Small network to Net setup suggestions.

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Greetings All,

I apologize for a rather rookie question. I'm rather new to MSFT for our
networking. Basically, I have a small critical network I have to get up on
the net. I have Win2K3 STD and I think I have DHCP and DNS w/ AD setup and
working correctly. Although I'm very new to AD.. The 3 work stations are
getting they're 192.196.1.x IP's, but can't they can't see the net. I do have
routing enabled and believe most things are correct there. Looking to see if
anyone has set up a similar network w/ Verizion's DSL service and ran into
any "got ya's"..

Also woundering if I'm better off using a small Cisco router and FW instead
of Win2K3's internal routing, NAT and FW..

Any help or suggestions would be greately appreciated.

Ren
 
You will be better off spending the $50 for a simple NAT router. It is inherently
more secure and also simpler to configure and diagnose when things aren't working.

There will be no real advantage to you from what you've described in getting a
business-grade Cisco router, though they are of course first-rate units. If you need
for example VPN access, and/or have a need for a lot of customization in your
routing, that would be a choice. If you don't know IOS, a Cisco router can become
a formidable adversary.

The most likely source of your problem is that the default gateway IP is set incorrectly
on the workstations, or the server isn't able to reply back to the workstation because
NAT is incorrectly setup in RRAS, or is not setup at all. The default gateway should be
the internal LAN IP of the server. The external NAT interface should be configured as
the other NIC on the public side in RRAS.

Open a CMD prompt and do a "tracert" from a workstation to your ISPs DNS server IP.
When the output turns to "* * *", that's where the circuit is broken. Either the data isn't getting
to that hop, or that hop can't route a response back to you. Once you know where it is failing,
figuring out why is usually not too hard.

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.
 
Thanks for the response Steve. Making a little more progress. Unfortunately
I've been out of the "routing" part of things for a long long time. Does this
basic setup
seem locical? or do I need to head back to the book store for some routing
101 and also get a real net guy? I can ping and tracert everywhere locally
but can't get Net.


{"Internet"}
|
|
Switch
|
Server - DNS -> 192.168.1.5
DHCP -> 192.168.1.6
|-> Workstations

Our server is just one of those Dell 2850 w/ (2) built in ethernet ports
so I was first hoping to get it all done with just Win2K3 to keep costs low
but secuirty and being able to VPN in from home are paramount.

Its definately still my NAT. Next step is probably to just get a simple
device for it.
 
You can certainly do what you're attempting with just two NICs and a server.

Just turn up RRAS with a NAT interface, make sure the external side of NAT
is the Internet NIC and workstations are using the server as their gateway IP, and
things will pretty much just work on their own.

I personally do not like having any computer - and especially a server - directly connected
to a public Internet wire. I consider it a de facto security problem. (The problem is
that software solutions can easily become misconfigured, leading to direct
exposure.) With a hardware NAT box, I know positively that traffic has to
pass through it to get to the server, so I worry less about what gets misconfigured.
This of course is entirely your call.

If you want VPN, be sure to get a router that supports VPN passthrough, or better, a
device that supports VPN in the hardware.

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.
 
Back
Top