August 30, 2004
OK, I want to rant. Feel free to ignore me.
Would someone be so kind as to tell me WHY all SBS wizards require that I have two ethernet cards in my box to denote private and public addressing to do all the normal security features? What if I want to simply put a box on the Internet, but still use the frigging ISA configuration, WITHOUT having a network behind it????
You know. Like a server on the Internet in a DMZ. What's sad is that the Internet Connection wizard even tells you that you need a separate firewall if you work in "router mode with a local IP". Why can't ISA be that firewall.. OUT OF THE BOX!!!!
The sad thing is a simple fix would be to throw a nic card in there and simply not use it... and call it the internal IP network. Unfortunately I don't have the room on the board to do so.
Time to dig through google and see if I can fake this out with a virtual adapter somehow.
Posted by SilverStr at August 30, 2004 12:05 AM
Hmm, I think I found a way to get around this using a loopback device as a virtual nic.
Just not sure how to reorder the "internal nic" to point to the loopback, and the external to be the actual nic.
Because it's all on one box dear.. we ALWAYS recommend two nics.
Stop ranting on something I'd wack you upside the head at an say
1. Stick another nic in
2. If you don't have room on the board ... how wimpy is this server anyway dear?
Smallbizserver.Net > Network:
On the network diagrams that are recommended by most SBS veterans, notice all the "Two Nics AND" and notice how very few "One Nic AND" diagrams there are?
There's a reason. ;-)
BTW exactly what IP range are the clients hanging off of? The internal IP address is where all of our clients go neatly tucked behind the ISA firewall. We normally don't put SBS on the internet all by itself, it's a Small Business server... like there's workstations usually behind it because that's where you do work at... workstations? It was designed to be the primary domain controller, the small firm's backbone. You don't read email on it, nor surf the web, nor do "work" on it. You want a network behind it in about 99.999999% of the cases, unless of course you are Dana in which case I refer back to the fact that from the get-go I said you are not a normal Small Business Server customer in the first place. They kinda don't build wizards for .00000001% of the marketplace ;-)
My point is that every other server operating system in the world works fine in a standalone environment with one nic.
I fully understand the recommendations that Microsoft has, and its reasoning for two nics. But I find it hard to believe that they never came across clients who simply want to hang one of these out on a DMZ as a "Internet box" without having a LAN behind it. This is a NORMAL deployment for a virtual office. Or a dedicated web server with SQL server. In my case, I have to deal with the need of having consultants all over the world having access to internal sharepoint, and Exchange with OWA. I have no need to have them on our corporate LAN, and a SBS seems to be the right ticket to make a "virtual office".
Knowing how easy it was to do the loop back trick (see my other post), I am suprised Microsoft hasn't just had a default install put the second loopback nic in!
BTW, servers shouldn't be considered whimpy just cuz they don't have a plethora of free slots available. These little Dell rack mount units are awesome. Even if you have to use half card to get anything working!
We're not every other operating system in the world. I warned you from the start that we're special, and you are not the "normal" SBSer. You've just proven that in your blog post.
This isn't the typical set up at all.
Typical SMALL firms are not virtual, show me a SBS network and they'll want one or two workstations. Heck I've got three workstations here at home with my Sister and I [not counting the dog]. Why not the loopback trick? Because again... think of the marketplace. This box is not built for exceptions but for the average firm. Would it be a cool MS wish item.. actually it probably would. Or for that matter an interesting "if you would want to" item for a book. Especially for a virtual office as you said, but again, for the typical firm, SBS isn't set up this way.
I was going to rag on you and offer to send you a nic card if you needed it :-)
We're starting to see firms move to the rack mounts but again, look at the Dell servers that come preinstalled with SBS and they are typically not rack mounts.
Just proving once again... you're not the "normal" SBSer :-) But you are welcome nonetheless. I really look forward to your insights and thoughts going forward.
Hey... I just realized.. don't rant on SBS... rant on ISA
323387 - How To Connect Your Company to the Internet by Using an ISA Firewall with Windows Server 2003:
Install the ISA Server
To install an ISA firewall, you need a computer with two network adapters. You must connect one of these adapters to your internal network and the other adapter to your Internet service provider (ISP). Your ISP can help you make this connection. A firewall acts as a security barrier between your internal network (or intranet) and the Internet by preventing outside users on the Internet from gaining access to the confidential information on your intranet or your computer.
Hey, Dr. Tom! He should be ranting about you not SBS ;-)
btw you do know about www.isaserver.org and www.isatools.org right?