I am trying to configure a server to run a small network (10-15 computers). The server is running Windows Server 2003 Standard, and it will be hosting mail (POP3/SMTP), Routing & Remote Access, FTP, HTTP, and DNS for our domain. I am using the built-in Windows services for all of these. The physical configuration of the server is: ETH0 (Internet) IP - Public (DHCP) Set to autoconfigure, except DNS - 127.0.0.1 ETH1 (Intranet) IP - 192.168.0.1 SNM - 255.255.255.0 GTW - blank DNS - blank I have registered ns1.mydomain and ns2.mydomain, both of which point to the public IP address of this machine (ETH0). The DNS server has a forward lookup zone (mydomain) with the following entries: (A) NS - ETH0's IP (A) mydomain - ETH0's IP Some other misc. CNAME records that I am using to test. They all point to (A) mydomain or external domains. The DNS server is set to forward queries re: all other domains to my ISPs DNS servers. The DNS server passes both self-tests in the Monitoring tab of DNSMGMT. dnsstuff.com is able to read all records on the nameserver. Machines connected to ETH1 are configured with static IPs, and gateways and DNS servers are set to 192.168.0.1. These machines can connect to the internet without problems. My problem is trying to connect to the server itself from these machines. From an internal machine, ftp://mydomain will connect and then immediately disconnect announcing code 426. However, ftp://192.168.0.1 works fine. From the internet, ftp://mydomain works fine also. I did notice that when I try to connect from an internal machine via ftp://mydomain, Mozilla gives me a popup announcing the 426 error. However, on the server side, the monitor indicates that the connection stays live until I click the 'OK' button. I did try several FTP clients on the internal machines, none of which work. nslookup on the internal machines shows that they are resolving mydomain as ETH0's IP address. All of the services on the server are set to listen on both interfaces. I'm not an expert here by any standard and I've kind of fumbled through this; any help would be great. Thanks!

Don't you want ETH1 to resolve your internal names since that is your intranet? My first thought is you have the NIC card IP addresses reversed. I'm curious, since your ETH1 has an IP address of 192.168.0.1 that tells me you are using a cable modem for Internet access. If that's the case, you want that to be the default gateway on your internal side. Also, since you have no Default Gateway or DNS server specified locally on ETH1 that's your major problem. Another issue I see unrelated to this, is running all those services from one box. I'ld separate the services to other machines if possible for security purposes since you are trying to host on the public Internet. Mark Stevens B.S. Information Security Systems

I don't understand your first question (sorry). I tried setting the DNs server on ETH1 to 127.0.0.1 and 192.168.0.1 and the public IP, none of which worked. I tried setting the gateway to those same IPs, and the computers on the intranet lost internet access in each configuration. I thought maybe the computers behind the server were being routed to it strangely, but I did a tracert to mydomain and they are going straight to the machine. I was playing around with some of the monitoring tools and noticed something strange under 'TCP Connections' (in Routing & Remote Management): If I connect to the FTP server via ftp://192.168.0.1, these entries appear: (format is Local Address, Local Port, Remote Address, Remote Port, State) 192.168.0.1, 21, 192.168.0.2, 4833 EST 192.168.0.1, 3102, 192.168.0.2, 4835 EST 192.168.0.1, 3104, 192.168.0.2, 4838 EST 192.168.0.1, 3106, 192.168.0.2, 4840 EST 192.168.0.1, 3108, 192.168.0.2, 4842 EST 192.168.0.1, 3110, 192.168.0.2, 4844 However, when I try to connect to ftp://mydomain the following appear: 192.168.0.1, 3111, 192.168.0.2, 139 127.0.0.1, 3013, 192.168.0.2, 4848 EST ETH0's IP, 139, 0.0.0.0, 12322 LISTEN ETH0's IP, 3115, 192.168.0.2, 4850 TIME_WAIT ETH0's IP, 3113, ETH0's IP, 21 EST ETH0's IP, 21, ETH0's IP, 3113 EST From the bottom two it seems that it's pretty confused. Any ideas? Is it possible to configure Windows DNS Server to tell queries from the Internet the public IP and queries from the Intranet the LAN IP? Thanks Taylor

First of all the IP address 127.0.0.1 is a loopback address and can NOT be used. Second, you need to configure your public internet router as the Default Gateway for you internal network to see the Internet. So your DNS server should use this address as its default gateway so any requests outside of it's own NS servers will forward to the Gateway for address resolution. "Is it possible to configure Windows DNS Server to tell queries from the Internet the public IP and queries from the Intranet the LAN IP?" First off,, you need to register your domain with a registar and have a static IP address form you ISP. The registar will propogate the IP address to all the name servers on the internet so the public knows when they type in www.mydomain.com it send out a NS resolution to the Name Servers and send back the IP address from your ISP provider that points to your Router/cable/dsl modem. Are you following me so far? Internally, you need to have your DNS server set as a static IP address and set up host records that point to the IP addresses of the various machines for operating your FTP/MAIL/WEb.. etc,, servers. Now those servers must also have static IP addresses reserved in your DHCP server. Are you lost yet? How is your network setup physically? If you have 10-15 computers are you on a Fiber/T1 line? When that line comes in what are you connecting it to? A Cisco router? Or are you just talking about a cable/dsl modem trying to set up the services you need? Mark Stevens B.S. Information Security Systems

Ok,, had to reread some of your stuff, this part tells me you DO have some internal name resolution problems: "From an internal machine, ftp://mydomain will connect and then immediately disconnect announcing code 426. However, ftp://192.168.0.1 works fine." So that tells me your internal Name Server(DNS) isn't resolving the ftp://mydomain, but it resolves the address. I'ld check that record first. Did you create reverse lookup zones too? I assume so or you probably wouldn't be this far. Mark Stevens B.S. Information Security Systems