Re: Issues running SBS behind router
- From: Tad Price <TadPrice@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 5 Dec 2005 21:49:02 -0800
You guys both nailed it. All problems appear to be resolved. Thanks big time
(!) for your help. Thanks as well for the additional ideas.
Regarding your questions:
1. Harry Brelsford recommends this dual firewall approach in a couple of his
books, and I think it makes sense. If there is a vulnerability in one
firewall that isn't patched right away, the other firewall could potentially
save me.
2. The two non-domained machines are a) an XP Media Center box, and b) a
Media Center Extender that plugs into a television and plays media that is
stored on the Media Center box. While it is technically possible to add XP
Media Center to the domain (you have one opportunity to do so during setup),
doing so will keep the Media Center Extender from working. It's an
unfortunate limitation.
I initially thought I could simply plug the Media Center devices into the
"internal" switch and not add them to the domain, but when I tried that, the
Extender wouldn't work properly. Since both devices were plugged into the
same switch, I wouldn't think that SBS is somehow causing issues, but this
new configuration should reduce the chances of that just in case.
"addicted2it" wrote:
> Based on what you're telling us, Joes' response is accurate. You
> definitely need to put the SBS server's NICs on different subnets,
> and then let CEICW configure them. If you want to try things out and
> see what works first, just statically assign each NIC a different IP
> scheme, making sure that the SBS "external/WAN" NIC has an IP
> address on the same subnet as the MN-700 router.
>
> That said, I think you're making this more difficult than it really
> needs to be.
>
> If you could, try answering two questions (which may be related):
> 1) What's the driving business need behind having the SBS server
> acting as a second router/firewall?
> 2) Why does this workstation need to NOT be on the domain?
>
> If you're finding it difficult to answer question one, and the answer
> to question two is that you just don't want the workstation joined
> into your domain, then I think you can simply everything.
>
> Here's one option:
> 1) Plug MN-700 into the LAN port on the cable modem
> 2) Disable one of your SBS server's nics.
> 3) Disable DHCP on the MN-700, and set the MN-700 up as a router.
> 4) Plug your switch into the LAN port on the MN-700.
> 5) Plug your server and all of your workstations into your switch.
> 6) Set the server's default gateway to point to the MN-700, enable
> DHCP on the server, and hand-out addresses for the workstations with
> DNS pointing to the SBS server, and the default gateway pointing to the
> MN-700.
>
> The one problem I see here is that this option assumes that the
> "non-domained" workstation doesn't need to be physically isolated
> from your other domain workstations. In this scenario, I would just
> plug the "non-domained" workstation into the switch, let it grab an
> IP via DHCP, but just don't join it to the domain. Or, if the MN-700
> has a DMZ port (which according to search on "MN-700 DMZ", it
> sounds like it does), just plug the non-domained workstation in the DMZ
> port, following the scenario I laid out above.
>
>
> wmi.wmi@xxxxxxxxx
> http://addicted-to-it.blogspot.com
>
>
.
- References:
- Re: Issues running SBS behind router
- From: Joe
- Re: Issues running SBS behind router
- From: addicted2it
- Re: Issues running SBS behind router
- Prev by Date: RE: Clients are losing connection to the server.
- Next by Date: RE: Exchange won't start after clean install
- Previous by thread: Re: Issues running SBS behind router
- Next by thread: Re: RAID1 implementation
- Index(es):
Relevant Pages
|
