IN DESPERATE NEED OF HELP!!!!

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello, I want to say thank you in advance to anyone who can put me in the
right direction with this. I am in a bit of a mess and pretty much lost :(

Situation: Currently at the office I work for I am running a win 2000 sever
with 20+ clients behind a linksys firewall (cable connection). I have DHCP,
DNS & AD all running at default settings and I am manually entering the
router numbers to the stations that are allowed internet access. Everything
is running fine ie: printers, shares, etc.

Problem: My office has decided it wants to run it's own Email server, so in
preparation I had them purchsase a new server which will also run Win 2000
server and Win Exchange 2000, as well as picking up a new Symantec firewall
appliance. I was under the impression that all I would need to do, is run
DHCP from the firewall to 1nic on the email server, then run DHCP on the file
server to the 2nd nic on the email server, and run RRAS on the email server
to connect the intranet to the internet. And that's where I'm lost. Can
anyone suggest a clear & simple resource or outline the basics as to how to
set up this kind of a network? I am about to give up :(

Thank you in advance again to any help,
Victor
 
Hello, I want to say thank you in advance to anyone who can put me in the
right direction with this. I am in a bit of a mess and pretty much lost :(

Situation: Currently at the office I work for I am running a win 2000 sever
with 20+ clients behind a linksys firewall (cable connection). I have DHCP,
DNS & AD all running at default settings and I am manually entering the
router numbers to the stations that are allowed internet access. Everything
is running fine ie: printers, shares, etc.

Problem: My office has decided it wants to run it's own Email server, so in
preparation I had them purchsase a new server which will also run Win 2000
server and Win Exchange 2000, as well as picking up a new Symantec firewall
appliance. I was under the impression that all I would need to do, is run
DHCP from the firewall to 1nic on the email server, then run DHCP on the file
server to the 2nd nic on the email server, and run RRAS on the email server
to connect the intranet to the internet. And that's where I'm lost. Can
anyone suggest a clear & simple resource or outline the basics as to how to
set up this kind of a network? I am about to give up :(
Click to expand...

Put everything behind the firewall (and I'm not talking about your NON-
Firewall Linksys unit).

From the firewall, forward port 25 to the internal IP of the EMail
server. Remember to allow SMTP/25 outbound from the server too.

Your entire network should be running behind the firewall, and the
firewall should not be DOING DHCP, have your File Server do DHCP and
provide the clients with the information needed. You will also need to
setup DNS On the File server - actually, you are going to need to make
the File Server a AD Server and the Exchange Server will also need to be
in the domain also.

Once you get the SMTP setup in the firewall, you will need to make a A
record with your ISP/public DNS service and then a MX record that points
to that A record. If you didn't use a .com or .net (or other TLD) name
for your domain, such as mydomain.com or ourcompany.net, you are going
to have to create a recipient policy that adds "mycompany.com" to the
exchange config so that you an receive email on it.

One other thing - doing this over the weekend, without knowing what you
were doing, and without qualified help is asking for a boot in the arse
on Monday.

I hope you did a domain prep and forest prep too.
 
Hi Leythos,

Thank you for your reply, it is GREATLY appreciated (So far no boot in the
arse :)) I understand how you are suggesting the network, that is pretty much
how it has been configured up until now (everything behind the firewall with
the file server running DHCP and certain ports fowarded). I guess where I am
lost is setting the client info from the DHCP so that the workstations
receive the proper gateway/DNS info to connect to the internet. I had seen a
few diagrams showing the email server being the first system on the network
behind the firewall and the intranet running behind the email server (2
network cards). But since you are suggesting not to change to this setup, my
question if you have the time, is how to configure the file server running
DHCP to send the proper info to the clients so that they can connect to the
internet. If it's just a matter of creating an A record, where can I go for
steps on that so as to not take anymore of your time? I haven't run the prep
steps yet as I was still stuck on how/if the network had to be re-configured
(yes, we use a .com for the domain). Thanks again for your feedback.

Regards,
Victor
 
Hi Leythos,

Thank you for your reply, it is GREATLY appreciated (So far no boot in the
arse :)) I understand how you are suggesting the network, that is pretty much
how it has been configured up until now (everything behind the firewall with
the file server running DHCP and certain ports fowarded). I guess where I am
lost is setting the client info from the DHCP so that the workstations
receive the proper gateway/DNS info to connect to the internet. I had seen a
few diagrams showing the email server being the first system on the network
behind the firewall and the intranet running behind the email server (2
network cards). But since you are suggesting not to change to this setup, my
question if you have the time, is how to configure the file server running
DHCP to send the proper info to the clients so that they can connect to the
internet. If it's just a matter of creating an A record, where can I go for
steps on that so as to not take anymore of your time? I haven't run the prep
steps yet as I was still stuck on how/if the network had to be re-configured
(yes, we use a .com for the domain). Thanks again for your feedback.
Click to expand...

You've asked many different things, so lets handle the DHCP side first.

The DHCP service running on your file server, the one that gives your
workstations their IP's has a SCOPE SETTINGS and options that you can
use to setup the settings that the users stations will get via DHCP.

First, you need an internal DNS server, or at least you should have one.
The internal DNS server will allow your systems to find each other by
name...

Here is a document from MS on setting up DHCP on 2000:
http://support.microsoft.com/default.aspx?scid=kb;en-us;300429&sd=tech

When you setup the OPTIONS, you will need to enter the ROUTER (firewall
internal IP) the DNS (your internal DNS Server, you can also add the
ISP's DNS servers), NTP, Time Server, domain name, etc...

What I was suggesting for your network layout is like this:

INTERNET
|
FIREWALL
|
INTERNAL NETWORK
|
LAN SWITCH
|
All systems, including email and file server



They way it should be setup, in an ideal world is like this:

INTERNET
|
FIREWALL
| |
| ----------------
| |
OFFICE LAN MAIL DMZ Area
192.168.7.0/24 192.168.8.0/24
| |
LAN SWITCH MAIL SERVER
|
Office Network

This config takes more maintenance and requires a lot more than you have
time for. I use it when I want to secure a medical group.

I hate to say this, but I've got to get a couple proposals done today,
so you're going to have to rely on google as your best resource.
 
Hi Leythos,

Thank you again for your response, it is GREATLY appreciated :) From your
advise I gather that I need to read up more on DNS stuff so that I am able to
get the scope settings in the DHCP to work with the DNS look up's etc? (A
records) so that the clients can connect to the internet without manually
assigning DNS servers in each TCP/IP property window. I was under the
impression that entering A records and manual administration could be avoided
by having the router run DHCP as well so that the DNS info can be passed from
the router onto the server and then to the clients automatically. It's true
that we learn something new everyday :) If any good resources should come to
mind, I'm all ears, or in this case, eyes. (Google here I come) thanks again,

Regards,
Victor
 
I was under the
impression that entering A records and manual administration could be avoided
by having the router run DHCP as well so that the DNS info can be passed from
the router onto the server and then to the clients automatically.
Click to expand...

The router can only provide what it knows about. If you ask the router
to provide the IP for mycomputer.mycompany.lan it may not be able to do
it since it does not know about mycompany.lan. It depends on the router,
what internal settings you have for it, and also on what name resolution
services you have inside the network.

When I setup units with a cheap router, I install DHCP and DNS on the
server, making it a domain controller, then disable the DHCP on the
router. I set a forwarder in the servers DNS so that it forwards DNS
requests to the ISP. I set DHCP scope with all the option items that let
the systems know where to find things in the local network. The first
DNS server is the domain controller, and I don't often put the ISP's DSN
servers in the DHCP Scope options.
 
Hi again Leythos,

You hit it on the head with this: " I set a forwarder in the servers DNS so
that it forwards DNS requests to the ISP." :)

That is EXACTLY what I would like to set up, but didn't know how to word it.
Being able to do that would solve my dilemna. If it is a lot to type out, do
you know of any resources that explain how to do that? I really don't want to
take up more of your time with this and really appreciate your responses.
Thank you again :)

Regards,
Victor
 
I forgot to add that the properties on my DNS server are as follows:
Forwarders is greyed out, can not edit or add anything and root hints is
empty because it is a root server.
 
Is this what I needed to know?:
http://support.microsoft.com/default.aspx?scid=kb;en-us;229840
Click to expand...

That looks like the solution to your problem.

Did you name your internal network domain something with a .COM or .NET?

Next time you set it up, use .LAN or anything except a TLD designation.

I always use domainname.lan or domainname.dmz for networks.

It might also help if you reply at the bottom of each post - you are top
posting and it makes it hard to properly reply and retain order in the
thread body.
 
Back
Top