft.public.windows.server.sbs)
  • Re: How to Maintain an IIS Server?
    ... >> server running on a Windows 2000 server. ... > before a firewall and antivirus have been installed]. ... > program or executable using that port. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Activesync / Airsync - Alternative Ports
    ... Setup a reverse HTTP proxy. ... Another idea is to use the PPTP capabilities of a Windows Server to allow ... Satellite - Cisco Firewall - Exchange Server ... So on the server side you would configure the port 80 to redirect to ...
    (microsoft.public.pocketpc.activesync)
  • Re: More on Remote Desktop
    ... Also note that if you use the default listening port for Remote Desktop there is no need to append ... >> point it to the Static IP of the internal server. ... >> firewall to get between your clients and server on your own LAN. ... >> mine setup so that my firewall makes the PPPoE connection to my ADSL ISP. ...
    (microsoft.public.windowsxp.network_web)