pulsemultimedia Posted February 19, 2010 Posted February 19, 2010 ** NEWBIE ALERT ** this post may be in the wrong place - mods/admins feel free to move it and please accept my grovelling apology :) Hi all I've installed WS2K8 in my business network of several WIN7 machines, one WIN7 laptop and one MacBook Pro. Looking for guidance on a few points. What I initially want to do is this : WS2K8 to handle the internet connection and share it with the clients Clients to have a "drive" on the server where all documents are stored Laptop to be able to "tunnel" in These requirements will no doubt evolve as the server gets up and running and my ambition outstrips my ability! :) The server has two ethernet cards installed one for the switch which the clients are plugged into (8 port) and one for the router (4 port with wireless) which goes to my internet connection. At the moment the server has an internet connection but clients can only get online to the outside world if they plug in directly to the router. Can anyone please offer me assistance in configuring the server and clients to acheive these aims. I'm struggling with the concept of IP addresses and subnet masks in particular. I'm not even 100% sure I've installed all the correct roles/features for the job either. Thanks in advance for your assistance, which will be gratefully received. When we're done and if I win the lottery, I'll take each and every one of you out for a beer/soft drink/whatever's your poison! Billy Pulse Multimedia Quote
mmthomas Posted February 19, 2010 Posted February 19, 2010 Have you set up a domain with your server or are all the machines only in a workgroup? Here are some instructions for setting up shared folders. If you're in a workgroup, each user will need to have a local account on the server as well as on their own machine. If you are in a domain, then they'll be using the same username and password to log onto their machine as to access shares on the server and the server share access would be pretty transparent to them. What kind of router do you have? Is it a simple router provided by your ISP or does it have firewalling and port forwarding features that you can configure? If that router is giving your server a private IP address rather than a public IP address, then you won't be to do VPNs unless it can also handle port forwarding. You will be wanting to configure Routing and Remote Access in order to enable the server to receive VPN requests from your external laptops, but I wouldn't start messing with it until you know how everything is going to be setup. There is a wizard for the first time you setup RRAS and it's easier if you do everything at once. Quote
pulsemultimedia Posted February 19, 2010 Author Posted February 19, 2010 Have you set up a domain with your server or are all the machines only in a workgroup? Here are some instructions for setting up shared folders. If you're in a workgroup, each user will need to have a local account on the server as well as on their own machine. If you are in a domain, then they'll be using the same username and password to log onto their machine as to access shares on the server and the server share access would be pretty transparent to them. What kind of router do you have? Is it a simple router provided by your ISP or does it have firewalling and port forwarding features that you can configure? If that router is giving your server a private IP address rather than a public IP address, then you won't be to do VPNs unless it can also handle port forwarding. You will be wanting to configure Routing and Remote Access in order to enable the server to receive VPN requests from your external laptops, but I wouldn't start messing with it until you know how everything is going to be setup. There is a wizard for the first time you setup RRAS and it's easier if you do everything at once. Hi Matt Thanks for the response :) and the link, which will make an interesting read when I get back to the office on Monday. The server is set up as a domain controller and two test Win7 workstations can log in to the domain, although they can't see the internet connection the server has. An IP configuration problem ... ? The router is a Belkin and seems highly configurable. It can handle port forwarding, can be a DHCP server and has a built in firewall and a host of other features and configuration options. Is there an idiots guide to IP address configuration that doesn't assume I'm a mathematician? Quote
mmthomas Posted February 22, 2010 Posted February 22, 2010 What you are asking to set up is an Internet Connection Sharing host on the server or as a NAT host. The network diagram looks like this: Do you have a reason that you want to do it that way and not this way: Unless you are going to run software on the software to do something with everyone's network traffic, I think the second is a simpler way to set up your network and takes some processing load off of the server. To do the second, you need to: 1) Set up your server to run DHCP. Point all machines to the Belkin router/firewall as the gateway address. 2) Have DHCP give the Belkin router/firewall IP address as the gateway address. 3) Have DHCP give out the server address for DNS. That should accomplish giving all machines access to the Internet and the server. To enable VPN connections from external: 1) Setup RAS VPN on the server (note those are short pages with a NEXT button before the comments) 2) On the Belkin router, forward TCP Port 1723, IP Protocol 47 (GRE) (Note: 47 is a protocol number and not TCP port. The protocol name is GRE.) to the server's IP address. If you do want to run everything through the server, then you have to set up NAT on the server. If your server is a VPN server, you cannot set it up as an ICS server. NAT will accomplish the same thing. You will still need to setup DHCP as above, except that the gateway should be the server's IP address rather than the router's IP address. (Note that the link assumes that you are setting up without the router between you and the internet. Where it says to put in the address from your ISP [step 4], you would actually put in the address you are getting from your router). Hope that helps. Quote
pulsemultimedia Posted February 22, 2010 Author Posted February 22, 2010 What you are asking to set up is an Internet Connection Sharing host on the server or as a NAT host. The network diagram looks like this: Do you have a reason that you want to do it that way and not this way: Unless you are going to run software on the software to do something with everyone's network traffic, I think the second is a simpler way to set up your network and takes some processing load off of the server. To do the second, you need to: 1) Set up your server to run DHCP. Point all machines to the Belkin router/firewall as the gateway address. 2) Have DHCP give the Belkin router/firewall IP address as the gateway address. 3) Have DHCP give out the server address for DNS. That should accomplish giving all machines access to the Internet and the server. To enable VPN connections from external: 1) Setup RAS VPN on the server (note those are short pages with a NEXT button before the comments) 2) On the Belkin router, forward TCP Port 1723, IP Protocol 47 (GRE) (Note: 47 is a protocol number and not TCP port. The protocol name is GRE.) to the server's IP address. If you do want to run everything through the server, then you have to set up NAT on the server. If your server is a VPN server, you cannot set it up as an ICS server. NAT will accomplish the same thing. You will still need to setup DHCP as above, except that the gateway should be the server's IP address rather than the router's IP address. (Note that the link assumes that you are setting up without the router between you and the internet. Where it says to put in the address from your ISP [step 4], you would actually put in the address you are getting from your router). Hope that helps. Wow! Thanks for the superbly detailed reply!! I'll take a closer look at the office tomorrow and let you know how it all goes :) Quote
wshiwsbrding Posted January 19, 2011 Posted January 19, 2011 2) On the Belkin router, forward TCP Port 1723, IP Protocol 47 (GRE) (Note: 47 is a protocol number and not TCP port. The protocol name is GRE.) to the server's IP address. Hi I have the same sort of issue with a VPN and everywhere i look it says enable IP Protocol 47 (GRE), where exactly do I enable GRE? I have a Belkin F7D4302 v1 and i see how to forward a TCP Port but not how to enable a protocol so I do have port 1723 forwarded. Any suggestions as to how I do that? I get error 800 if I try to connect on "Automatic" and error 806 if I try to connect with PPtP. Thanks in advance for any help from anyone. Quote
mmthomas Posted January 20, 2011 Posted January 20, 2011 Hi I have the same sort of issue with a VPN and everywhere i look it says enable IP Protocol 47 (GRE), where exactly do I enable GRE? I have a Belkin F7D4302 v1 and i see how to forward a TCP Port but not how to enable a protocol so I do have port 1723 forwarded. Any suggestions as to how I do that? I get error 800 if I try to connect on "Automatic" and error 806 if I try to connect with PPtP. Thanks in advance for any help from anyone. I believe that the Belkin F7D4302 is only capable of forwarding UDP and TCP protocols. You will need to get a more advanced router/firewall in order to forward GRE -- for example one of the small office Sonicwall products. If this is just for home, and you like playing with tech, the DD-WRT software may work with your model. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.