Unable to access Internet

[averagecdn]

Ok I have a Windows SBS 2003 Server with a dual head intel network card. 1 port is configured for internal network access and the other is configured for Internet Access. The ip address of the internal connection is 192.168.2.100 ( static ip setting) and the internet is 192.168.2.108 (dhcp from SMC router 192.168.2.1). I have configured DNS to use 192.168.2.100 for the client computers and then the forwarder is setup to go to the ISP DNS servers. The DHCP is setup with a scope from 192.168.2.150 - 192.1682.175. In this scope the DNS is 192.168.2.100 and the Default Gateway is the Internet port (192.168.2.108). The client computers are unable to access the internet. I have tried pinging things past the internal network and nothing responds. I have pinged the router and I have tryed to ping 192.168.2.108 (Internet Port) with no response. If someone anyone can provide some assistance it would be greatly appreciated...

Thanks Mark

[eyeball]

i have never set it up this way i have always used a switch and therefore only the router was doing any NAT(ing)

i suspect your problem stems from the fact that two devices are NAT(ing) address's

also i noticed you have DHCP on the router, disable this and give your server 2 static IP's as from your post i understand it has 2 NIC.

to access the internet via the server ICS will have to be used, i think its in the RRAS admin tool, not too sure tho maybe someone can clarify that.

other than this i cant say much except get the server accessing the net first then move onto the clients

good luck!

Edited February 4, 2006 by eyeball

[averagecdn]

The current hardware setup is DSL MODEM >SMC ROUTER> SERVER ( DUAL HEAD CARD) > SWITCH> client computers. I am trying to stay away from ICS I would like to configure it alone with networking. I realize this is probably the harder way of doing it but I believe you never learn anything by taking the easier route..

[Gouki]

tracert something outsite your network (google.com) and see where it fails.

I noticed you have your DNS (Primary and Secondary) set to your server IP. I think the problem maybe the server, cause it problably is Authorative for that zone (your network) and is not forwarding request (stuff that he doesnt know, google.com for ie) to your ISP DNS servers.

Just to help me out, set DNS (1 and 2) to your ISP DNS server. See if it works.

[RogueSpear]

The ip address of the internal connection is 192.168.2.100 ( static ip setting) and the internet is 192.168.2.108 (dhcp from SMC router 192.168.2.1). I have configured DNS to use 192.168.2.100 for the client computers and then the forwarder is setup to go to the ISP DNS servers. The DHCP is setup with a scope from 192.168.2.150 - 192.1682.175. In this scope the DNS is 192.168.2.100 and the Default Gateway is the Internet port (192.168.2.108).

The default gateway in the scope should be 192.168.2.1 (the router), not 192.168.2.108 (the server). The other suggestion I would make here is to disable the router from offering DHCP leases since your SBS server is acting as a DHCP server on the same subnet. For starters the SMC router will show up as a rogue DHCP server on the SBS server, secondly who know which DHCP server your clients are getting leases from.

Considering everything here is on the 192.168.2.0 network, you would probably be better served to just bond both NIC interfaces on the server into a single virtual 200Mbs port.

EDIT: Ok, I just noticed in a post subsequent to your first post, that the server sits between the router and your clients. If you plan to keep that arrangement, you should use a different subnet for each side of your network.

Edited February 5, 2006 by RogueSpear

[averagecdn]

Two different subnets.... need some help with that... what are we talking here... some examples would be helpful

[rendrag]

edit: Roguespear did a better job explaining

Edited February 5, 2006 by rendrag

[RogueSpear]

Well I'll try without getting into a full blown lesson on TCP/IP. The simple explanation is that a subnet is the local network that traffic does not need a router to access. Everything within a subnet will receive broadcast traffic from a node on the same subnet. I'm not the best at outlining these things, so maybe using your network as an example will help.

What it sounds as though you want to do is have all of your workstations on one subnet (192.168.2.0 as an example) and have your router on a seperate subnet (192.168.3.0 to continue the example). Your server is acting as a router, seperating the traffic between the two. At least this is how it appeared to me from your diagram a few posts up. The benefit to this arrangement, and this is a matter of debate, is that should someone compromise your router, they should only be able to directly attack your server and not the workstations. This is because the server sits in front of the workstations. Now the server is arguably the most important node on the network, so having someone attack it instead of a workstation is where the debate comes in. There are other factors. If you're not hosting a web site accessible to the public or some other service where someone from the outside is supposed to gain some kind of access to the inside, then a properly configured router will sufficiently keep intruders out (not counting downloaded trojans, etc).

I'm going to go on the assumption that your SMC router is a consumer grade router with limited configurability and interface options, as opposed to something like a Cisco PIX 515. So in all actuality, I think you'd be well servered to just stick with one subnet and bond your dual interface NIC into a virtual NIC. This will cut down on the complexity and eliminate some possible performance bottlenecks. Also depending on how things are configured, it will eliminate a potential point of failure. If you can manage to setup and configure a VPN setup using Windows native VPN services, then this should be a walk in the park for you.

[averagecdn]

So is what your saying is to bridge the 2 connections together into 1 connection correct. If so thats no problem. 2nd question is then how does that change the DHCP and DNS settings

[RogueSpear]

To start, with both sides of the network sharing the same subet, all the prior settings are pretty much invalid, with the exception of possibly your DNS server settings on the server (how's that for a bad sentence). Here's what I would do, I'm sure others would disagree.

Turn off DHCP serving on your SMC router. SBS should provide that. It's not really a good practice to have a server obtain it's network config via DHCP. Also, SBS will see that there is another DHCP server and flag it as a rogue DHCP server. Then there's the issue of your clients sending out a DHCP request and getting multiple responses. They'll take the config of whoever answers first. Could be SMC, could be SBS.

Bond the two interfaces on the SBS server into a 200Mbs virtual NIC. Take note that when you do this, the Intel drivers may create a MAC address for the NIC that is entirely different from either of it's "real" MAC addresses. Or it may let you choose which real MAC of the two you want to use. I've done this on Compaq Proliant servers and on Dells that uses Broadcom NICs, but not on an Intel card. In the NIC's properties, set a static IP and the default gateway as the SMC.

Enable SBS to serve both DHCP and DNS. Make your forward lookup zone an Active Directory integrated zone. For the DHCP scope, configure it so that your clients point to SBS for DNS and to the SMC for the default gateway. There are a few settings both in DHCP and DNS that are optional, there are some that are good for security, etc. Once you get things up and running, you can read up on what some of them do and set appropriately.

Edited February 5, 2006 by RogueSpear

[averagecdn]

Ok so in Small Business Server 2003 it will not allow me to bridge 2 network adapters. Any suggestions on a work around?

[RogueSpear]

I think you're confusing "bridge" with "bond". You don't want to bridge two networks together. What I had suggested was "bonding" the network interfaces on your NIC into one with a virtual MAC address. Effectively giving your server a 200Mbps interface. This is something that you should be able to configure in the driver or driver utility.

[averagecdn]

But does bonding not make the 2 connections basically seem seamless. That there is 2 physical connections then through software it allows the 2 seperate networks be connected together. However in XP this is called Bridging....