George Hester said:
So Phillip like this. I hook the ISP to my Nic with a router between to
give me its firewall. Then I install my DHCP Server and Configure that in
the way you describe. Then set my clients to obtain their DHCP Server from
my Server (what port must I open for that on the Router?). Then the clients
also hook to the Router. Is that it?
If I understood correctly from the earlier post, you don't have additional
subnets yet, but are only thinking of adding them later. Well if that is the
case there really is no preparation to do ahead of time. Just get it working
according to what you have now.
I assume your "router" that you mentioned is a DSL NAT Device that shares
the Internet connection for the LAN. This Device is the only thing with
two interfaces, all other machines would just need one. There are situations
involving a Back-to-Back DMZs, but unless you are specifically wanting that,
let's not go there, let's keep it simple for now. It would simply look like
this:
All LAN machines-->Hub or Switch-->DSL Device-->Internet
The "All LAN Machines" incudes everything,...Clients, Servers, additional
Hubs/Switches, etc.
You must remember to disable DHCP on the DSL Device and don't allow it to
run DHCP. Then configure DHCP on the Server you wish to use. Clients are
not "pointed" to any certain DHCP Server,...the Server is "passive" and the
Clients find it by broadcasting their DHCP Queries,...the Server simply sees
the queries and responds to them.
When you add a new Subnet you just add a new Scope in the DHCP config for
the new subnet,...add a Static Route to the DSL Device,...add a LAN Router
between the Segments and configure it to forward the DHCP Queries to the
DHCP Server from the clients on the opposite side of the LAN Router. Their
really isn't that much to it. It might resemble this:
Net#2-->LAN Router-->Net#1-->DSL Device-->Internet
Net#1 and Net#2 would have their own spearate Hub or Switch, I just didn't
include them to keep the diagram simple. The DSL Device would no longer be
the Default Gateway of everything, instead the LAN Router becomes the
Default Gateway for *all* machines & equipment (except the DSL Device). The
DSL Device becomes the Default Gateway for only the LAN Router. Then the
Default Gateway of the DSL Device remains the ISP as it already was.
We met in the Security newsgroup. I remember you you didn't lambaste me
when I suggested East Asian http sites were the prime culprits of Spam on
the Net.
Ah! Now I remember. Yea, I agreed with you, and still do concerning that
spam. I think I took a beating for that one myself.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------