Internet routing through a server

[jacktheripper88]

Just about pulling my hair out trying to remember how to do this, it's probably been 8 years since I did it last.

I have an HP G6 Server that has Windows Server Standard installed on it. Currently it has the following roles: Active Directory Domain Service, DHCP Server, DNS Server, and Files Services.

What I am trying to accomplish is for this server to be the main point between my local network and the fibreop modem. It has 2 onboard NICs, NIC1 is connected to the switch that all the local machines are attached to, and NIC2 is connected to the modem.

As of right now, all the internal application are working (the ones that are run on the workstations from the server). Currently none of the workstations have internet access, the server does as it is directly connected to the modem.

I could be wrong but from what I remember and what I've read I need to add the routing role to the server. Problem is, when I go into add roles routing is not an option that is even on the list. I checked the services, routing and remote access was disabled. I had enabled it, set it to automatic and restarted the server to see if the option became available, but no luck.

Both NICs are set with static IPs. The modem is set to use 192.168.1.1 and the server is currently supply the workstations with IPs on the 192.168.2.# range.

Like I said its been a long time since I've set a network up this way, I could be wrong in my method. Any suggestions would be great.

 

[jacktheripper88]

Found the routing role underneath Network Policy and Access Services, takes a long time to install.

 

[jacktheripper88]

Got the RRAS server installed, but not getting any internet access to my workstations.

Here is my current configuration for the RRAS:
-It is setup as NAT
-NIC 1 (l.a.n) is my internal side, static IP 192.168.2.10 255.255.255 no gateway. Setp up as private
-NIC 2 (Internet Gateway) is my external side, static IP 192.168.1.2 255.255.255.0 192.168.1.1. Set up as public with NAT enabled.
-On NIC 2, I have enabled these ports: FTP, IMAP3, IMAP4, SMTP, POP3, HTTPS and HTTP. All pointing to the private address 192.168.2.10.

Not really sure where to go to next for troubleshooting.
From the work stations I can ping as far as the internal side of the server.

 

[mxnerd]

Your NIC 2 should use DHCP to get WAN IP from the modem.

 

[jacktheripper88]

Even though it gives me the option to do it the way I have setup? Not shooting it down just wondering if this is a case best practice vs actual issue.

The reason I didn't set up NIC 1 as the gateway port was due to the fact this server had been setup this way a few years ago by someone. I didn't what to mess with initial configuration. But if it is wrong, its wrong and needs to be fixed.

 

[mxnerd]

Sorry, I thought it's DSL or cable modem.

Maybe you should contact FiberOP/BellAliant support to find out whether you have a dynamic or static public IP first and ask for some help.

Also find the FiberOP modem/router model & its manual and read the instruction.

 

[mxnerd]

Some info about Bell Aliant Actiontec modem router's Advanced DMZ & bridge mode, might help, if it'is your modem / router.

http://www.bellaliant.ca/binaries/content/assets/support/Customer/Support/StaticIP/dmz-config.pdf

If you plan to run you own server, you either have to have static public IP or DDNS setup.

 

[jacktheripper88]

Sorry for the delayed response. I got the site working but not quiet the way I had in my head.
I ended up forgoing setting the server up to acts as a router. Couldn't get the routing to function at all.
The site this setup is located at couldn't afford to go offline long enough for me to properly investigate the ins and outs of the software they were using. So I ended up turning off the DHCP and DNS services on the fibreop modem and left it with a static internal IP and allowed the server to continue handling the DHCP and DNS.
All of their work stations are wired, so turning off the DHCP on the modem only directly affected their cell phones ability to get internet. Which I remedied with a wireless router, which wasn't a bad idea for them. Now all the personal internet traffic doesn't impact their server traffic.

Just curious about what you had said earlier mxnerd, should NIC 1 have been the gateway due to best practice methods or because NIC2 cannot function as a gateway?

 

[mxnerd]

Have your follow the instruction, enabled Advanced DMZ and setup like this?

Like your earlier setup. You should turn WiFi, DHCP & DNS back on for the modem router.

Customer LAN and firewall is your Windows Server with RRAS, which act as a NAT router too.

Be sure to check Windows Firewall settings. If incoming rule for a TCP port is open, even though it does not appear on RRAS WAN side's Services and Ports, outside world seems still can reach it. Use online port scanner to check.

Windows's DNS server only handle domain's computers & IPs when setup, make sure you configure DNS forwarding which points to external public DNS like google's 8.8.8.8/8.8.4.4 or Level 3's 4.2.2.2/4.2.2.1

NIC 2 should get DHCP IP from the modem and be the gateway NIC. All wired PCs get their DHCP IPs from NIC1 (with Server's DHCP server enabled). mobile devices/ TV devices should still get IPs from the WiFi modem router.


in this example, levelbos-tn0 should be your NIC2

Hope someone who lived in Canada with FiberOP service or anyone with more expertise can correct me if I'm wrong.