Re: Allowing Visitor Internet access

Okay I understand now. Thanks for hanging in there with me.

Chad

"Merv Porter [SBS-MVP]" wrote:

No, you only need the single wireless router, the SBS with 2 NICs and the
switch. Again, look at the diagram in my last post:

Two Nics, a static IP address, ISA, router
(the diagram works with or without ISA)
http://www.smallbizserver.net/Articles/tabid/266/articleType/ArticleView/articleId/76/Two-Nics-a-static-IP-address-ISA-router.aspx

When configured correctly, you will essentially have 3 networks, separated
for security:

The Internet (via the DSL Modem)
Firewall-Router (public WAN side), Static Public IP from your ISP

Firewall-Router (private LAN side), Static IP 192.168.1.1
(this is where the wireless guests will be)
SBS External NIC, Static IP 192.168.1.2

SBS Internal NIC, Static IP 192.168.16.1
Workstations, Dynamic IPs 192.168.16.x


In the router, ports required to run SBS services (RWW, Exchange, VPN, etc.)
are forwared from the router WAN side to the IP address of the SBS external
NIC (192.168.1.2).

SBS 2003 Ports
http://msmvps.com/blogs/kwsupport/archive/2004/10/31/17438.aspx

BTW... In a normal install, the SBS internal is assigned an IP address of
192.168.16.2 (but 192.168.16.1 should also work).

The wireless portion of the router is on the LAN side of your router
(192.168.1.x), which is itself separated from your SBS LAN by the external
NIC and the SBS RRAS firewall that is implemented when you run CEICW to
configure SBS. You leave DHCP service on in the router for wireless guests.
You don't have to worry about "exclusions" on the router. The SBS external
NIC IP is then given a static IP address inthe same range as the LAN side of
the router (something like 192.168.1.2). Whern you run CEICW, it will then
configure the SBS server as the DHCP server for the SBS LAN workstations.
Normally, CEICW will exclude the first 10 addresses (192.168.16.1-9) from
the DHCP scope so these can be used as static addresses for files server,
print servers, etc.


--------------------------------------------------------------
Internet
|
DSL Modem
|
Wireless Router (WAN, static IP 75.144.223.1)
|
Wireless Router (LAN, static IP 192.168.1.1; wireless guests get
192.168.1.x)
|
SBS (External NIC, static IP 192.168.1.2)
||
SBS (Internal NIC, static IP 192.168.16.1)
|
Switch
| | | | | |
Workstations (dynamic IPs 192.168.16.x)
--------------------------------------------------------------

--
Merv Porter [SBS-MVP]
============================

"Chad" <Chad@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9A67BF70-E346-4BD3-A523-A07E88EE8AB5@xxxxxxxxxxxxxxxx
No I'm actually trying to keep them seperate. Wireless internet access to
visiting customers as a courtesy only. And then a traditional wired sbs
LAN for 7 pcs in an office.

Right now I've purchase sbs2003 preloaded on a dell server with 2 nics. A
16port switch to support internal LAN of 7 pcs and as Wireless router SMC
SMCWGBR14-N Barricade N router recommended by cnet. From what I gathered
from you I will need to get a wired router as well to make this work
right?

"Merv Porter [SBS-MVP]" wrote:

I have a feeling that you want wireless for both guests AND internal SBS
LAN
users? Is this right?

--
Merv Porter [SBS-MVP]
============================

"Chad" <Chad@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E9FCDA53-3C37-4C51-B9A1-D7B266A9D828@xxxxxxxxxxxxxxxx
Merv, in this example do I forward the ports from the 1st router or the
second router or both? Do I turn on DHCP for the 1st wireless router
to
provide IP addresses for the wireless clients to access the internet
and
disable DHCP for the second wireless router?

What about setting DMZ for the first router so all the ports are
accessible?
Can a wireless router support wireless clients without DHCP being
enabled?

Thanks for your input.

Chad



"Merv Porter [SBS-MVP]" wrote:

Hi Chad,

See the diagram at:

Two Nics, a static IP address, ISA, router
(the diagram works with or without ISA)
http://www.smallbizserver.net/Articles/tabid/266/articleType/ArticleView/articleId/76/Two-Nics-a-static-IP-address-ISA-router.aspx

The WAN side of your router will use the static IP address supplied by
your
ISP. The workstations will be 192.168.16.x.

--------------------------------------------------------------
Internet
|
Router (WAN, static IP 75.144.223.1)
|
Router (LAN, static IP 192.168.1.1)
|
SBS (External NIC, static IP 192.168.1.2)
||
SBS (Internal NIC, static IP 192.168.16.2)
|
Switch
| | | | | |
Workstations (dynamic IPs 192.168.16.x)
--------------------------------------------------------------

In the router, forward the ports for the services you need to the
external
NIC IP address:

SSL... 443
RWW... 4125
VPN... 1723 and GRE Protocol 47 (for PPTP VPN)
Mail Server... 25 (if you'll be hosting your own Exchange mail server)
RDP... 3389 (straight RDP session to SBS server)

Once you get it physically set up, run CEICW to configure the SBS
server
for
DHCP and other services:

CEICW Walkthrough
http://www.sbs-rocks.com/sbs2k3/sbs2k3-n2.htm


--
Merv Porter [SBS-MVP]
============================

"Chad" <Chad@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4629921D-9CCE-4931-B2CA-276673857B4F@xxxxxxxxxxxxxxxx
Merv thanks for the super quick response!

I will have a static IP address provided from comcast so how will
these
IP
addresses be assigned?

For example:
cable (static) 75.144.223.1 - Wireless router w/ dhcp
192.168.1.1...2...3....etc - SBS external NIC 75.144.223.2 - SBS
internal
NIC
(w/dhcp) 192.168.16.1

All internal LAN computers 192.168.2....3....4 etc

Thanks

"Merv Porter [SBS-MVP]" wrote:

Hi Chad,

Yes. With two NICS in the SBS server, the SBS LAN is isolated from
the
router LAN. You could then turn on the DHCP service on the router
and
it
should not interfere with the SBS DHCP service. That would give
your
your
wireless guests Internet access (only) by providing them an IP
address
in
the same subnet as the LAN side of the router.

Owen Williams wrote a great article on setting up an even more
secure
wireless network:

Configuring Secure Wireless Network Access with Microsoft® Windows®
Small
Business Server 2003
http://home.comcast.net/~clearviewtc/

--
Merv Porter [SBS-MVP]
============================

"Chad" <Chad@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B661612A-B735-4E47-BD82-0979C164F6D8@xxxxxxxxxxxxxxxx
Is there a way to provide wifi access to visiting clients just
using
a
wireless router? For example cablemodem - wireless router -
sbs2003
(2
nic
standard) - switch - internal lan. Thanks

"Owen Williams" wrote:

Bibbob:

Following up on my earlier post (to Merv's response), I am using
a
configuration like this at one client's site so that an SBS2003
network
and a Guest PC can share a DSL Internet connection:

+-------+
|DSL Mdm| 192.168.1.1
+-------+
|
+-------+ 192.168.2.1
| Router| DHCP Server Enabled -
+-------+ Exclude 1st 10 IPs
| |
| +-------------+
| |
|192.168.2.2 |
| [Ext. NIC] |DHCP IP
+-------+ +-------+
|SBS2003| |GuestPC|
+-------+ +-------+
| [Int. NIC]
|192.168.16.1
|
+--------+
| Switch |
+--------+
| | | |
| | | |
[Domain PCs]

SBS2003 runs either the RRAS or ISA2004 firewall so Ext. NIC
(192.168.2.2) is protected.

"GuestPC" could be a Wireless Access Point with a STATIC address
of,
for
example, 192.168.2.3 (which is used primarily for WAP
administration).
Then, guest PCs with wireless capabilities associate with the
WAP
and
get an IP address from the (wired) Router.

Since Wireless Routers are easier to find (and often less
expensive)
than WAPs, you can use one as a WAP provided you:

- disable the DHCP server on the Wireless Router
- connect an Ethernet cable from the (wired) Router to one of
the
switch
jacks (there are most often 4) on the Wireless Router. Do NOT
connect
anything to the Wireless Router's "WAN" or "Internet" jack.

-- Owen Williams













.

Relevant Pages

  • Re: CEICW Network Error
    ... both NICs on SBS should get DNS from the 'internal' SBS NIC. ... The SBS DNS Server service can then be told to use the router or your ISP's DNS Servers as forwarderby submitting such during the CEICW or manual adjustment, OR you can leave the DNS setting blank during CEICW and SBS DNS will resolve using 'root hints'. ...
    (microsoft.public.windows.server.sbs)
  • Re: Install 3 times (triple crown)
    ... [switch (could be built into router)] ... In the above example, the gateway router lan side is on the 192.168.0.x network, as are the wan nics of the SBS boxes. ... built 4 SBS servers with one installation and launched,> which are ...
    (microsoft.public.windows.server.sbs)
  • Re: Setting up wireless in a passthru/bridge mode
    ... then re-run CEICW to configure the SBS server properly (including inputing ... (2 NICs) ... a wired and a wireless. ... Put the wired router between the ...
    (microsoft.public.windows.server.sbs)
  • Re: How do I configure SBS 2003 as a DHCP server?
    ... Knowledgeable SBS MVPs and others of us have tried hard to help you, ... I don't like the idea of a router between SBS and my modem. ... My network now consists of the modem at the edge facing the Internet. ... > post) for the server indicated that you have 2 NICS and that the ...
    (microsoft.public.windows.server.sbs)
  • Re: Install 3 times (triple crown)
    ... I'm not really talking about DHCP on the router, but as you mentioned it - it can be on or off - but it's best practice practice to have your SBS nics on static IP addresses. ... > Current Network ...
    (microsoft.public.windows.server.sbs)