Two Network Cards configuration. Please Help me.
Hi guys,
I have one Server with two Network Cards. The first is conected to WAN (Modem Router). The second one is conected to one Switch and provides services to about 10 Pcs.
The most important services that the LAN conection provides is Active Directory, DNS and DHCP.
The WAN adaptar uses the IP 10.0.0.1 and the second (LAN) uses 192.168.0.1 and all things are working perfectly. All machines inside my intranet have logged on the domain, have gotten IP dinnamically thru DHCP and etc.
There is only one problem: although the server can navigate normally thru internet, the machines don't.
What can I do to allow the internal machines conect and stay online over the internet????
Thanks in advance
Clemilson
March 13th, 2011 4:21pm
It's never a good idea to multi-home a DC. I'd remove one of the NICs
Basically your DHCP server must hand out static address of AD server as primary DNS server address so clients can find DC. Then put the ISP's DNS addresses in the forward lookup of your DNS server so clients can find internet. Also make
sure your server has static IP address outside of DHCP scope.
Please post back with any specific questions.
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows]
Free Windows Admin Tool Kit Click here and download it now
March 13th, 2011 4:44pm
Dave,
Thank you so much for your fast reply.
Once I'm brazilian, some technical abreviations in english has confused my understanding on your reply. So, following two questions:
1. If it is not a good Idea to use two NICs. What do you recommend to me, in order to provide AD, DHCP and Internet to my stations with security? My infrastructure is pretty simply: 1 Server with two NICs, 10 PCs connected in one 24 ports switch unmanaged,
1 router providing ADSL and conected on my Server and one Access Point connected in one port of my switch (providing wifi to some notebooks).
Only to complement, I have a Forefront TMG license, so I was thinking to install that IN THE FUTURE on this server, and provide more security. And there's no budget to buy another server at this moment.
2. Can you please, give me more details about the way to continue using two NICs and provide Internet Access to my PCs?
So, I can analyse your two answers about the two questions above and decide if I will keep the two NICs or if I will do somenthing different.
I really, really thank you very much for your help!
ClemilsonClemilson Correia IT Specialist
March 13th, 2011 5:10pm
I'd plug the ADSL directly into switch, remove the unused NIC from DC
Open DNS Manager and right click on your DC name then Properties|Forwarders
Add your ISP addresses here.
DHCP should hand out the address of your DNS server. Clients should automatically end up with DNS address of your DC so they can find and logon to domain. Your DNS server will pass internet requests to your ISP DNS servers for resolution. No need
for the complications of multi-homing.
(note google public DNS is shown for example only) Use your ISPs DNS or also check here for some you can use.
http://www.dnsserverlist.org/
http://code.google.com/speed/public-dns/
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows]
Free Windows Admin Tool Kit Click here and download it now
March 13th, 2011 5:31pm
I'd plug the ADSL directly into router, remove the unused NIC from DC
Open DNS Manager and right click on your DC name then Properties|Forwarders
Add your ISP addresses here.
DHCP should hand out the address of your DNS server. Clients should automatically end up with DNS address of your DC so they can find and logon to domain. Your DNS server will pass internet requests to your ISP DNS servers for resolution. No need
for the complications of multi-homing.
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows]
March 13th, 2011 5:36pm
I'd plug the ADSL directly into switch, remove the unused NIC from DC
Open DNS Manager and right click on your DC name then Properties|Forwarders
Add your ISP addresses here.
DHCP should hand out the address of your DNS server. Clients should automatically end up with DNS address of your DC so they can find and logon to domain. Your DNS server will pass internet requests to your ISP DNS servers for resolution. No need
for the complications of multi-homing.
(note google public DNS is shown for example only) Use your ISPs DNS or also check here for some you can use.
http://www.dnsserverlist.org/
http://code.google.com/speed/public-dns/
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows]
Free Windows Admin Tool Kit Click here and download it now
March 13th, 2011 5:37pm
I concur with Dave's recommendation. The design proprosed is usually best from Small Home/Office Networks.
Designing Active Directory for a SOHO Network
http://www.anitkb.com/2010/12/designing-active-directory-for-soho.html
Sample Design:
You can always add into this design such as TMG, Proxy services, etc...
Visit: anITKB.com, an IT Knowledge Base.
March 13th, 2011 6:45pm
Dear Dave,
That worked perfectly!
There were some old concepts of intranet in my mind and now I see how is easier to use that configuration!
Thank you very much!!!
But, I have only two more question:
1 - My EMAIL and WEB PAGE (e-commerce) is located in an external server (managed by another company). I gave the name MYCOMPANY.com.br to the AD domain, but MYCOMPANY.com.br is also the address of my EMAIL and WEBPAGE. So now, i can access all pages over
the internet, except the MYCOMPANY.com.br because the DNS is confused about that. How can I solve that?
2 -If I want to install Forefront TMG on my intranet.Can I install it on my Server? Or should I install it on another server???
Thank youClemilson Correia IT Specialist
Free Windows Admin Tool Kit Click here and download it now
March 14th, 2011 7:33am
Great! Thank you very much!
Clemilson Correia IT Specialist
March 14th, 2011 8:12am
You can create an A record named www in the DNS zone pointing to the external web server ip address.
I'd ask them here about Forefront
http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows]
Free Windows Admin Tool Kit Click here and download it now
March 14th, 2011 11:04am