[ previous ] [ next ] [ threads ]
 From:  "Mike Razavi" <mike at havepc dot com>
 To:  "James W. McKeand" <james at mckeand dot biz>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] can't access to a domain name which is hosted in my LAN
 Date:  Thu, 13 Jan 2005 11:22:34 -0800
Thank you James for all these details. 


From: James W. McKeand [mailto:james at mckeand dot biz]
Sent: Thu 1/13/2005 11:07 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] can't access to a domain name which is hosted in my LAN

Mike Razavi wrote:
> SBS 2003 is required to have 2 NICs installed at the installation
> since part of this package is ISA but I never installed it.
> I am not doing anything with the 2 NICs. 

SBS does not require two NICs. When you run the "Connect to the
Internet" on the ToDoList, you are prompted for the type of Internet
connection; Broadband, Dialup (icky), and "do not change". If you
select Broadband one of the choices is "Local Router with IP Address"
you can view a network diagram. I think the lower diagram is what you
are describing - Router Connection with 1 Network Card. The next
screen there is a checkbox that reads "My server uses one network
connection for both internet access and the local network". You are
warned that the firewall that comes with SBS (ISA on "Premium" - NAT
on "Standard") cannot be configured with one network connection and
that not using a firewall is a bad idea. You are also asked if you
want to see configuration setting for existing firewall. This will
give you a nice list of ports that need to be opened for various
services to work properly. The wizard will continue with configuring
the web and email services. I love the simplicity of SBS and its use
of wizards...

I am also running SBS 2003, my server has two onboard NICs. The second
NIC is disabled (not even a cable plugged in). My server's first NIC,
my workstations, and the LAN interface of my m0n0wall are on a switch
(like the second diagram). I have the SBS's DHCP give out my
m0n0wall's LAN IP as gateway/router and itself as the DNS. The DNS on
the SBS is configured to use the m0n0wall's LAN IP as a forwarder - I
would use the ISP's DNSs but they may change as my internet connection
is dynamic. This does can cause a short delay in resolving Internet
names (Client asks SBS, SBS asks m0n0, m0n0 asks Comcast...), but this
is temporary until I move to a static IP.

I am not hosting my web page or email here. I use a .local domain for
my AD. If I was hosting my web page here, I would add <insert
domain>.com to the Forward Lookup Zones. I would add a host records (A
records) to the zone using the internal IPs as needed. Client machines
resolve domain.com hosts to internal IPs. Thus, I would have a
domain.local (and _msdcs.domain.local) zone for the AD domain and a
domain.com zone to resolve www.domain.com to an internal IP.

James W. McKeand

p.s. I have been working with SBS since 1997...

To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch