Re: Share Internet Connection with 2 SBS Same Router
- From: "SuperGumby [SBS MVP]" <not@xxxxxxxxxxx>
- Date: Wed, 22 Oct 2008 07:35:58 +1100
simple text diag, hope you get it.
internet
|
|
Sonic WAN (single public IP)
Sonic DMZ (NAT'd, 192.168.x.etc) -- Switch -- SBS08 and 08LAN
Sonic LAN (192.168.y.etc)
|
|
Switch
|
|
SBS03 and 03LAN
Facility between the two networks will be under control of the LAN/DMZ rules
on the SonicWall.
better would be:
internet
|
|
Sonic WAN (Public IP)
Sonic DMZ (Public IP) -- Firewall -- Switch -- SBS08 and 08LAN
Sonic LAN (192.168.y.etc)
|
|
Switch
|
|
SBS03 and 03LAN
but relies on the ISP being able to assign a 2nd public IP to the DMZ. The
'firewall' function on the DMZ _may_ be controllable in the SonicWall.
"Mishuno" <Mishuno@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A8997D47-FE48-4D25-BFB8-51EDF09375C3@xxxxxxxxxxxxxxxx
The Sonicwall documentation states:
"The SonicWALL DMZ has the ability to use private internal IP addresses
rather than public IP addresses on the network. Since NAT hides the true
IP
addresses in use on the network, NAT on the DMZ is an additional security
feature for the SonicWALL. The outside world only sees the outside public
IP
address of the DMZ and not the internal private addresses.
To configure the DMZ in NAT Mode, use the following instructions:
In the DMZ Private Address field, enter the private internal IP address
assigned to the DMZ interface.
Assign a subnet mask in the DMZ Subnet Mask field. The LAN and DMZ can
have
the same subnet mask, but the subnets must be different. For instance, the
LAN subnet can be 192.168.0.1 with a subnet mask of 255.255.255.0, and the
DMZ subnet can be 172.16.18.1 with a subnet mask of 255.255.255.0.
If you choose to use DMZ NAT Many to One Public Address (Optional), enter
the DMZ public IP address which is on the same subnet as the WAN for
access
to devices on the DMZ interface. DMZ NAT Many to One Public Address is
only
available if your SonicWALL is configured in NAT Enabled networking mode."
I followed these directions.
Not sure what else to do.
If I connected a router to the DMZ port, would I connect the cable to the
WAN port on the router or a LAN port on the router?
If the WAN port then what should the setup be for the WAN port on the
router? Dynamic IP, Static IP? If static what should the IP, Mask and
Gateway
be then?
I tried a number of these options but I am doing something wrong.
"SuperGumby [SBS MVP]" wrote:
just nodding.The SonicWALL DMZ has the ability to use private internal IP addresses
A simple NAT router attached to the DMZ port would be good. I'm not going
to
rather than public IP addresses on the network. Since NAT hides the true
IP
addresses in use on the network, NAT on the DMZ is an additional security
feature for the SonicWALL. The outside world only sees the outside public
IP
address of the DMZ and not the internal private addresses.
To configure the DMZ in NAT Mode, use the following instructions:
In the DMZ Private Address field, enter the private internal IP address
assigned to the DMZ interface.
Assign a subnet mask in the DMZ Subnet Mask field. The LAN and DMZ can
have
the same subnet mask, but the subnets must be different. For instance, the
LAN subnet can be 192.168.0.1 with a subnet mask of 255.255.255.0, and the
DMZ subnet can be 172.16.18.1 with a subnet mask of 255.255.255.0.
If you choose to use DMZ NAT Many to One Public Address (Optional), enter
the DMZ public IP address which is on the same subnet as the WAN for
access
to devices on the DMZ interface. DMZ NAT Many to One Public Address is
only
available if your SonicWALL is configured in NAT Enabled networking mode.>
look at the specs for the sonic but you might need to check how this DMZ
port works, does it provide a 2nd WAN IP or does it operate a 2nd NAT'd
subnet? If it provides a 2nd NAT'd subnet you will have problems
accessing
the test network from 'outside' because the ports on the external IP are
bypassing the DMZ to get to SBS on what the router refers to as LAN.
"Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in message
news:%23Ds1TO7MJHA.6044@xxxxxxxxxxxxxxxxxxxxxxx
Yes, you could attach it to the DMZ. The DMZ should be "fairly" safe
(at
least as a test bed) since your SBS 2008 network would have the Windows
2008 firewall plus a NAT router in front of it. You might also be able
to
attach the cheap router to a port on the CISCO switch and then manually
adjust the port forwarding inteh Sonicwall as necessary for testing.
--
Merv Porter [SBS-MVP]
============================
"Mishuno" <Mishuno@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:61CB1C6C-22C2-49A8-9D11-126C974950D8@xxxxxxxxxxxxxxxx
The SonicWall is a Pro 280. It is an older product now discontinued.
In
any
case it only has a WAN, LAN and DMZ port. The WAN is going to our ISP,
the
LAN goes to our Cisco switch. All the clients and the SBS 2003 server
attach
to that switch.
Can I attach the cheap router to the DMZ? Although that is not safe...
"Merv Porter [SBS-MVP]" wrote:
One approach...
Attach a cheap router to the network: connect an Ethernet cable from
a
free
port on the Sonicwall to the WAN port on the cheap router. Set WAN
side
of
cheap router to a static IP address in the same range as the
Sonicwall.
Then attach the SBS 2008 NIC and the workstation NIC to free ports on
the
cheap router. Set forwarding for required ports in the cheap
router's
web
interface.
Problem... port forwarding from Sonciwall can only go to a single
NIC.
Some port numbers can be changed. Some cannot. So in general, ports
443,
1723 and 25 can only be forwarded to either the cheap router static
IP
OR
forwarded to the current SBS 2003 NIC (I assume you have an SBS 2003
setup
with a single NIC). You'll need to manually adjust the port
forwarding
on
the Sonicwall as necessary to test the SBS 2008 network.
--
Merv Porter [SBS-MVP]
============================
"Mishuno" <Mishuno@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4DF788F5-3B62-4BA3-B4AB-5316B8367AF9@xxxxxxxxxxxxxxxx
We currently have a working SBS 2003 domain. In a few weeks we are
going
to
be moving to SBS 2008. I am doing a learning dry run install of SBS
2008
right now on a extra server we are not currently using to make
myself
comfortable with the install and to test some of the features. My
problem
is
I have only one internet connection. We have a T1 coming in to a
sonicwall
router/firewall that acts as our gateway. I cannot connect the SBS
2008
server to this because it then sees the SBS 2003 server. In order
to
complete
the installation and test SBS 2008 I want to setup a separate
network
consisting of the SBS 2008 server and one client, but I need to
connect to
the net through the current gateway in order to do this. Is there a
way to
keep these two networks separate but share the same net connection
and
gateway? If so, how can it be done?
I have extra switches and routers that I can use.
Thanks in advance.
.
- Follow-Ups:
- Re: Share Internet Connection with 2 SBS Same Router
- From: Mishuno
- Re: Share Internet Connection with 2 SBS Same Router
- References:
- Share Internet Connection with 2 SBS Same Router
- From: Mishuno
- Re: Share Internet Connection with 2 SBS Same Router
- From: Merv Porter [SBS-MVP]
- Re: Share Internet Connection with 2 SBS Same Router
- From: Mishuno
- Re: Share Internet Connection with 2 SBS Same Router
- From: Merv Porter [SBS-MVP]
- Re: Share Internet Connection with 2 SBS Same Router
- From: SuperGumby [SBS MVP]
- Re: Share Internet Connection with 2 SBS Same Router
- From: Mishuno
- Share Internet Connection with 2 SBS Same Router
- Prev by Date: Re: I can't publish to my SBS Default Web Site
- Next by Date: Re: Symantec computer search returns non-existent host names
- Previous by thread: Re: Share Internet Connection with 2 SBS Same Router
- Next by thread: Re: Share Internet Connection with 2 SBS Same Router
- Index(es):
Relevant Pages
|
Loading
