Multihomed DNS on '03 Server...Clients = No Internet

[DaH00Psta]

In hopes of finding a little assistance with this one.
Lack of sleep has me banging my head here...;/

Small office set up.
Broadband interent.
router.
multihomed 2003 server(192.168.1.x public, 10.10.10.x priv).
clients.
Server running AD integrated DNS.
router - port forwarding for #53 to server.
Server points to itself for DNS 127.0.0.1 and all the clients point to the internal nic(10.10.10.150).
I can even do nslookups to external addresses from the client systems, but am unable to get to the internet from any system on the private side of the multihomed server. Sounds like a RRAS issue and I do have it running as well, but am not sure of the setup.
Anyone have advice for how RRAS should be setup in this office?
I can't see the forest through the trees...
Thanks

 

[ShackDaddy]

Do you have ISA installed on the 2003 server? Do the clients point to the server's 10.150 NIC for their default gateway? When you say you can do nslookups from the client systems, do you point the clients at external DNS servers, or are you pointing the clients at the server, and the server is doing the resolutions?

Key: does the router know that there's a 10.10.10 network off of its internal interface, so that it can route there? If you aren't using ISA, you don't have NAT in place across your server interfaces, and if your router doesn't have a static route in place for that 10.10.10 network, that would explain your problem. Depending on the router type, you should be able to alter the routing table. If you can't, look into implementing ISA on your server.

ShackDaddy

 

[DaH00Psta]

Hey ShackDaddy,

Sorry I didn't write back sooner, had to get back to the office to answer your questions...
1) ISA is not installed on 2003 server
2) all clients are only pointing to the DNS server on 10.150, nothing external, server is resolving internal addresses and farming out external ones.
3) when you ask if the internal nic knows there is a 10.10.10.x network, i'd say yes...i have input a reverse zone fro 10.10.10 with a ptr to 10.150.
4) one question...do i even need to have the server acting as another router by multihoming it? Their eventual goal is to have this domain be the home to all the offices' resources so they can access their data from anywhere, anytime. Mail, Web, File, client data tagging via web trends, etc...

thanks

 

[ShackDaddy]

When I refer to your router in my post, I mean your broadband router. When a packet to your public address comes to your B-band router, it has a 192.168 interface and it has NAT built in, so it does a good job translating between 192.168 addresses and public addresses. When a host in your 10.10 network passes a request past your server-router and then through your B-band router, your B-band router has no clue who the 10.10 network is, and therefore can't send stuff back to it, even though it originally came from there.

To make all this work, you have to have NAT set up on the server, or you need to make all of your clients share the 192.168 network with your server. To set up NAT, you have to install ISA server, which I think is free (not sure). The easier thing (although maybe not better) thing would be to put all the clients into the 192.168 network with the server.

ShackDaddy