Need advice from Windows Domain pros
Results 1 to 9 of 9

Thread: Need advice from Windows Domain pros

  1. #1
    Banned
    Join Date
    Nov 2003
    Posts
    127

    Need advice from Windows Domain pros

    Hey what's up. I need help deciding on proper network layout. My connection is a business class DSL. The DSL modem has 4 port switch or router built in. I don't know which since only the AT&T can telnet into the DSL modem. After the modem we have a Watchguard SOHO firewall, again, w/ 4 port router. Then there's a unmanaged 36 port switch. There are 10 systems and 2 printers on the network connected to a switch. One of the systems is a Windows 2000 server which serves as a domain controller. We have 5 public IP addresses, let's say they are *.*.*.1 - *.*.*.5. The DSL modem itself has one of those addresses. Let's say *.*.*.1. The Watchguard SOHO firewall has *.*.*.2 as public IP and 192.168.111.1 as internal IP. There are 2 DNS were provided to us on a specific public IP's. Let's say *.*.*.98 & *.*.*.99.

    My original idea was to configure the SOHO firewall on static external and static DNS server. I wanted to use the SOHO's DHCP server to give out everyone IP's in a 192.168.111.10 - 192.168.111.20 range. This would point them to a AT&T DNS servers as well. Clients could connect to the Internet just fine.

    I realized that the problem is that the clients don't respect the internal network DNS and couldn't recognize their internal domain server which I wanted to keep static on 192.168.111.2 since the SOHO was already internal 192.168.111.1.

    My solution to this problem was to configure the SOHO for a provided static DNS but make the DHCP on SOHO make clients point to 192.168.111.2 which was the internal domain server. The clients would resolve their internal IP's first and then go to server's default gateway, which was SOHO and that would take them to the Internet.

    For some reason this doesn't seem like a good idea. It works but it really ****ed up the network which is really slow. Can you pls help with what would be a better design.

    Should I even have the server plugged into the switch. Why not plug it into the SOHO??

    Help

  2. #2
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Why not just have inside users use the windows server as dns (static or not) and setup the forwarders tab in the win2k DNS to use your ISPs DNS servers to help resolve non local names.
    The server should take care of the request and there might be no need to involve the soho..??

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Fix the SOHO WAN and LAN addresses,(static), and use the server to provide the DHCP. The LAN address of the SOHO should be a private address and none of the public addresses should be used on the private network. Set the server as the DNS server and tell it to use the ISP's DNS servers as forwarders.

    Do you provide any public services such as HTTP, SMTP, FTP etc?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    Banned
    Join Date
    Nov 2003
    Posts
    127
    OK, pointed the server to a ouside public IP DNS instead of going back to the SOHO firewall, but the download speed is still 12 - 13 kb .... WTF

    we also have a linux system which is static on the last public IP *.*.*.5 and is connected directly to the DSL modem. we intend to use it as a web server and email server in the future ... it is running a "under consutruction" page for now ... could that be the problem

  5. #5
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    Originally posted here by rabit

    we also have a linux system which is static on the last public IP *.*.*.5 and is connected directly to the DSL modem. we intend to use it as a web server and email server in the future ... it is running a "under consutruction" page for now ... could that be the problem
    Then just turn it off and unplug it and find out if it is causing the problem or not. If it is just running an 'Under Construction' page it would not hurt to have it off for a while to find out if it is causing the problem.


    Using the 'KISS' method of trouble shooting a problem, will save many headaches farther down the road. (KISS = Keep It Simple Stupid)
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  6. #6
    Banned
    Join Date
    Nov 2003
    Posts
    127
    i have disconnected a web server and the speed went up...

    why would the simple "undersonstruction" page eat up so much bandwith since no one is connecting to the site anyway. noone knows about it. there are 15 running services on the linux box but noone is using them. do open ports eat bandwith like that anyway....

    another thing ... can someone tell me, whrere should the DHCP server be... on the server or on the SOHO firewall

  7. #7
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Windows domains (with AD) are quite dependent on DNS (special service entries, etc.) and the easiest way to keep your dhcp leases in synch with the dns entries is to let the windows server (DC) handle both DHCP and DNS since the dhcp is configured by default to update the dns with every lease/re-lease... If you don't want your windows server doing the recursive dns resolutions itself just set it to forward requests to your external dns...


    Ammo
    Credit travels up, blame travels down -- The Boss

  8. #8
    Banned
    Join Date
    Nov 2003
    Posts
    127
    what is it exactly... "recursive dns resolution"

  9. #9
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    im not quit sure if i understand this. do you have dhcp running on the winserver...have you turned off the dhcp server on the soho?
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •