Start a Conversation

Unsolved

This post is more than 5 years old

K

210338

July 9th, 2014 07:00

Clients can't connect to internet - Server 2012 DNS DHCP

I am trying to deploy a new Poweredge R420 with Windows Server 2012 server in our small business.

We connect to the internet via a cable modem and fixed IP address.

Server has two NICs. Per the cable company, one is connected directly to the modem and the TCP/IP for that NIC is configured per their info, and is functioning perfectly. Server has internet access and is operating under it's fixed IP.

Second NIC is connected to a switch, along with all client computers in the facility. The server is set up with a domain, DNS and DHCP. Currently, none of the clients are on the domain, they are still using the old workgroup we had prior to this new server. The internal network is functioning perfectly, with the DHCP controlled by this server. However, I cannot get the clients out to the internet.

I have tried bridging the two NICs with no change. I believe it's in my IP configuration but am lost as to what I need to do.

Currently, if I try to put the cable modem's IP in as the default gateway on NIC2 (it is already that on NIC1) I get "Warning - The default gateway is not on the same network segment (subnet) that is defined by the IP address and subnet mask. Do you want to save this configuration?"

If I answer YES to that, I get "Warning - Multiple default gateways are intended to provide redundancy to a single network. They will not function property when the gateways are on two separate disjoint networks (such as one on your intranet and one on the internet) Do you want to save this configuration?"

I'm confused because they are not multiple gateways, they are the same gateway on two different NICs. I was at this for 6 hours last night and back on it today. I thought I had a decent understanding of this stuff but it seems I'm clueless. Anyone got thoughts?

The NIC1, to the internet is configured with the following:

Gateway: 24.106.xx.xxx

Fixed IP: 24.106.xx.xxx

Subnet Mask: 255.255.255.252

DNS servers 209.18.xx.xx , two sequential IPs.

NIC2 is using our original IP scheme, with IP addresses in the range of 192.168.250.xxx

Subnet mas 255.255.255.0 (I have also tried .252 as above)

DNS servers 24.106.xx.xxx (the fixed IP of the server) and 201.18.xx.xx

Gateway is the same as NIC1, and that's what generates the errors.

How far off base am I?

Thanks

4 Operator

 • 

9.3K Posts

July 9th, 2014 08:00

This is not my strong point, but here are some basics the way I understand it:

- Your server's NIC1 is connected to the modem with the appropriate IP, gateway and DNS (24.106.x.x /30 with the 209.18.x.x DNSes (and optionally a 3rd DNS being a public one like 8.8.8.8))

- Your server's other NIC needs to be set with a private IP (192.168.250.x) but no gateway on this NIC. No DNS servers on this port either.

- Set up the DHCP service on the server and DNS service. Have the DNS service use your ISP's DNS (or a public DNS like 8.8.8.8) as it's 'source' (there's another name for this, but I don't remember it). Your DHCP service needs to be set up to issue IPs in the subnet that it has a static IP in (on NIC2 (the private NIC)).

- Your clients now need to reboot or do an ipconfig renew to get a DHCP lease and they should also get a DNS assigned that is your server's 192.168.250 IP address. Their gateway will be your server's 192.168.250.x IP.

4 Operator

 • 

1.8K Posts

July 9th, 2014 10:00

Koala....

"(there's another name for this, but I don't remember it"...

You want to do this as Dev Mgr suggests. This is referred to as "forwarders", located under the properties of DNS. This keeps your server from making requests of random servers on the Internet, which is important, as there are many rogue DNS servers out there dolling out malware. Your ISP's servers should be clean so add the IP addresses of their DNS servers, also add IPs of another 2 DNS servers from another ISP in case your ISP['s servers are out, or the ISP  makes changes without informing everyone ( it happened to me a few times). Your wks should only point to your servers for DNS, this keeps your wks from making requests to rogue DNS server out there in the DNS bad lands. Personally, at the firewall level (general on Internet router) I block the ability of wks to make DNS  request except from the internal DNS servers. ( block DNS traffic in/out for the IP range used by wks)

All Sever should ONLY have static IP, not dynamic. Set up your DHCP to have a reserved range for static addresses for servers and other devices (printers, fax, etc). Eg. reserve the first 10 IP address of the subnet your using. 

Domain servers should not have two NICs, with different IPs enabled , possible but not advised. Use the second NIC for NIC aggregation or disable it. Google multihomed Domain contoller

http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx

 Public/private IP ranges

http://technet.microsoft.com/en-us/library/cc958825.aspx


" Gateway is the same as NIC1, and that's what generates the errors."...

Correct, To explain, Internet traffic packets go out/come in on one of the NICs, then try on the other NIC. This is not a possibility in normal TCP transmission, packets need to have a session over a single NIC. There are hardware devices which can create a TCP path over two lines (used in combining  Broadband lines, but it is not commonly used). 

 

Author Mark Minasi has some excellent books on server setup. Everyone needs a good reference book

http://www.amazon.com/Mastering-Windows-Server-2012-R2/dp/1118289420

No Events found!

Top