Server 08R2 Front End networking probs

[korsen]

ok so what i'm trying to accomplish is getting my server to be a front end for my network. i'm doing all this to learn from experience so I don't know alot of things.

Modem -> Server / Server -> Netgear WGR614v9 -> Rest of network

I already have AD DS, DNS, and DHCP roles installed. DHCP is green, I guessed on DNS and the forward lookup zone has both NIC IP's in there under Host(A) on (same as parent folder) which there is none, and my Nic->Netgear address on Tower(comp name). Reverse lookup zone has Nic->Netgear address. My netgear has obtain DHCP/DNS automatically (which shows it's receiving the IP's I set) and my NIC->Modem is automatically obtained until I can set my ISP service to DDNS. My NIC->Netgear IP is 192.168.1.100, 255.255.255.0, 192.168.1.1 with 1.100 as DNS server (i'm guessing the gateway is wrong but i'm not sure what to put).

I'm eventually going to install Exchange server, and ISA server so keep that in mind.

From Netgear->Network I can ping the network computer, the netgear, and the nic supporting the netgear. Apparently the DNS works slightly because pinging google finds it's IP address but doesn't connect to it. From the Server I CANNOT ping the router. It has an option to respond to internet ping requests which is off, but I have not tested pinging the netgear with that option on.

I'm basically entirely confused at this point. I want the server basically to filter traffic and scan for viruses etc. It's a powerful rig so there shouldn't be any problems overloading it.

Hopefully your help will be enough.
Cheers.

EDIT: Last post contains fix info.

[AboveTheLogic]

So basically your server machine is acting as the router, since it connects to the modem. The netgear is an access point and switch.

First - have you made sure you turned off DHCP on the netgear, and are NOT using the "Internet" port at all?

Do you have RRAS (Routing and Remote Access) installed on the server? You didn't mention it and your server will not route network traffic to the internet without it.

[korsen]

Yes I installed RRAS, sorry forgot to mention it. The netgear HAD DHCP turned on - I don't understand how my server can provide IP's through the netgear but you guys are the pro's, so it's off now. (I know it's possible I just can't connect the dots in my head)

I also read in another thread the server should connect to a regular 1-4 port on the router, it WAS in the internet port. So as of this moment, the OP still stands plus the changes suggested in your post.

Thanks for the help.

[korsen]

They werent before, but they are now. Btw, this might be what's supposed to happen but when the router is connected to my server I can't acess it's config page without removing the server connection.

So as it stands, everything is still as stated in the OP plus your suggestions.

Thanks for the help

[korsen]

No edit? Sorry, wanted to make sure we're still clear that my network is still in bad shape

[korsen]

Also, only because I can't find an answer for this anywhere, under DHCP - IPv4 and my Scope has a white ! inside a blue circle and I don't know what it's for.

[korsen]

scratch that. found out i had a DNS server IP on my NIC->Netgear that can only be reached by my NIC->Modem connection. After I removed those servers it went back to a green check mark.

And if anyone could direct me to the nearest edit button i'm sure we would both appreciate it

[AboveTheLogic]

I see an edit button, I'm not sure why you can't see it- we have some relatively stringent rules new members of the forum - maybe wimiadmin will chime in and help.

OK, so by default your netgear wants to assign IPs to the machines on the LAN (numbered ports). The Internet port is on a separate network, and can't see the machines on the LAN. Also - when your netgear is handling DHCP, it sets itself as the default gateway, when in this case you want your server as the gateway. So, for this reason, you need to turn DHCP off.

Turning DHCP off on a router like that basically turns it into a switch (and a wireless access point if it has a wireless radio). In this case, its best to leave the Internet port unused. DDWRT lets you assign the Internet port to the LAN so you have a 5-port switch, by the way.

Can you post up your DHCP range (on the server of course) and the IPs you are using for the server and the router? Also, please include subnet masks.

[korsen]

Ok, firstly, the only options I can find/see are the tools up at the top of the page and on each post Quote, Multi-Quote, and Quick reply. I'd like to think i'm not blind, but stuff happens.

Secondly:

DHCP Range: -192.168.1.101-104(Server)
Nic->Modem -- 69.120.168.119 IP
------------ 255.255.240.0 Mask
------------- 69.120.160.1 Gateway
DNS of ----- 167.206.251.130-129(All set to obtain auto until I can establish DDNS)

Nic->Router - 192.168.1.100 IP
------------- 255.255.255.0 Mask
------------- 192.168.1.1 Gateway
(No clue what to set for gateway here)

Router - 192.168.1.101 IP
-------- 255.255.255.0 Mask
(Pretty sure I didn't set a gateway for it, otherwise it should be using 192.168.1.100)
DNS server is 192.168.1.100

After hooking all this together, the router refuses to allow me access to it's config page from any connection - either via the server or the laptop connected to it.

Me and my cousin (who is taking networking classes) went through a few things adding a static route on the laptop of 0.0.0.0 Mask 0.0.0.0 192.168.1.100 and on the server of 0.0.0.0 Mask 0.0.0.0 69.120.168.119. So far, from the laptop (Laptop->Netgear->Server->Modem) I can ping both server NICs, pinging google resolves it's IP but times out, and trace routes fail after hitting NIC->Netgear(192.168.1.100) DHCP is providing IP's to everything accessing the router including the router.

Cheers.

[AboveTheLogic]

So, the first NIC of the server (that's plugged into the modem) is receiving the IP of 69.120.169.119. I can see that is the IP you posted from. It's mask and gateway are assigned from your ISP, that's all good.

The NIC that goes to the router is 192.168.1.100- which is outside of your DHCP range of 192.168.1.101-104 - this is good. The gateway of this NIC should be left BLANK. You should only assign one gateway on a machine. The gateway is the path to the Internet. 192.168.1.1 is obviously not the path to the Internet for you.

The router's IP is within the DHCP range, so I'm going to guess that its set to obtain an IP automatically. The router likely does not have a default gateway on the LAN settings, because its designed to use its WAN port with its gateway (which is what you're doing with the server's two NICs). This is all fine and normal - your router doesn't really need to get to the Internet anyways, its just a access point and a switch with your scenario.

From the server, you should be able to get to the router's config page here: http://192.168.1.101

Static routes are not really the answer. First, verify that the machines on the LAN are able to ping the server at 192.168.1.100. Secondly, make sure that the machines on the LAN are assigned an IP within your server's DHCP range and have the default gateway of 192.168.1.100. After this is done, RRAS needs to be configured to route traffic between the LAN and the Internet. I don't remember off hand what the settings are but I expect that you will reply with how far you get

Also -

Edit button:

[wimiadmin]

korsen....I moved you to a different group. You should have the edit button now.

We keep it locked down for newbs to prevent spam....thanks for understanding.

[korsen]

Welt, we have new information. I've always been able to ping the 192.168.1.100 however - the router no longer obtains an address after I restarted everything and did NOT use the router's internet port. When I did in the past, that's when I believe it obtained the automatic address from the "ISP" - as of my experimenting, the router never obtains an address, only devices that are communicating via the router through the server's DHCP. The router behaving as a switch like you said.

EDIT: Statement Erased

Moving on! I can access my wireless printer OK from the server, and from the laptop->Netgear I can ping my Nic->Modem IP fine. So things are going well for the moment and I was messing around with things - checking the properties under RRAS->IPv4->General->(Nic->Netgear) I can set inbound and outbound filters as well as the same for the Nic->Modem interface, but i'm forced to set the destination mask to 255.255.255.255 or it won't let me apply. When I set it to forward any source (i.e. the LAN) to my NIC->Modem the laptop no longer resolves ping google.com, but when it's back to the way it was, it will resolve the IP address of google but not reach it (obviously).

I'm thinking the inbound/outbound filters are my answer, but google isn't helping me locate it. Messing around with the numbers aren't working either (So close! >.<)

EDIT: No prob wimi I'm sure it was more of a hassle to your readers than it was to me
EDIT2: After thinking about it a bit, setting filters for the interfaces doesn't necessarily define traffic to be SENT, rather than filter whatever point a-b tries to get through it... i'm not sure how the filters work at all, but with my luck it's probably what i'm now thinking... *cry*

[AboveTheLogic]

OK I think I know what happened.

The router was grabbing an IP from the WAN port- this is normal. I thought it was a little abnormal to have the LAN port grab an IP through DHCP but didn't think anything of it.

Assign the LAN IP of your router something outside of the DHCP range...maybe even 192.168.1.101 and adjust your range accordingly.

As for the RRAS settings, I'm trying to remember what it is you need to do, I don't have a machine accessible to me with a similar setup to look--- but there should be something in there that shows the interfaces associated within a routing group, and I want to say that loopback and your external NIC will be in it and you'll have to add the internal NIC to that group to get it to start routing.

I'll go as far as saying that if you install teamviewer and PM me I'll take a look at it for you. If you are on google talk or AIM, even better...

[korsen]

my aim is megadavex4 (dont ask lol)

i've got the comp on and the aim on if i don't respond i'm not too far away. For a response to your statements, under RRAS we have:

Network Interfaces (Loopback, Nic1, Nic2, Internal)
Remote Access Logging and Policies (Just policy manager)
IPv4:
General (Loopback, Nic1, Nic2, Internal)
Static Routes (Empty)
IPv6:
(Same deal as IPv4, but I don't need IPv6)

Under network interfaces, I am only capable of adding new interfaces, of which there are none.
Under IPv4->General: I can add multicast scopes, add a new routing protocol, and set inbound/outbound filters for each interface.

Once i see you on aim you can get all the screenshots you want!
EDIT: Btw, I don't think i have to do anything to the router at this point. I can ping my external nic from behind the internal nic and the router - so somehow everything is working just fine, including address translation - my junk just isn't going out to the internet and coming back.

---------------------------------------------------------------------------------------------------------------------------

ISSUE RESOLVED
A MASSIVE THANK YOU TO ABOVETHELOGIC!!!!!
YOU FIXED IT IN 5 MINUTES FLAT WITHOUT WORKING KNOWLEDGE OF SERVER 2008 (R2) <3

Ok, so what ended up needing to happen, is that all the above posts were fine. I got to the point where I could ping BOTH of my server NICs from my LAN pc's but nothing was getting to the internet. Despite this, DNS was still resolving the IP address of ping requests but again would not hit the internet.

My first issue, was that I had to set my LAN pc to static because it refused to take the correct gateway automatically. Abovethelogic advised to add under DHCP->IPv4->Scope->Scope Options, right clicking and adding a new option, selecting 003 Router, and applying the Nic->Netgear address (192.168.1.100) and set the LAN pc back to automatic. It got the correct gateway.

The most important issue was getting the server to route the LAN to the Internet. This was done by going to RRAS->IPv4->Right click on General and add new routing interface -> NAT.
After this, I went into the NAT subcategory and right clicked to add all my interfaces.

THAT WAS IT! MY WHOLE PROBLEM FIXED IN 5 MINUTES! AND I KNOW HOW TO USE GOOGLE!!!!!!!!!!!!
MORE PRAISE FOR ABOVETHELOGIC!!

EDIT: He finally suggested nuking the server by enabling remote desktop and making sure that you CAN'T get to the remote desktop connection from the outside unless you open that up in the public port settings

[AboveTheLogic]

Oh, I have working knowledge of 2008, just not RRAS with NAT on server 2008- but I did do it on server 2003 . I have a few RRAS machines on my corporate network but they are just VPN.

It all makes sense now after a few minutes of troubleshooting with screenshots. I knew something simple was missing and all signs point to NAT.

DNS was working only because you enabled DNS on your server, so the server was answering DNS requests to your LAN, but not routing traffic to the internet - which is why you had the unique issue of trying to ping google.com - it finds the IP - but the ping doesn't reply.

Glad you have it going. It's a fun setup to have.

Next step is to play around with logging into your home VPN from the outside, you already have everything setup and just need to enable it.

[korsen]

Not pretending to have all the knowledge, but i told you it was basically the same from 2003 :P

Just a shiny new GUI. But man, to anyone reading this who might be interested in doing the same: GET AT LEAST 8GB OF RAM!!!! 4GB DOES NOT CUT IT FOR SUPER WORKSTATION SERVER!