0

I have setup a server at work and I want to use 2 network cards to have a local and external (internet) interface. I have set it up as follows:

Internal Network Setup

External Network Setup

This server will be used for Windows Deployment Services and I would like to spoof internet domains and redirect them to this server. This would be for antivirus updates as they can be very slow sometimes so having them locally will help. Also Windows Server Update Services will be used.

I have setup NAT on the server but when a machine gets an IP address through DHCP, the machine has no internet access...

  • Sounds like you've got a server, acting as a router (w/ NAT); and you want it to support WDS, WSUS, and you're going to setup DNS to point certain domains to it as well. But you're using internal IPs on both adapters, and from the same subnet. Is that much correct? – Chris S Mar 18 '11 at 18:42
  • Which adapter is which? I always rename mine to "internal"/"external" to keep them clearly documented. – Bret Fisher Mar 18 '11 at 18:52
  • Yes that's right Chris. Is this where the problem is? Do I need to have the server on IP 192.168.1.50 and, let's say, other machines on 192.168.2.100..101..102... I have renamed them slightly, as you can see at the top of the properties box. Are these the right settings? –  Mar 18 '11 at 18:54
  • Also Chris, we have a linksys router which will be connected to the server (on the external connection) and a gigabit switch which will have machines running off it (the internal connection) –  Mar 18 '11 at 18:58
  • are you expecting these computers to be plugged into a "private" switch behind this server, get windows and updates, and then you'll move them to the "production network"? – Bret Fisher Mar 18 '11 at 19:01
  • It's a computer repair shop. I am looking to have all the machines on the Gigabit switch (which they already are) but for me to setup the DNS to point locally (for a/v updates) I have Googled I see it can be done with Microsoft DNS server, so hence why I want it setup, otherwise we wouldn't have a need for it. Windows Updates will be on the Server (WSUS) It will be setup as this: Internet --> Router --> Server --> Switch --> Machines Would the internet become slower if it is all routed through the server and not directly through the router? –  Mar 18 '11 at 19:06

3 Answers3

1

Wouldn't it be best to have the external and internal on different subnets?

Ext.
IP:192.168.1.50
Mask:255.255.255.0
Gate:192.168.1.1
DNS:127.0.0.1

Int. IP:192.168.5.1
Mask:255.255.255.0
DNS:127.0.0.1

evolvd
  • 1,384
  • 6
  • 33
  • 58
  • What would be the advantages of this? –  Mar 18 '11 at 19:07
  • yea if you're going to have two switches segmenting the two networks deanpcman then you should use a different subnet on the internal. Technically you don't need NAT since both addresses are private (your Internet firewall is already doing NAT), but no harm if it's just for deployments. Change your DHCP to point to the new internal address. Also, the server shouldn't need to point to itself for DNS, but rather your standard network DNS... only the deployment clients need the "special" DNS IP. – Bret Fisher Mar 18 '11 at 19:08
  • OK thank's Bret! Will give it another go when I get back in the office tomorrow and let you know how I get on :) –  Mar 18 '11 at 19:11
  • deanpcmad, you can't route on inside a single subnet. if you want the clients to route through the server for all traffic, they need to have the internal IP of the server be on a different subnet then the IP's on the outside of the server. Make one up that's not in use like 192.168.x.1-254 and same subnet mask of 255.255.255.0 – Bret Fisher Mar 18 '11 at 19:12
  • Ahh OK, that must have been the problem. I will give it a go tomorrow and let you know... –  Mar 18 '11 at 19:48
  • Nope couldn't get it to work. May have a go in a virtual machine... Is there any advantages of using dual network adapters like that? Would it be faster browsing the internet and that? –  Mar 19 '11 at 18:28
0

with that server pointing to itself for DNS, can it browse web sites? If no then your DNS server may not have port 53 out TCP/UDP for querying DNS roots. If yes, then can a client pointing to the server for DNS do nslookup on serverfault.com? If it can't resolve then server firewall may be preventing connections. Use Microsoft Network Monitor on server to look for incoming connections on 53 and see if clients are successfully connecting.

Bret Fisher
  • 3,973
  • 2
  • 21
  • 25
  • Yes it can browse sites. I'm connected to it over the internet using Remote Desktop –  Mar 18 '11 at 19:00
0

It may be easier for you to use ICS:

http://technet.microsoft.com/en-us/library/cc770507(WS.10).aspx

joeqwerty
  • 109,901
  • 6
  • 81
  • 172