[ previous ] [ next ] [ threads ]
 
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Looking for configuration advice with SBS 2003
 Date:  Tue, 7 Feb 2006 16:14:35 -0600
Mark Griswold wrote:
> I'm running a Windows Small Business Server 2003 setup and am looking
> to add monowall, particularly for it's traffic shaping capabilities.
> 
> Current configurations is:
> 
> ADSL 384/128 line with single static IP (PPPoE)
> Linksys router (192.168.1.1) with ports forwarded to SBS server
> SBS server with 2 NICs (192.168.1.2 on WAN side, 10.0.0.1 on LAN side)
> 
> We host our own email and allow VPN and OWA access to Exchange, so we
> have a few ports
> forwarded on the Linksys router to the server, but otherwise
> everything is blocked (Our website is hosted externally)

<SNIP>

> OTOH, replacing the Linksys box with the mono box seems cleaner and
> maybe (?) offers me some additional
> capabilities.
> 
> Has anybody out there done a similar install?  Any recommendations?

Ditch the Linksys box - unless it is providing wireless...

I'm making the assumption that you are working with SBS 2003 Standard -
not Premium (i.e. you don't have ISA (Internet Security and
Acceleration)) You have been "double-NATing" very icky in my book. You
only need one NIC. Make the LAN interface of the m0n0wall something like
10.0.0.254 and have your SBS's DHCP give that IP as the gateway. You can
re-run the Internet Connection Wizard and configure for an external
router device (your m0n0). You can also use the m0n0wall as a forwarder
for your DNS (or use the ISP's)

I forward HTTP, HTTPS, and SMTP to my SBS from my m0n0wall (Inbound
NAT).

For VPN, you have two choices. You can redirect inbound PPTP connections
to your SBS or you can use the m0n0's PPTP server and use the IAS
(Internet Authentication Service) per this article:
http://www.michael-i.com/files/projects/m0n0ad/ 

This method will allow your SBS to only handle the authentication -
might be a small off-load. Let your firewall be a firewall and your
server be a server...

_________________________________
James W. McKeand