Page 1 of 3 123 LastLast
Results 1 to 10 of 25
  1. #1
    Untangler
    Join Date
    Apr 2010
    Posts
    50

    Default Setting up SBS 2011 in a secondary internal or DMZ

    I want to setup a Small Business Server 2011 in a second internal network but still have port forwards work.

    The reason for this is that the SBS likes to be DHCP, DNS, etc for its section of the network. I don't want to have to modify my 6 other servers to make them work with the SBS or modify my already working network to make it all talk.

    What I would like is:

    Internal 1: contains all current computers and servers
    External: WAN
    Internal 2/DMZ: Contains the SBS

    Internal 1 and 2 can talk to each other without the SBS dhcp requests passing between.

    Both of the internals can access the WAN. The WAN has 1 IP (static).

    Any help is appreciated on this.

    -Arch

  2. #2
    Master Untangler
    Join Date
    Jul 2010
    Location
    Austria
    Posts
    185

    Default

    SBS2011 has to be DC (Master) anyway. So DHCP and DNS is your smallest prob.

    MIB

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,958

    Default

    Quote Originally Posted by M.I.B. View Post
    SBS2011 has to be DC (Master) anyway. So DHCP and DNS is your smallest prob.

    MIB
    The OP certainly has a pile of work cut out for him. So I'm not going to attempt to make this easy with a quick explanation. Because to be fair, there is no such thing in this case.

    However, I did want to point out, that while it isn't legal, disabling SBS's license controls is rather trivial if you know where to look.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Master Untangler
    Join Date
    Aug 2011
    Location
    Buckhannon, WV
    Posts
    121

    Default

    A network map and better description of what you are hoping to accomplish might yield better results.

    Most people often think SBS is more restricted than it is. You can have as many member servers as you want and even more than one domain controller on an SBS domain. SBS must hold all 5 FSMO roles and as such must be the only SBS server on the domain or it goes crazy but you can have as many servers/DCs as you want.

    But honestly based upon your initial post you shouldn't have any issues if you truly want two separate internal LANs and know the implications of this. You just need to make sure that you have different subnets on each LAN and port forwarding should be straightforward. It seems like you might be trying to use Untangle as an internal router to route traffic between LAN 1 and LAN 2, this is certainly possible. If you are passing large amounts of traffic between the two you will most likely want to bypass the traffic (may not be a bad idea even for smaller amounts of traffic).

  5. #5
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,546

    Default

    Are your other 6 servers running on an existing active directory? In which case...you'll have some difficulties.

    Or are they just running in workgroup mode? In which case, things are easy.

  6. #6
    Untangler aboyce's Avatar
    Join Date
    Oct 2010
    Posts
    85

    Default

    Nobody is answering your question!! It makes me mad as in this forum everyone is so quick to tell you why you should not do a thing! but it is hard to get an answer to the actual question.
    I have to asume you know why you want to do your crazy configuration so I would say it looks like you only need to Route between the LAN and the DMZ without any Firewall and Filtering etc from UT blocking traffic.

    I would love to know how to do this as well.. So here's hoping for an answer from a smart Networking UT Genius.

    PS did that come across a bit Jerky ?
    Last edited by aboyce; 09-06-2011 at 06:27 PM.
    "The best computer is a man, and it's the only one that can be mass-produced by unskilled labor."

    -- Wernher Magnus Maximilian von Braun

  7. #7
    Master Untangler
    Join Date
    Aug 2011
    Location
    Buckhannon, WV
    Posts
    121

    Default

    I don't disagree with you aboyce. I have many crazy configs myself and I'm interested to know what he might be trying to accomplish here.

    He can accomplish what he wants by using Untangle in router mode. Obviously will need both LANs to be on separate subnets. Will most likely want to bypass traffic between LAN and DMZ. Port forwarding should work as expected. You don't have to worry about DHCP traversal between the two LANs since DHCP isn't routed unless there is a DHCP relay.
    Last edited by drsminkus; 09-06-2011 at 07:11 PM.

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,958

    Default

    Quote Originally Posted by aboyce View Post
    Nobody is answering your question!! It makes me mad as in this forum everyone is so quick to tell you why you should not do a thing! but it is hard to get an answer to the actual question.
    I have to asume you know why you want to do your crazy configuration so I would say it looks like you only need to Route between the LAN and the DMZ without any Firewall and Filtering etc from UT blocking traffic.

    I would love to know how to do this as well.. So here's hoping for an answer from a smart Networking UT Genius.

    PS did that come across a bit Jerky ?
    All that is required to have two LAN segments, and a WAN segment is to have three interfaces. The two LAN segments configured static, with appropriate IP addresses for the scopes in question, an appropriate NAT policy on each interface to get online. And, a few potential packet filter kicks to enable specific services.

    All of which have been answered on these forums hundreds of times, and a bit less time flaming, and a bit more time googling would answer your questions immediately.

    SBS has some massive limitations when placed into this configuration. My original post was meant to star the process of dealing with that, which is a far larger issue than IP level connectivity. I'm trying to save the OP some headache, get the homework done first and ask a more specific question for further details.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Untangler
    Join Date
    Apr 2010
    Posts
    50

    Default

    Thanks for the responses guys.

    I am using Untangle in router mode.

    Okay, looks like I'm going to have the following for my network setup:

    LAN1(existing) : 172.16.0.1/24 (Contains all other servers and desktops)

    LAN2(new) : 172.16.1.1/24 (Contains the SBS only)

    I'm going to NAT them both to the WAN. I think the NAT is just:
    0.0.0.0 / 0 Source address: auto


    I want the SBS to handle DHCP on LAN2 instead of untangle.

    I assume that the firewall will cover both LANs since the firewall covers all traffic that traverses the WAN. Looking for confirmation of this.

    From what I am reading about the needed packet filters I will have to setup a packet filter for each service on the SBS in LAN2 that I want to be able to access from LAN1. Confirmation on this?

    For port forwarding to allow external access, I should only need to point the forwards to the IP of the SBS in LAN2.

    So far do I have this on the right track?


    Thanks
    -Arch

  10. #10
    Untangler
    Join Date
    Apr 2010
    Posts
    50

    Default

    Thanks for the responses.

    I think I have figured out a solution.

    First some more information.

    I am using untanlge in router mode.

    The only things I plan on using via the SBS are:

    Exchange (135)
    Internal Webite/portal (80/443)
    PPTP VPN
    shared folders
    RDP

    Proposed Network Config:

    LAN1: 172.16.0.1/24
    LAN2: 172.16.1.1/24
    WAN: xxx.xxx.xxx.xxx


    LAN1 is the existing LAN.

    LAN2 will house the SBS server.

    All services I listed above will be accessible from LAN1 and External

    I'm going to use NAT 0.0.0.0/0 any on LAN 2 for external traffic. This is taken from the LAN1 config.

    For cross network traffic I am assuming that I will have to add bypasses for each of the services that I want to traverse the LANs.

    I want the SBS to be the DHCP in LAN2 and not untangle.



    What I am looking for here is confirmation that I am on the right track for deploying this properly.

    Thanks,

    -Arch

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2