Windows 2000 Server as a router

January 12, 2009 at 23:12:55
Specs: Windows 2K Server, 512K
HELP!
I am very much a novice with servers/networking, but I do know a little – here’s my story:
We have a Win 2K server set up as a domain controller running AD. We have approx 15 clients, mostly running Windows XP Pro with a few running Windows 2K Pro. Server does routing, Linksys set up as a firewall.

Our setup WAS as follows:
Win 2K server
Comcast Business IP gateway -> Linksys wired router - > WAN NIC
LAN NIC -> Switch (all clients feed off of switch)

Our Linksys wired router died, so I tried to replace it with a Linksys wireless router. When I made the swap, however, I could establish an interconnection between all client computers and between all clients and the server (ie, I could see and access shared files/resources), but no internet access on any clients (could not resolve web addresses).

Prior to Linksys wired router going bad:

Server WAN NIC TCP/IP settings were set up as follows:
IP Address: 192.168.1.3
Subnet mask: 255.255.255.0
Default gateway: 192.168.1.1
Primary DNS: 10.1.10.1
Secondary DNS: Blank

Server LAN NIC TCP/IP settings were set up as follows:
IP Address: 10.0.0.1
Subnet mask: 255.0.0.0
Default gateway: Blank
Primary DNS: 192.168.1.3
Secondary DNS: Blank

All client TCP/IP settings were set up as follows:
IP Address: 10.0.0.xxx (ie, 102, 103, etc.)
Subnet mask: 255.255.255.0
Default gateway: 10.0.0.1
Primary DNS: 10.0.0.1
Secondary DNS: Blank

Mind you, everything worked like a charm before the wired Linksys died, so I can only guess that I’m missing a setting on the router, but I could be dead wrong.

Can someone please help me? It’s driving me insane and I cannot figure it out. I inherited this computer system, so I’m just trying to keep it running.

Or, does someone have a better way to hook this system up?

Thank you in advance.


See More: Windows 2000 Server as a router

Report •


#1
January 13, 2009 at 01:27:26
The better way is forget about the second NIC. For 15 machines, one subnet is enough. Everyone can still have internet and share files.

Report •

#2
January 13, 2009 at 07:14:47
That doesn't address the question.

Perhaps this is a typo mmccormick83

Server LAN NIC TCP/IP settings were set up as follows:
IP Address: 10.0.0.1
Subnet mask: 255.0.0.0

subnet mask should be 255.255.255.0 to match your lan subnet

All client TCP/IP settings were set up as follows:
IP Address: 10.0.0.xxx (ie, 102, 103, etc.)
Subnet mask: 255.255.255.0

first test though is if you can ping from the server to the new gateway and then yahoo.com/



Report •

#3
January 13, 2009 at 07:57:56
Your present setup is not efficient.

If it were me, I would get rid of the dual NIC's in the 2000 Server and plug the switch directly into the router. It should look as follows:

Internet >> SOHO Router >> Switch >> Clients (and DC of course!)

This way all traffic isn't being routed through your DC. Doing it the way you are presently just adds more of a load to your DC (ie: makes more work for it to do since all TCP/IP traffic has to flow through the server) and add's to the complexity of your setup (which is why you are now having the problem you are having).

To do this correctly, you would forward the DNS on your DC to your ISP's DNS servers and all clients would point to your DC as their DNS address. This way requests inside the local zone are handled by your DC and requests outside the local zone are forwarded to your external DNS address by the DNS server itself.

Once you have it setup correctly, then you have no need for two separate subnets and to route between them. Once you have DHCP setup properly, all clients will have proper LAN and WAN access. Assuming you stay with the same Class A private IP addressing scheme internally, your DHCP setup should look as follows inside the router:

Scope: 10.0.0.100 to 10.0.0.199
Subnet Mask: 255.255.255.0
DNS: IP of DC (10.0.0.1)
Default Gateway: IP of router (LAN side) say, 10.0.0.250 or whatever you decide to assign to it.


Report •

Related Solutions

#4
January 13, 2009 at 09:00:49
pointless

Report •

#5
January 13, 2009 at 09:00:59
Thank you for your help, guys. I got everything working, here's what I did:

Comcast into Linksys router, router into switch, all clients feed off of switch.

Linksys router setup for Automatic config - DHCP

Server LAN NIC plugged directly into router port 1, assigned LAN NIC TCP/IP settings as follows:

IP: 192.168.1.100
Subnet: 255.255.255.0
Default gateway: 192.168.1.1
DNS Address: 10.1.10.1

All clients now have assigned TCP/IP settings as follows:

IP: 192.168.1.xxx (102, 103, etc.)
Subnet: 255.255.255.0
Default gateway: 192.168.1.1
DNS Address = Server's IP Address (192.168.1.100)

I also changed the DNS forwarding as Curt R suggested and everything seems to be working now.

All we really do is file/printer sharing, Quickbooks, and internet/email.

Do you guys suggest I check anything else? Did I still miss something?

Thanks for your help?


Report •

#6
January 13, 2009 at 13:32:25
I would put the workgroup on a stand alone lan. Get a few junky old computers with a hardened linux to let people surf the web.

Keep you business lan off the internet. Too much data to risk infection.

Second best would be to get a hardware or software firewall that has advanced features.


The AD on the lan would also help policy. If anyone has access to the switch you have no control.

"Best Practices", Event viewer, host file, perfmon, antivirus, anti-spyware, Live CD's, backups, are in my top 10


Report •

#7
January 13, 2009 at 15:20:35
All we really do is file/printer sharing, Quickbooks, and internet/email.

Do you guys suggest I check anything else? Did I still miss something?

From what I can see, you have everything setup correctly except for the DNS address on the server itself:

IP: 192.168.1.100
Subnet: 255.255.255.0
Default gateway: 192.168.1.1
DNS Address: 10.1.10.1

I'm hoping that's a typo. DNS should read 192.168.1.100

Since you have everything behind your Linksys router, it's all behind a firewall and is reasonably safe. I stress 'reasonably' because there are no absolute guarantee's and one can always count on users not being too bright and causing problems through lack of knowledge and training. At least, you are protected against intrusion from outside.

If you'd like to test your firewall, I recommend going to Shield's UP (by GRC) and run that to see how much protection your firewall is providing.


Report •


Ask Question