Configuring a forwarder when DC is NOT connected to the internet

  • Thread starter Thread starter AndrewKim
  • Start date Start date
A

AndrewKim

I have 4 computers, one with win2k server installed and configured as domain
controller, which is NOT connected to the internet, and the rest being the
client computers. One of them has two NICs installed; one NIC that connects
to the internet, and the other for ICS, whose IP address is set to
192.168.0.1. (So in fact, I have one DC, one ICS host, and two client
computers)

All four computers are connected to a switch.

The DC has the IP address of 10.10.0.1, and 10.10.0.4 and 5 are assigned to
two other client computers. So for now they don't have internet connection.

If I take the second NIC out from the ICS host, install it on DC and make
the DC work as ICS host, I know I can use a forwarder in DC to have rest of
the computer access the internet. WIndows XP prof. is installed on my ICS
host, which also is my gaming machine and entertainment beast, and I just
don't want to shift the internet connection to DC.

My question is, can I still configure a forwarder on DC when another
computer is the ICS host? I appreciate anyone's help and thanks in advance!
 
Sure you can. As long as DC can connect to the internet trough port 53 UDP
for DNS queries, you can setup forwarders in its DNS server. If DC connects
trough some other ICS or router it makes no difference. In fact it is
advised not to connect DC directly to the internet for security reasons.

--
Regards

Matjaz Ladava, MCSE, MCSA, MCT, MVP
Microsoft MVP - Active Directory
(e-mail address removed), (e-mail address removed)
http://ladava.com
 
Hi,

Thanks for such quick reply. But how do I do that? do I need to set the
DC's IP address so that it belongs to the same subnet as the ICS host? (in
my case it would be 192.168.0.x, instead of 10.10.0.1 I have for DC)

And if I do need to change the DC's IP address, how do I do it without
making a mess? I'd first have to change the IP address in TCP/IP properties
in My Network Place, but I assume I'd also need to make some changes in DNS
MMC snap-in... I once have tried modifying DNS settings without much
knowledge about it and got me into rows of fails and warnings in event
viewer so I had to reinstall the DC. Now I have the Ghost image of DC and
it only takes a few mins to revert back to where I was so I have no problem
with that.

Can you tell me how to configure the forwarder and the TCP/IP properties on
each computer so that I can connect to the internet on all computers? again
I really appreciate the reply, thank you very much.
 
What sort of connection to the internet do you have?

You should only have ONE subnet on the LAN. Does ICS automatically
give out 192.168.0.x addresses via DHCP? If so, and if it is not
possible to change the subnet on the ICS box (which I suspect may be
true), then you will have to change the IP address of the DC. Is the
DC also the DNS server? If so just access the Properties of the NIC,
and change the IP address, and reboot. That *should* work.

When you have done that set the IP properties as follows:

DC: assuming it is also the DNS server, (which is implied by the
question), then set the default gateway to the ICS box, the DNS
settings to itself and a fixed IP address (in the LAN range). Set
forwarders either to the ICS box or an external DNS.

Clients: Set their default gateway to the ICS box, the DNS to the
DC/DNS server. and either DHCP an IP address from the ICS box or use a
fixed IP address.

ICS box: this should configure itself automagically.

Cheers,

Cliff
 
With ICS working on the XP machine change the internal NIC Ip to a 10.10.0.X
ip address. then point the gateways of all clients to that ip address. In
the DNS mmc make sure the "." root dns zone is deleted. after this you may
have to reboot the server to make sure dns configures it self correctly.
Then in the properties of your domain's zone you can configure forwards to
your ISP's DNS. To find the ip of your ISP's DNS go to the ICS host and at
the command promt type ipconfig /all
THis should tell you all the settings you need. Make the DNS IPs your
forwarders IP and then you are set.


--
HTH

Paul McGuire
 
ICS will only work on a subnet 192.168.0.0/24. (Unless someone can
come up with a URL that says otherwise, I believe this to be the case.

Cheers,

Cliff
 
First of all I must thank all of you for the replies, they really helped!

But there's just one final thing I want to ask about... yes, my DC is also a
DNS server AND DHCP server, which is set to 10.0.0.0 and has the address
pool range from 10.0.0.3 to 10.0.0.254. This would've been 192.168.0.3 to
192.168.0.254 if I had to change the DNS server's IP address... not that it
matters much, but I thought I should mention it. Now, as far as I know the
ICS host works as a DHCP server also, and I was wondering if I should kill
the DHCP server on DC so that the ICS host can distribute IP addresses to
clients without conflicts. Or am I just one really confused soul and don't
know what I'm talking about?

Other than this I can go trial-and-error everything else and see what
happens.

Andrew


With ICS working on the XP machine change the internal NIC Ip to a 10.10.0.X
ip address. then point the gateways of all clients to that ip address. In
the DNS mmc make sure the "." root dns zone is deleted. after this you may
have to reboot the server to make sure dns configures it self correctly.
Then in the properties of your domain's zone you can configure forwards to
your ISP's DNS. To find the ip of your ISP's DNS go to the ICS host and at
the command promt type ipconfig /all
THis should tell you all the settings you need. Make the DNS IPs your
forwarders IP and then you are set.


--
HTH

Paul McGuire


What sort of connection to the internet do you have?

You should only have ONE subnet on the LAN. Does ICS automatically
give out 192.168.0.x addresses via DHCP? If so, and if it is not
possible to change the subnet on the ICS box (which I suspect may be
true), then you will have to change the IP address of the DC. Is the
DC also the DNS server? If so just access the Properties of the NIC,
and change the IP address, and reboot. That *should* work.

When you have done that set the IP properties as follows:

DC: assuming it is also the DNS server, (which is implied by the
question), then set the default gateway to the ICS box, the DNS
settings to itself and a fixed IP address (in the LAN range). Set
forwarders either to the ICS box or an external DNS.

Clients: Set their default gateway to the ICS box, the DNS to the
DC/DNS server. and either DHCP an IP address from the ICS box or use a
fixed IP address.

ICS box: this should configure itself automagically.

Cheers,

Cliff
Click to expand...
 
That's actually a good point. You shouldn't have two DHCP servers on a
subnet. I don't know for sure but I suspect that the ICS setup will
insist on being a DHCP server for your network. Could be wrong, and
I'm sure someone will say if it is so. I'd be inclined to either
switch off the DC's DHCP server and use the ICS one, or not bother
with a DHCP server for your network and use static IP addresses for
all machines (the ICS one will be 192.168.0.1).

Cheers,

Cliff
 
Back
Top