2 NICs Configuration Problem

I have seen a number of write-ups on this - good and bad, but none seem to
make my situation work.
So, I have an SBS2003 (no ISA) with 1 nic > switch > Firewall LANport >
Internet as follows:

Host Name . . . . . . . . . . . . : thor
Primary Dns Suffix . . . . . . . : Removersgroup.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : Removersgroup.local

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.19
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Server Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
Network Co
nnection
Physical Address. . . . . . . . . : 00-03-47-30-63-68
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.16.1
DNS Servers . . . . . . . . . . . : 192.168.16.2
Primary WINS Server . . . . . . . : 192.168.16.2
*******************************************
I would like to add amember server2003 with 2 nics - 1 for Internal >
switch(WSUS, Backup Exec, Aux storage) and 1 for External > Firewall DMZ
port (websites, WSUS updates) as follows:

Host Name . . . . . . . . . . . . : Quigley
Primary Dns Suffix . . . . . . . : Removersgroup.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Removersgroup.local

Ethernet adapter DMZ:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
Network Co
nnection
Physical Address. . . . . . . . . : 00-03-47-32-EE-EF
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.20.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.20.1
DNS Servers . . . . . . . . . . . : 192.168.16.2
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
Network Co
nnection #2
Physical Address. . . . . . . . . : 00-03-47-32-EE-EE
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.16.2
Primary WINS Server . . . . . . . : 192.168.16.2

Right now I am unable to connect to the internet via the External nic on the
webserver, although website service runs fine. I can also tie into the
webserver over the LAN with no problems. All in all, everything but the
ability to call out to the internet via the webservers external nic
(192.168.20.2) works great; Unfortunately I would like to have WSUS updates
follow this path.
I do not have DNS, WINS, or RRAS setup on the member server2003. I am
getting no errors to post here so I am somewhat at a loss - please help.
Thanks
Paul


--
Paul Bockmann

Can you ping a pubic IP? If yes, can you ping yahoo.com?

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Paul" <(E-Mail Removed)> wrote in message news:E0CB6183-B201-4D92-A24D-(E-Mail Removed)...
I have seen a number of write-ups on this - good and bad, but none seem to
make my situation work.
So, I have an SBS2003 (no ISA) with 1 nic > switch > Firewall LANport >
Internet as follows:

Host Name . . . . . . . . . . . . : thor
Primary Dns Suffix . . . . . . . : Removersgroup.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : Removersgroup.local

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.19
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Server Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
Network Co
nnection
Physical Address. . . . . . . . . : 00-03-47-30-63-68
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.16.1
DNS Servers . . . . . . . . . . . : 192.168.16.2
Primary WINS Server . . . . . . . : 192.168.16.2
*******************************************
I would like to add amember server2003 with 2 nics - 1 for Internal >
switch(WSUS, Backup Exec, Aux storage) and 1 for External > Firewall DMZ
port (websites, WSUS updates) as follows:

Host Name . . . . . . . . . . . . : Quigley
Primary Dns Suffix . . . . . . . : Removersgroup.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Removersgroup.local

Ethernet adapter DMZ:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
Network Co
nnection
Physical Address. . . . . . . . . : 00-03-47-32-EE-EF
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.20.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.20.1
DNS Servers . . . . . . . . . . . : 192.168.16.2
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
Network Co
nnection #2
Physical Address. . . . . . . . . : 00-03-47-32-EE-EE
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.16.2
Primary WINS Server . . . . . . . : 192.168.16.2

Right now I am unable to connect to the internet via the External nic on the
webserver, although website service runs fine. I can also tie into the
webserver over the LAN with no problems. All in all, everything but the
ability to call out to the internet via the webservers external nic
(192.168.20.2) works great; Unfortunately I would like to have WSUS updates
follow this path.
I do not have DNS, WINS, or RRAS setup on the member server2003. I am
getting no errors to post here so I am somewhat at a loss - please help.
Thanks
Paul


--
Paul Bockmann

That all looks pretty dicey to me. Having a server on the LAN which
bypasses the firewall is never a good idea. What is the external NIC on the
multihomed server physically connected to? Is the 192.168.20 network your
DMZ?

"Paul" <(E-Mail Removed)> wrote in message
news:E0CB6183-B201-4D92-A24D-(E-Mail Removed)...
>I have seen a number of write-ups on this - good and bad, but none seem to
> make my situation work.
> So, I have an SBS2003 (no ISA) with 1 nic > switch > Firewall LANport >
> Internet as follows:
>
> Host Name . . . . . . . . . . . . : thor
> Primary Dns Suffix . . . . . . . : Removersgroup.local
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : Yes
> WINS Proxy Enabled. . . . . . . . : Yes
> DNS Suffix Search List. . . . . . : Removersgroup.local
>
> PPP adapter RAS Server (Dial In) Interface:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
> Physical Address. . . . . . . . . : 00-53-45-00-00-00
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.16.19
> Subnet Mask . . . . . . . . . . . : 255.255.255.255
> Default Gateway . . . . . . . . . :
> NetBIOS over Tcpip. . . . . . . . : Disabled
>
> Ethernet adapter Server Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
> Network Co
> nnection
> Physical Address. . . . . . . . . : 00-03-47-30-63-68
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.16.2
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.16.1
> DNS Servers . . . . . . . . . . . : 192.168.16.2
> Primary WINS Server . . . . . . . : 192.168.16.2
> *******************************************
> I would like to add amember server2003 with 2 nics - 1 for Internal >
> switch(WSUS, Backup Exec, Aux storage) and 1 for External > Firewall DMZ
> port (websites, WSUS updates) as follows:
>
> Host Name . . . . . . . . . . . . : Quigley
> Primary Dns Suffix . . . . . . . : Removersgroup.local
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : Removersgroup.local
>
> Ethernet adapter DMZ:
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
> Network Co
> nnection
> Physical Address. . . . . . . . . : 00-03-47-32-EE-EF
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.20.2
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.20.1
> DNS Servers . . . . . . . . . . . : 192.168.16.2
> NetBIOS over Tcpip. . . . . . . . : Disabled
>
> Ethernet adapter Local Area Connection:
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
> Network Co
> nnection #2
> Physical Address. . . . . . . . . : 00-03-47-32-EE-EE
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.16.3
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . :
> DNS Servers . . . . . . . . . . . : 192.168.16.2
> Primary WINS Server . . . . . . . : 192.168.16.2
>
> Right now I am unable to connect to the internet via the External nic on
> the
> webserver, although website service runs fine. I can also tie into the
> webserver over the LAN with no problems. All in all, everything but the
> ability to call out to the internet via the webservers external nic
> (192.168.20.2) works great; Unfortunately I would like to have WSUS
> updates
> follow this path.
> I do not have DNS, WINS, or RRAS setup on the member server2003. I am
> getting no errors to post here so I am somewhat at a loss - please help.
> Thanks
> Paul
>
>
> --
> Paul Bockmann

I can not ping anything on the internet, but I can ping everything on the LAN.
Results -

Pinging intel.com [198.175.96.33] with 32 bytes of data:

Request timed out.
Request timed out.

Ping statistics for 198.175.96.33:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Control-C
^C
C:\Documents and Settings\administrator.REMOVERSGROUP>ping yahoo.com

Pinging yahoo.com [66.94.234.13] with 32 bytes of data:

Request timed out.
Request timed out.


--
Paul Bockmann


"Robert L [MVP - Networking]" wrote:

> Can you ping a pubic IP? If yes, can you ping yahoo.com?
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
> "Paul" <(E-Mail Removed)> wrote in message news:E0CB6183-B201-4D92-A24D-(E-Mail Removed)...
> I have seen a number of write-ups on this - good and bad, but none seem to
> make my situation work.
> So, I have an SBS2003 (no ISA) with 1 nic > switch > Firewall LANport >
> Internet as follows:
>
> Host Name . . . . . . . . . . . . : thor
> Primary Dns Suffix . . . . . . . : Removersgroup.local
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : Yes
> WINS Proxy Enabled. . . . . . . . : Yes
> DNS Suffix Search List. . . . . . : Removersgroup.local
>
> PPP adapter RAS Server (Dial In) Interface:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
> Physical Address. . . . . . . . . : 00-53-45-00-00-00
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.16.19
> Subnet Mask . . . . . . . . . . . : 255.255.255.255
> Default Gateway . . . . . . . . . :
> NetBIOS over Tcpip. . . . . . . . : Disabled
>
> Ethernet adapter Server Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
> Network Co
> nnection
> Physical Address. . . . . . . . . : 00-03-47-30-63-68
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.16.2
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.16.1
> DNS Servers . . . . . . . . . . . : 192.168.16.2
> Primary WINS Server . . . . . . . : 192.168.16.2
> *******************************************
> I would like to add amember server2003 with 2 nics - 1 for Internal >
> switch(WSUS, Backup Exec, Aux storage) and 1 for External > Firewall DMZ
> port (websites, WSUS updates) as follows:
>
> Host Name . . . . . . . . . . . . : Quigley
> Primary Dns Suffix . . . . . . . : Removersgroup.local
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : Removersgroup.local
>
> Ethernet adapter DMZ:
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
> Network Co
> nnection
> Physical Address. . . . . . . . . : 00-03-47-32-EE-EF
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.20.2
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.20.1
> DNS Servers . . . . . . . . . . . : 192.168.16.2
> NetBIOS over Tcpip. . . . . . . . : Disabled
>
> Ethernet adapter Local Area Connection:
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
> Network Co
> nnection #2
> Physical Address. . . . . . . . . : 00-03-47-32-EE-EE
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.16.3
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . :
> DNS Servers . . . . . . . . . . . : 192.168.16.2
> Primary WINS Server . . . . . . . : 192.168.16.2
>
> Right now I am unable to connect to the internet via the External nic on the
> webserver, although website service runs fine. I can also tie into the
> webserver over the LAN with no problems. All in all, everything but the
> ability to call out to the internet via the webservers external nic
> (192.168.20.2) works great; Unfortunately I would like to have WSUS updates
> follow this path.
> I do not have DNS, WINS, or RRAS setup on the member server2003. I am
> getting no errors to post here so I am somewhat at a loss - please help.
> Thanks
> Paul
>
>
> --
> Paul Bockmann

Firstly, nothing is bypassing the firewall - SB2003 server (192.168.16.2) is
behind the firewall on the LAN port (192.168.16.1); The multihome server
(192.168.16.3 internal & 192.168.20.2 external) is behind the firewall on the
DMZ port (192.168.20.1).

The SBS2003 server is physically connected to the LAN switch.
The multihome's internal nic is connected to the switch and its external is
connected to the DMZ port on the firewall.
The switch is connected to the LAN port on the firewall.

Hope this clears things up. Again, no errors, all lan connectivity is good,
just cant get the multihome to get out to the internet on its external nic.
Talked to Sonicwall and they inform me that there is nothing blocking the DMZ
outbound - so it should go.
Thanks
Paul
--
Paul Bockmann


"Bill Grant" wrote:

> That all looks pretty dicey to me. Having a server on the LAN which
> bypasses the firewall is never a good idea. What is the external NIC on the
> multihomed server physically connected to? Is the 192.168.20 network your
> DMZ?
>
> "Paul" <(E-Mail Removed)> wrote in message
> news:E0CB6183-B201-4D92-A24D-(E-Mail Removed)...
> >I have seen a number of write-ups on this - good and bad, but none seem to
> > make my situation work.
> > So, I have an SBS2003 (no ISA) with 1 nic > switch > Firewall LANport >
> > Internet as follows:
> >
> > Host Name . . . . . . . . . . . . : thor
> > Primary Dns Suffix . . . . . . . : Removersgroup.local
> > Node Type . . . . . . . . . . . . : Unknown
> > IP Routing Enabled. . . . . . . . : Yes
> > WINS Proxy Enabled. . . . . . . . : Yes
> > DNS Suffix Search List. . . . . . : Removersgroup.local
> >
> > PPP adapter RAS Server (Dial In) Interface:
> >
> > Connection-specific DNS Suffix . :
> > Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
> > Physical Address. . . . . . . . . : 00-53-45-00-00-00
> > DHCP Enabled. . . . . . . . . . . : No
> > IP Address. . . . . . . . . . . . : 192.168.16.19
> > Subnet Mask . . . . . . . . . . . : 255.255.255.255
> > Default Gateway . . . . . . . . . :
> > NetBIOS over Tcpip. . . . . . . . : Disabled
> >
> > Ethernet adapter Server Local Area Connection:
> >
> > Connection-specific DNS Suffix . :
> > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
> > Network Co
> > nnection
> > Physical Address. . . . . . . . . : 00-03-47-30-63-68
> > DHCP Enabled. . . . . . . . . . . : No
> > IP Address. . . . . . . . . . . . : 192.168.16.2
> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
> > Default Gateway . . . . . . . . . : 192.168.16.1
> > DNS Servers . . . . . . . . . . . : 192.168.16.2
> > Primary WINS Server . . . . . . . : 192.168.16.2
> > *******************************************
> > I would like to add amember server2003 with 2 nics - 1 for Internal >
> > switch(WSUS, Backup Exec, Aux storage) and 1 for External > Firewall DMZ
> > port (websites, WSUS updates) as follows:
> >
> > Host Name . . . . . . . . . . . . : Quigley
> > Primary Dns Suffix . . . . . . . : Removersgroup.local
> > Node Type . . . . . . . . . . . . : Hybrid
> > IP Routing Enabled. . . . . . . . : No
> > WINS Proxy Enabled. . . . . . . . : No
> > DNS Suffix Search List. . . . . . : Removersgroup.local
> >
> > Ethernet adapter DMZ:
> > Connection-specific DNS Suffix . :
> > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
> > Network Co
> > nnection
> > Physical Address. . . . . . . . . : 00-03-47-32-EE-EF
> > DHCP Enabled. . . . . . . . . . . : No
> > IP Address. . . . . . . . . . . . : 192.168.20.2
> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
> > Default Gateway . . . . . . . . . : 192.168.20.1
> > DNS Servers . . . . . . . . . . . : 192.168.16.2
> > NetBIOS over Tcpip. . . . . . . . : Disabled
> >
> > Ethernet adapter Local Area Connection:
> > Connection-specific DNS Suffix . :
> > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
> > Network Co
> > nnection #2
> > Physical Address. . . . . . . . . : 00-03-47-32-EE-EE
> > DHCP Enabled. . . . . . . . . . . : No
> > IP Address. . . . . . . . . . . . : 192.168.16.3
> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
> > Default Gateway . . . . . . . . . :
> > DNS Servers . . . . . . . . . . . : 192.168.16.2
> > Primary WINS Server . . . . . . . : 192.168.16.2
> >
> > Right now I am unable to connect to the internet via the External nic on
> > the
> > webserver, although website service runs fine. I can also tie into the
> > webserver over the LAN with no problems. All in all, everything but the
> > ability to call out to the internet via the webservers external nic
> > (192.168.20.2) works great; Unfortunately I would like to have WSUS
> > updates
> > follow this path.
> > I do not have DNS, WINS, or RRAS setup on the member server2003. I am
> > getting no errors to post here so I am somewhat at a loss - please help.
> > Thanks
> > Paul
> >
> >
> > --
> > Paul Bockmann
>
>
>

That clears up the setup, but it doesn't really mean that you are not
bypassing the firewall. Connecting a server to the DMZ port is effectively
bypassing firewall filtering to that server. That is what it is for - to
allow a direct connection to the Internet. If that server also has a NIC in
the LAN, then the LAN is at risk.

"Paul" <(E-Mail Removed)> wrote in message
news:3B644E6F-2C5B-4ADF-8881-(E-Mail Removed)...
> Firstly, nothing is bypassing the firewall - SB2003 server (192.168.16.2)
> is
> behind the firewall on the LAN port (192.168.16.1); The multihome server
> (192.168.16.3 internal & 192.168.20.2 external) is behind the firewall on
> the
> DMZ port (192.168.20.1).
>
> The SBS2003 server is physically connected to the LAN switch.
> The multihome's internal nic is connected to the switch and its external
> is
> connected to the DMZ port on the firewall.
> The switch is connected to the LAN port on the firewall.
>
> Hope this clears things up. Again, no errors, all lan connectivity is
> good,
> just cant get the multihome to get out to the internet on its external
> nic.
> Talked to Sonicwall and they inform me that there is nothing blocking the
> DMZ
> outbound - so it should go.
> Thanks
> Paul
> --
> Paul Bockmann
>
>
> "Bill Grant" wrote:
>
>> That all looks pretty dicey to me. Having a server on the LAN which
>> bypasses the firewall is never a good idea. What is the external NIC on
>> the
>> multihomed server physically connected to? Is the 192.168.20 network your
>> DMZ?
>>
>> "Paul" <(E-Mail Removed)> wrote in message
>> news:E0CB6183-B201-4D92-A24D-(E-Mail Removed)...
>> >I have seen a number of write-ups on this - good and bad, but none seem
>> >to
>> > make my situation work.
>> > So, I have an SBS2003 (no ISA) with 1 nic > switch > Firewall LANport >
>> > Internet as follows:
>> >
>> > Host Name . . . . . . . . . . . . : thor
>> > Primary Dns Suffix . . . . . . . : Removersgroup.local
>> > Node Type . . . . . . . . . . . . : Unknown
>> > IP Routing Enabled. . . . . . . . : Yes
>> > WINS Proxy Enabled. . . . . . . . : Yes
>> > DNS Suffix Search List. . . . . . : Removersgroup.local
>> >
>> > PPP adapter RAS Server (Dial In) Interface:
>> >
>> > Connection-specific DNS Suffix . :
>> > Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
>> > Physical Address. . . . . . . . . : 00-53-45-00-00-00
>> > DHCP Enabled. . . . . . . . . . . : No
>> > IP Address. . . . . . . . . . . . : 192.168.16.19
>> > Subnet Mask . . . . . . . . . . . : 255.255.255.255
>> > Default Gateway . . . . . . . . . :
>> > NetBIOS over Tcpip. . . . . . . . : Disabled
>> >
>> > Ethernet adapter Server Local Area Connection:
>> >
>> > Connection-specific DNS Suffix . :
>> > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
>> > Network Co
>> > nnection
>> > Physical Address. . . . . . . . . : 00-03-47-30-63-68
>> > DHCP Enabled. . . . . . . . . . . : No
>> > IP Address. . . . . . . . . . . . : 192.168.16.2
>> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> > Default Gateway . . . . . . . . . : 192.168.16.1
>> > DNS Servers . . . . . . . . . . . : 192.168.16.2
>> > Primary WINS Server . . . . . . . : 192.168.16.2
>> > *******************************************
>> > I would like to add amember server2003 with 2 nics - 1 for Internal >
>> > switch(WSUS, Backup Exec, Aux storage) and 1 for External > Firewall
>> > DMZ
>> > port (websites, WSUS updates) as follows:
>> >
>> > Host Name . . . . . . . . . . . . : Quigley
>> > Primary Dns Suffix . . . . . . . : Removersgroup.local
>> > Node Type . . . . . . . . . . . . : Hybrid
>> > IP Routing Enabled. . . . . . . . : No
>> > WINS Proxy Enabled. . . . . . . . : No
>> > DNS Suffix Search List. . . . . . : Removersgroup.local
>> >
>> > Ethernet adapter DMZ:
>> > Connection-specific DNS Suffix . :
>> > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
>> > Network Co
>> > nnection
>> > Physical Address. . . . . . . . . : 00-03-47-32-EE-EF
>> > DHCP Enabled. . . . . . . . . . . : No
>> > IP Address. . . . . . . . . . . . : 192.168.20.2
>> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> > Default Gateway . . . . . . . . . : 192.168.20.1
>> > DNS Servers . . . . . . . . . . . : 192.168.16.2
>> > NetBIOS over Tcpip. . . . . . . . : Disabled
>> >
>> > Ethernet adapter Local Area Connection:
>> > Connection-specific DNS Suffix . :
>> > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
>> > Network Co
>> > nnection #2
>> > Physical Address. . . . . . . . . : 00-03-47-32-EE-EE
>> > DHCP Enabled. . . . . . . . . . . : No
>> > IP Address. . . . . . . . . . . . : 192.168.16.3
>> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> > Default Gateway . . . . . . . . . :
>> > DNS Servers . . . . . . . . . . . : 192.168.16.2
>> > Primary WINS Server . . . . . . . : 192.168.16.2
>> >
>> > Right now I am unable to connect to the internet via the External nic
>> > on
>> > the
>> > webserver, although website service runs fine. I can also tie into the
>> > webserver over the LAN with no problems. All in all, everything but
>> > the
>> > ability to call out to the internet via the webservers external nic
>> > (192.168.20.2) works great; Unfortunately I would like to have WSUS
>> > updates
>> > follow this path.
>> > I do not have DNS, WINS, or RRAS setup on the member server2003. I am
>> > getting no errors to post here so I am somewhat at a loss - please
>> > help.
>> > Thanks
>> > Paul
>> >
>> >
>> > --
>> > Paul Bockmann
>>
>>
>>

It also explains why your server cannot access the Internet. The firewall
provides NAT for the LAN machines, allowing them to reach the Internet using
the firewall's public IP. Machines in the DMZ are not behind the NAT, so
they neeed a routable public IP to access the Internet directly. Private IPs
cannot cross the Internet. The Internet routers are programmed to drop
packets with private IP addresses.

"Bill Grant" <not.available@online> wrote in message
news:(E-Mail Removed)...
> That clears up the setup, but it doesn't really mean that you are not
> bypassing the firewall. Connecting a server to the DMZ port is effectively
> bypassing firewall filtering to that server. That is what it is for - to
> allow a direct connection to the Internet. If that server also has a NIC
> in the LAN, then the LAN is at risk.
>
> "Paul" <(E-Mail Removed)> wrote in message
> news:3B644E6F-2C5B-4ADF-8881-(E-Mail Removed)...
>> Firstly, nothing is bypassing the firewall - SB2003 server (192.168.16.2)
>> is
>> behind the firewall on the LAN port (192.168.16.1); The multihome server
>> (192.168.16.3 internal & 192.168.20.2 external) is behind the firewall on
>> the
>> DMZ port (192.168.20.1).
>>
>> The SBS2003 server is physically connected to the LAN switch.
>> The multihome's internal nic is connected to the switch and its external
>> is
>> connected to the DMZ port on the firewall.
>> The switch is connected to the LAN port on the firewall.
>>
>> Hope this clears things up. Again, no errors, all lan connectivity is
>> good,
>> just cant get the multihome to get out to the internet on its external
>> nic.
>> Talked to Sonicwall and they inform me that there is nothing blocking the
>> DMZ
>> outbound - so it should go.
>> Thanks
>> Paul
>> --
>> Paul Bockmann
>>
>>
>> "Bill Grant" wrote:
>>
>>> That all looks pretty dicey to me. Having a server on the LAN which
>>> bypasses the firewall is never a good idea. What is the external NIC on
>>> the
>>> multihomed server physically connected to? Is the 192.168.20 network
>>> your
>>> DMZ?
>>>
>>> "Paul" <(E-Mail Removed)> wrote in message
>>> news:E0CB6183-B201-4D92-A24D-(E-Mail Removed)...
>>> >I have seen a number of write-ups on this - good and bad, but none seem
>>> >to
>>> > make my situation work.
>>> > So, I have an SBS2003 (no ISA) with 1 nic > switch > Firewall LANport
>>> > >
>>> > Internet as follows:
>>> >
>>> > Host Name . . . . . . . . . . . . : thor
>>> > Primary Dns Suffix . . . . . . . : Removersgroup.local
>>> > Node Type . . . . . . . . . . . . : Unknown
>>> > IP Routing Enabled. . . . . . . . : Yes
>>> > WINS Proxy Enabled. . . . . . . . : Yes
>>> > DNS Suffix Search List. . . . . . : Removersgroup.local
>>> >
>>> > PPP adapter RAS Server (Dial In) Interface:
>>> >
>>> > Connection-specific DNS Suffix . :
>>> > Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
>>> > Physical Address. . . . . . . . . : 00-53-45-00-00-00
>>> > DHCP Enabled. . . . . . . . . . . : No
>>> > IP Address. . . . . . . . . . . . : 192.168.16.19
>>> > Subnet Mask . . . . . . . . . . . : 255.255.255.255
>>> > Default Gateway . . . . . . . . . :
>>> > NetBIOS over Tcpip. . . . . . . . : Disabled
>>> >
>>> > Ethernet adapter Server Local Area Connection:
>>> >
>>> > Connection-specific DNS Suffix . :
>>> > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
>>> > Network Co
>>> > nnection
>>> > Physical Address. . . . . . . . . : 00-03-47-30-63-68
>>> > DHCP Enabled. . . . . . . . . . . : No
>>> > IP Address. . . . . . . . . . . . : 192.168.16.2
>>> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>> > Default Gateway . . . . . . . . . : 192.168.16.1
>>> > DNS Servers . . . . . . . . . . . : 192.168.16.2
>>> > Primary WINS Server . . . . . . . : 192.168.16.2
>>> > *******************************************
>>> > I would like to add amember server2003 with 2 nics - 1 for Internal >
>>> > switch(WSUS, Backup Exec, Aux storage) and 1 for External > Firewall
>>> > DMZ
>>> > port (websites, WSUS updates) as follows:
>>> >
>>> > Host Name . . . . . . . . . . . . : Quigley
>>> > Primary Dns Suffix . . . . . . . : Removersgroup.local
>>> > Node Type . . . . . . . . . . . . : Hybrid
>>> > IP Routing Enabled. . . . . . . . : No
>>> > WINS Proxy Enabled. . . . . . . . : No
>>> > DNS Suffix Search List. . . . . . : Removersgroup.local
>>> >
>>> > Ethernet adapter DMZ:
>>> > Connection-specific DNS Suffix . :
>>> > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
>>> > Network Co
>>> > nnection
>>> > Physical Address. . . . . . . . . : 00-03-47-32-EE-EF
>>> > DHCP Enabled. . . . . . . . . . . : No
>>> > IP Address. . . . . . . . . . . . : 192.168.20.2
>>> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>> > Default Gateway . . . . . . . . . : 192.168.20.1
>>> > DNS Servers . . . . . . . . . . . : 192.168.16.2
>>> > NetBIOS over Tcpip. . . . . . . . : Disabled
>>> >
>>> > Ethernet adapter Local Area Connection:
>>> > Connection-specific DNS Suffix . :
>>> > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
>>> > Network Co
>>> > nnection #2
>>> > Physical Address. . . . . . . . . : 00-03-47-32-EE-EE
>>> > DHCP Enabled. . . . . . . . . . . : No
>>> > IP Address. . . . . . . . . . . . : 192.168.16.3
>>> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>> > Default Gateway . . . . . . . . . :
>>> > DNS Servers . . . . . . . . . . . : 192.168.16.2
>>> > Primary WINS Server . . . . . . . : 192.168.16.2
>>> >
>>> > Right now I am unable to connect to the internet via the External nic
>>> > on
>>> > the
>>> > webserver, although website service runs fine. I can also tie into
>>> > the
>>> > webserver over the LAN with no problems. All in all, everything but
>>> > the
>>> > ability to call out to the internet via the webservers external nic
>>> > (192.168.20.2) works great; Unfortunately I would like to have WSUS
>>> > updates
>>> > follow this path.
>>> > I do not have DNS, WINS, or RRAS setup on the member server2003. I am
>>> > getting no errors to post here so I am somewhat at a loss - please
>>> > help.
>>> > Thanks
>>> > Paul
>>> >
>>> >
>>> > --
>>> > Paul Bockmann
>>>
>>>
>>>
>
>

See this diagram which shows more clearly what I am talking about.
Servers on the DMZ are public, not private.

http://www.ssimail.com/Zoneguard.htm

"Bill Grant" <not.available@online> wrote in message
news:(E-Mail Removed)...
> It also explains why your server cannot access the Internet. The firewall
> provides NAT for the LAN machines, allowing them to reach the Internet
> using the firewall's public IP. Machines in the DMZ are not behind the
> NAT, so they neeed a routable public IP to access the Internet directly.
> Private IPs cannot cross the Internet. The Internet routers are programmed
> to drop packets with private IP addresses.
>
> "Bill Grant" <not.available@online> wrote in message
> news:(E-Mail Removed)...
>> That clears up the setup, but it doesn't really mean that you are not
>> bypassing the firewall. Connecting a server to the DMZ port is
>> effectively bypassing firewall filtering to that server. That is what it
>> is for - to allow a direct connection to the Internet. If that server
>> also has a NIC in the LAN, then the LAN is at risk.
>>
>> "Paul" <(E-Mail Removed)> wrote in message
>> news:3B644E6F-2C5B-4ADF-8881-(E-Mail Removed)...
>>> Firstly, nothing is bypassing the firewall - SB2003 server
>>> (192.168.16.2) is
>>> behind the firewall on the LAN port (192.168.16.1); The multihome server
>>> (192.168.16.3 internal & 192.168.20.2 external) is behind the firewall
>>> on the
>>> DMZ port (192.168.20.1).
>>>
>>> The SBS2003 server is physically connected to the LAN switch.
>>> The multihome's internal nic is connected to the switch and its external
>>> is
>>> connected to the DMZ port on the firewall.
>>> The switch is connected to the LAN port on the firewall.
>>>
>>> Hope this clears things up. Again, no errors, all lan connectivity is
>>> good,
>>> just cant get the multihome to get out to the internet on its external
>>> nic.
>>> Talked to Sonicwall and they inform me that there is nothing blocking
>>> the DMZ
>>> outbound - so it should go.
>>> Thanks
>>> Paul
>>> --
>>> Paul Bockmann
>>>
>>>
>>> "Bill Grant" wrote:
>>>
>>>> That all looks pretty dicey to me. Having a server on the LAN which
>>>> bypasses the firewall is never a good idea. What is the external NIC on
>>>> the
>>>> multihomed server physically connected to? Is the 192.168.20 network
>>>> your
>>>> DMZ?
>>>>
>>>> "Paul" <(E-Mail Removed)> wrote in message
>>>> news:E0CB6183-B201-4D92-A24D-(E-Mail Removed)...
>>>> >I have seen a number of write-ups on this - good and bad, but none
>>>> >seem to
>>>> > make my situation work.
>>>> > So, I have an SBS2003 (no ISA) with 1 nic > switch > Firewall LANport
>>>> > >
>>>> > Internet as follows:
>>>> >
>>>> > Host Name . . . . . . . . . . . . : thor
>>>> > Primary Dns Suffix . . . . . . . : Removersgroup.local
>>>> > Node Type . . . . . . . . . . . . : Unknown
>>>> > IP Routing Enabled. . . . . . . . : Yes
>>>> > WINS Proxy Enabled. . . . . . . . : Yes
>>>> > DNS Suffix Search List. . . . . . : Removersgroup.local
>>>> >
>>>> > PPP adapter RAS Server (Dial In) Interface:
>>>> >
>>>> > Connection-specific DNS Suffix . :
>>>> > Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
>>>> > Physical Address. . . . . . . . . : 00-53-45-00-00-00
>>>> > DHCP Enabled. . . . . . . . . . . : No
>>>> > IP Address. . . . . . . . . . . . : 192.168.16.19
>>>> > Subnet Mask . . . . . . . . . . . : 255.255.255.255
>>>> > Default Gateway . . . . . . . . . :
>>>> > NetBIOS over Tcpip. . . . . . . . : Disabled
>>>> >
>>>> > Ethernet adapter Server Local Area Connection:
>>>> >
>>>> > Connection-specific DNS Suffix . :
>>>> > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
>>>> > Network Co
>>>> > nnection
>>>> > Physical Address. . . . . . . . . : 00-03-47-30-63-68
>>>> > DHCP Enabled. . . . . . . . . . . : No
>>>> > IP Address. . . . . . . . . . . . : 192.168.16.2
>>>> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>> > Default Gateway . . . . . . . . . : 192.168.16.1
>>>> > DNS Servers . . . . . . . . . . . : 192.168.16.2
>>>> > Primary WINS Server . . . . . . . : 192.168.16.2
>>>> > *******************************************
>>>> > I would like to add amember server2003 with 2 nics - 1 for Internal >
>>>> > switch(WSUS, Backup Exec, Aux storage) and 1 for External > Firewall
>>>> > DMZ
>>>> > port (websites, WSUS updates) as follows:
>>>> >
>>>> > Host Name . . . . . . . . . . . . : Quigley
>>>> > Primary Dns Suffix . . . . . . . : Removersgroup.local
>>>> > Node Type . . . . . . . . . . . . : Hybrid
>>>> > IP Routing Enabled. . . . . . . . : No
>>>> > WINS Proxy Enabled. . . . . . . . : No
>>>> > DNS Suffix Search List. . . . . . : Removersgroup.local
>>>> >
>>>> > Ethernet adapter DMZ:
>>>> > Connection-specific DNS Suffix . :
>>>> > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
>>>> > Network Co
>>>> > nnection
>>>> > Physical Address. . . . . . . . . : 00-03-47-32-EE-EF
>>>> > DHCP Enabled. . . . . . . . . . . : No
>>>> > IP Address. . . . . . . . . . . . : 192.168.20.2
>>>> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>> > Default Gateway . . . . . . . . . : 192.168.20.1
>>>> > DNS Servers . . . . . . . . . . . : 192.168.16.2
>>>> > NetBIOS over Tcpip. . . . . . . . : Disabled
>>>> >
>>>> > Ethernet adapter Local Area Connection:
>>>> > Connection-specific DNS Suffix . :
>>>> > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
>>>> > Network Co
>>>> > nnection #2
>>>> > Physical Address. . . . . . . . . : 00-03-47-32-EE-EE
>>>> > DHCP Enabled. . . . . . . . . . . : No
>>>> > IP Address. . . . . . . . . . . . : 192.168.16.3
>>>> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>> > Default Gateway . . . . . . . . . :
>>>> > DNS Servers . . . . . . . . . . . : 192.168.16.2
>>>> > Primary WINS Server . . . . . . . : 192.168.16.2
>>>> >
>>>> > Right now I am unable to connect to the internet via the External nic
>>>> > on
>>>> > the
>>>> > webserver, although website service runs fine. I can also tie into
>>>> > the
>>>> > webserver over the LAN with no problems. All in all, everything but
>>>> > the
>>>> > ability to call out to the internet via the webservers external nic
>>>> > (192.168.20.2) works great; Unfortunately I would like to have WSUS
>>>> > updates
>>>> > follow this path.
>>>> > I do not have DNS, WINS, or RRAS setup on the member server2003. I
>>>> > am
>>>> > getting no errors to post here so I am somewhat at a loss - please
>>>> > help.
>>>> > Thanks
>>>> > Paul
>>>> >
>>>> >
>>>> > --
>>>> > Paul Bockmann
>>>>
>>>>
>>>>
>>
>>
>
>

Bill,
Thanks you for the clarification - you need a job at Sonicwall; I have an
open case on this and they have been working with me to no avail. This
article certainly helps me to clear things up, now I need to talk to
Sonicwall and see to setting up the DMZ properly.
Many thanks for your assistance

--
Paul Bockmann


"Bill Grant" wrote:

> See this diagram which shows more clearly what I am talking about.
> Servers on the DMZ are public, not private.
>
> http://www.ssimail.com/Zoneguard.htm
>
> "Bill Grant" <not.available@online> wrote in message
> news:(E-Mail Removed)...
> > It also explains why your server cannot access the Internet. The firewall
> > provides NAT for the LAN machines, allowing them to reach the Internet
> > using the firewall's public IP. Machines in the DMZ are not behind the
> > NAT, so they neeed a routable public IP to access the Internet directly.
> > Private IPs cannot cross the Internet. The Internet routers are programmed
> > to drop packets with private IP addresses.
> >
> > "Bill Grant" <not.available@online> wrote in message
> > news:(E-Mail Removed)...
> >> That clears up the setup, but it doesn't really mean that you are not
> >> bypassing the firewall. Connecting a server to the DMZ port is
> >> effectively bypassing firewall filtering to that server. That is what it
> >> is for - to allow a direct connection to the Internet. If that server
> >> also has a NIC in the LAN, then the LAN is at risk.
> >>
> >> "Paul" <(E-Mail Removed)> wrote in message
> >> news:3B644E6F-2C5B-4ADF-8881-(E-Mail Removed)...
> >>> Firstly, nothing is bypassing the firewall - SB2003 server
> >>> (192.168.16.2) is
> >>> behind the firewall on the LAN port (192.168.16.1); The multihome server
> >>> (192.168.16.3 internal & 192.168.20.2 external) is behind the firewall
> >>> on the
> >>> DMZ port (192.168.20.1).
> >>>
> >>> The SBS2003 server is physically connected to the LAN switch.
> >>> The multihome's internal nic is connected to the switch and its external
> >>> is
> >>> connected to the DMZ port on the firewall.
> >>> The switch is connected to the LAN port on the firewall.
> >>>
> >>> Hope this clears things up. Again, no errors, all lan connectivity is
> >>> good,
> >>> just cant get the multihome to get out to the internet on its external
> >>> nic.
> >>> Talked to Sonicwall and they inform me that there is nothing blocking
> >>> the DMZ
> >>> outbound - so it should go.
> >>> Thanks
> >>> Paul
> >>> --
> >>> Paul Bockmann
> >>>
> >>>
> >>> "Bill Grant" wrote:
> >>>
> >>>> That all looks pretty dicey to me. Having a server on the LAN which
> >>>> bypasses the firewall is never a good idea. What is the external NIC on
> >>>> the
> >>>> multihomed server physically connected to? Is the 192.168.20 network
> >>>> your
> >>>> DMZ?
> >>>>
> >>>> "Paul" <(E-Mail Removed)> wrote in message
> >>>> news:E0CB6183-B201-4D92-A24D-(E-Mail Removed)...
> >>>> >I have seen a number of write-ups on this - good and bad, but none
> >>>> >seem to
> >>>> > make my situation work.
> >>>> > So, I have an SBS2003 (no ISA) with 1 nic > switch > Firewall LANport
> >>>> > >
> >>>> > Internet as follows:
> >>>> >
> >>>> > Host Name . . . . . . . . . . . . : thor
> >>>> > Primary Dns Suffix . . . . . . . : Removersgroup.local
> >>>> > Node Type . . . . . . . . . . . . : Unknown
> >>>> > IP Routing Enabled. . . . . . . . : Yes
> >>>> > WINS Proxy Enabled. . . . . . . . : Yes
> >>>> > DNS Suffix Search List. . . . . . : Removersgroup.local
> >>>> >
> >>>> > PPP adapter RAS Server (Dial In) Interface:
> >>>> >
> >>>> > Connection-specific DNS Suffix . :
> >>>> > Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
> >>>> > Physical Address. . . . . . . . . : 00-53-45-00-00-00
> >>>> > DHCP Enabled. . . . . . . . . . . : No
> >>>> > IP Address. . . . . . . . . . . . : 192.168.16.19
> >>>> > Subnet Mask . . . . . . . . . . . : 255.255.255.255
> >>>> > Default Gateway . . . . . . . . . :
> >>>> > NetBIOS over Tcpip. . . . . . . . : Disabled
> >>>> >
> >>>> > Ethernet adapter Server Local Area Connection:
> >>>> >
> >>>> > Connection-specific DNS Suffix . :
> >>>> > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
> >>>> > Network Co
> >>>> > nnection
> >>>> > Physical Address. . . . . . . . . : 00-03-47-30-63-68
> >>>> > DHCP Enabled. . . . . . . . . . . : No
> >>>> > IP Address. . . . . . . . . . . . : 192.168.16.2
> >>>> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
> >>>> > Default Gateway . . . . . . . . . : 192.168.16.1
> >>>> > DNS Servers . . . . . . . . . . . : 192.168.16.2
> >>>> > Primary WINS Server . . . . . . . : 192.168.16.2
> >>>> > *******************************************
> >>>> > I would like to add amember server2003 with 2 nics - 1 for Internal >
> >>>> > switch(WSUS, Backup Exec, Aux storage) and 1 for External > Firewall
> >>>> > DMZ
> >>>> > port (websites, WSUS updates) as follows:
> >>>> >
> >>>> > Host Name . . . . . . . . . . . . : Quigley
> >>>> > Primary Dns Suffix . . . . . . . : Removersgroup.local
> >>>> > Node Type . . . . . . . . . . . . : Hybrid
> >>>> > IP Routing Enabled. . . . . . . . : No
> >>>> > WINS Proxy Enabled. . . . . . . . : No
> >>>> > DNS Suffix Search List. . . . . . : Removersgroup.local
> >>>> >
> >>>> > Ethernet adapter DMZ:
> >>>> > Connection-specific DNS Suffix . :
> >>>> > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
> >>>> > Network Co
> >>>> > nnection
> >>>> > Physical Address. . . . . . . . . : 00-03-47-32-EE-EF
> >>>> > DHCP Enabled. . . . . . . . . . . : No
> >>>> > IP Address. . . . . . . . . . . . : 192.168.20.2
> >>>> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
> >>>> > Default Gateway . . . . . . . . . : 192.168.20.1
> >>>> > DNS Servers . . . . . . . . . . . : 192.168.16.2
> >>>> > NetBIOS over Tcpip. . . . . . . . : Disabled
> >>>> >
> >>>> > Ethernet adapter Local Area Connection:
> >>>> > Connection-specific DNS Suffix . :
> >>>> > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
> >>>> > Network Co
> >>>> > nnection #2
> >>>> > Physical Address. . . . . . . . . : 00-03-47-32-EE-EE
> >>>> > DHCP Enabled. . . . . . . . . . . : No
> >>>> > IP Address. . . . . . . . . . . . : 192.168.16.3
> >>>> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
> >>>> > Default Gateway . . . . . . . . . :
> >>>> > DNS Servers . . . . . . . . . . . : 192.168.16.2
> >>>> > Primary WINS Server . . . . . . . : 192.168.16.2
> >>>> >
> >>>> > Right now I am unable to connect to the internet via the External nic
> >>>> > on
> >>>> > the
> >>>> > webserver, although website service runs fine. I can also tie into
> >>>> > the
> >>>> > webserver over the LAN with no problems. All in all, everything but
> >>>> > the
> >>>> > ability to call out to the internet via the webservers external nic
> >>>> > (192.168.20.2) works great; Unfortunately I would like to have WSUS
> >>>> > updates
> >>>> > follow this path.
> >>>> > I do not have DNS, WINS, or RRAS setup on the member server2003. I
> >>>> > am
> >>>> > getting no errors to post here so I am somewhat at a loss - please
> >>>> > help.
> >>>> > Thanks
> >>>> > Paul
> >>>> >
> >>>> >
> >>>> > --
> >>>> > Paul Bockmann
> >>>>
> >>>>
> >>>>
> >>
> >>
> >
> >
>
>
>

Good catch there, Bill!
I hadn't thought about the DMZ<-->External relationship being routed instead of
NATed. I guess I gotten too used to ISA where that is ajustable and many people
set it to NAT. Of course in the end that just makes it a second "internal"
network for all intents and purposes since they end up using a routed
relationship between LAN<-->DMZ.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------

"Bill Grant" <not.available@online> wrote in message
news:%(E-Mail Removed)...
> See this diagram which shows more clearly what I am talking about. Servers
> on the DMZ are public, not private.
>
> http://www.ssimail.com/Zoneguard.htm