ADSL Problem on Network

[NeETz]

We recently upgraded our dial up(56K) to ADSL. Since the installation of ADSL ive been experiencing lots of problems with regards to the changes. Firstly, I have a LAN consisting of about 25 people, Windows NT Server with SP6A, Exchange Server 5.5, Microsoft Proxy ver 2.0

Now with the change over to ADSL, my SMTP mail spooling from mweb has changed over to POP3 which is a problem with exchange server. I downloaded a free pop3 connector from the web and it seems to work ok. The problem arrises when people wish to browse the web. Every PC has been configured by Microsoft Proxy Server to use the dialup modem and not the ADSL. I have tried to configure the proxy with out luck, and once the ADSL ethernet router is connected to the network, it causes grief. I have changed the ip address of the router to an IP within our IP range and tried to use that IP to browse but doesnt work.

Also, people on the network cant browse. Ive noticed that i have to dial up to mweb with the analogue modem in conjuction with the ADSL ethernet modem and then people can browse via ADSL which is weird. Also what happens, peoples IP addresses seem to change to that of the router which then causes that workstation to hang and once restarted, that pc refuses to connect to the domain due to the ip change. What do i have to do? To resolve that, i restart the server and switch off the adsl router and dial up normally with the analogue modem and all the workstations seem to function correctly.

What can i do to resolve this? I really need serious help. I am also willing to pay anyone who knows what they are doing to sort this issue out as I am not that network clued up.

I am in the Pretoria area. Please could anyone help me.
Thank You.

 

[mbs]

I would recommend you opt for an open source alternative instead, which will allow you to trace and fix problem configs without hindrance due to proprietary issues. MS will probably tell you to get rid of NT4/SP6a and upgrade to 2003 Server, for example, before they provide any further advice. The open source alternative will result in reduced TCO (no license fees), and your MS investment may be discarded (hopefully you have already amortised the software cost...). You should opt for a Linux box that will act as a proxy/gateway/email server - suggest the Gentoo distro, Squid and Postfix. Try Obsidian Systems or Tangent Systems in Johannesburg (and I have no connection with any of them!). HTH...

 

[Solar]

No.. please leave Linux out of this... I've configured tens of these systems with the exact specifications that you listed there. Firstly, it seems like you have a moderate TCP knowledge, so let's start from there:

The problem with the random IP changes seems to be the fact that your ADSL router is configured as a DHCP server.. the DHCP server on your network should ONLY be your Windows NT pc, so find an option in the adsl router configuration to disable this service. (You didn't tell us which modem/router you use).

Next, change the IP of the modem/router to one on your internal LAN. Now, set the default gateway of your Windows NT server to the IP of the Router. (I will assume that the router supports NAT, I don't know of anyone that don't).
This will allow your NT server to access computers on the internet. Now, also set your DNS on your NT server to an DNS server on the internet (ex: 196.7.0.138). Now test the setup by pinging www.ananzi.co.za.
It should resolve to an IP, and you should receive ICMP replies.

If you've got everything running so far, the only thing you need to do, is to tell Microsoft Proxy Server to connect DIRECTLY and not through any modem or other device (if you have to choose a device, choose the network adapter).

Now your clients will be able to access the internet without any problems... however, if it STILL does not work, the problem lies with MS Proxy.. there's hundreds of other Proxy Servers out there that you can try to avoid this problem, and actually, you don't even NEED a proxy server for your clients to access the internet.. they can all use the router's nat. Let me know if this works, otherwise I will post info on how to NAT your whole network.

Regards,
Christiaan

 

[NeETz]

Hi Christiaan,

Thanks for help, i havnt had a change to configure the ADSL modem as yet. I will try exactly what you said, if i still dont come right, i would really appreciate if you could post info on how to NAT my whole network.

I will keep you posted on this problem. At the moment ive just switched off the ADSL Router and went back to my normal analouge dialup. Its damn slow and frustrating but its worth since i cant afford any downtime to my client machines at the time of the year. I probably will have sit on Wednesday evening.

Also, I am using the Telkom ADSL router...default ip of the router was 192.168.10.200, ive changed that to one of our internal addresses. I hope that this info can assist you in helping me if i do have any problems. Under "Basic Configuration" of the router the default LAN parameters are : IP ADDRESS: 192.168.10.200, SUBNET MASK: 255.255.255.0, HOST NAME: MK-ATUR-150, DOMAIN NAME: premierme.com.tw, Network Type: Global or Virtual(default), DNS Proxy Paramaters: DNS Server 1 Address: 168.95.192.1, Address 2: 168.95.1.1

What changes would i make here?

Nitesh

 

[mithrandi]

I'm sorry, but I have to agree with mbs here; the costs involved in maintaining a STABLE, SECURE windows system for router/proxy-type tasks are simply exorbitant. I mean, there's a new remote exploit that completely compromises Windows systems practically every week now. Not to mention the routers supplied by Telkom seem to be really useless; I wouldn't trust one of those to do routing / NAT ever. On the other hand, there is a lot of time involved in learning another OS... the benefits are still worth it IMHO. (I will note that Linux has far firewalling / NAT capabilities that are far superior to most/all of these DSL routers in use.)

mithrandi

 

[Andre]

We were running a setup almost identical to NeETz until recently and it worked fine (in the process of switching over to SBS 2003).

Some differences we have are:

1. Mail comes in direct via a dynamic DNS service and outgoing mail is routed via Telkom.
2. The router handles NAT and DHCP, the server has a fixed IP.
3. Used MSProxy for a while, but have switched to Squid.

The Telkom DHCP server seems to be pretty flakey - it likes to reissue the same IP's to different machines, so I'd suggest using the NT DHCP service like Solar did.

 

[mbs]

If you've had no problems with NT's DHCP, then you're lucky - my experience with it has been disastrous: it's just as flakey as the Telkom DHCP (refuses to release automatically and manually-allocated IP's, ranging works intermittently, etc.). Must admit that I've no experience with SBS 2003's version, so cannot comment. For NeETz - if you've got the time and interest, it would be beneficial in the long term to try Linux...

 

[mithrandi]

I'm sorry, but even if someone is dead set on running Windows, I would HIGHLY recommend against SBS; it amounts to Windows Server, plus a bunch of other MS applications, all packaged together with duct tape. You're far better off just installing what you need separately.

mithrandi

 

[caroper]

Hi mithrandi,

I have to dissagree with you.

SBS including the other components is cheeper than 200 or 2003 Server alone. Granted 2003 includes a pop and smtp server and MSDE is a free version of SQL, but if you have 20+ users requiering SQL access then SBS is a lot cheeper and faster than MSDE. Exchange and IIS are then a bonus. Plus you only need one interface to configure user access, email, SQL etc.

I have 5 instillations running very reliably (3 on SBS4.5 and 2 on SBS2000, I havn't tried SBS2003 yet).

Just my 2c worth.

Cheers
Chris

 

[mbs]

I still don't get it - why would anybody want to run Windows, given the TCO involved? Also coupled to Microsoft's arrogance when it comes to license pricing (flat-rate world-wide, except when forced by market pressures, e.g. Thailand)? Also coupled to issues surrounding the integrity of their products, being the deliberate target of crackers, and so on? All of the applications and utils you require are available in Linux distros or downloadable at no cost together with freedom of choice, including Web servers (instead of IIS, try Apache, Tomcat, JBoss, etc.), databases (instead of SQL Server, try PostgreSQL, MySQL, Firebird, etc.), etc. etc. etc. Methinks you should make the time available to assess and deploy (what do you do between 2AM and 6AM anyway, except sleep...hehe!). Ultimately, you won't have to appeal to the likes of this forum for help, even if willing to pay for it, as you'll be equipped to do everything yourself - won't that make you feel good?!
[][]

 

[caroper]

At the risk of taking this thread even more off topic [8)]

As an academic I would agree with you, however, as a consultant I do not.

Why?

I consider it to be false economy for a small company, with a mission critical environment, that can't afford full time IT staff.

Microsoft qualified, even unqualified but knowledgeable, people are 10 a penny in this country. Unix, Linux etc. people are either hackers (as in the respectful sense of the word i.e. non malicious) or very expensive professionals. The money saved in hardware/software is rapidly consumed in support and or down time.

Even if the company has a competent person who has downloaded all the great goodies, what if he gets hit by a bus, due to lack of sleep? His replacement will download all of his/her favourite programs and install those instead. Great for personal expression but bad for company productivity.

That said, I am an advocate of Linux based firewalls because, as you point out, the malicious hackers tend to target Microsoft. However, If Unix/Linux became the most popular small business OS they would become the new target. And an easier one at that, as the source code is, mostly, in the public domain

I remember a few years ago when IBM announced that the main advantage of OS/2 (any one remember OS/2) was that it would be impossible to infect with a virus! By 14:00 that day at lest five viruses were doing the rounds specifically to prove IBM wrong.

Bottom line? Use the correct tool for the job and keep them sharp (i.e. up to date).

Cheers
Chris

 

[Karnaugh]

<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote">SBS including the other components is cheeper than 200 or 2003 Server alone<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

And linux is *free*, what's your point?

<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote">I consider it to be false economy for a small company, with a mission critical environment, that can't afford full time IT staff.
<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

That makes little sense to my thinking. A linux/unix server is 99.9% less likely to give reoccuring problems like windows. There are Unix servers that have over 1000 day uptimes.

Linux and unix are alot more popular than Windows for Firewalls and routers, simply because they get the job done efficiently.

You can spend R800/h on a good unix tech to setup a server once, or you can pay some pimply faced moron R100/h to fix your stupid Windows server that breaks every week.

<hr noshade size="1">
"Since light travels faster than sound, people appear bright until you hear them speak."

NetLink Research

 

[mbs]

OK folks - whoa! Looks like I set the cat amongst the pigeons by recommending that NeETz looks at an Open Source alternative: maybe this should be debated as another formal topic (promises to be hot!). Let's focus on helping him instead - could we have some feedback from NeETz regarding progress to date?

 

[mithrandi]

<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote">Microsoft qualified, even unqualified but knowledgeable, people are 10 a penny in this country.<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">
That's irrelevant; even assuming a tech guy with amazing MS skills, he still isn't going to be able to solve the FUNDAMENTAL flaws in MS software; it just simply doesn't cut it.

<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote">That said, I am an advocate of Linux based firewalls because, as you point out, the malicious hackers tend to target Microsoft. However, If Unix/Linux became the most popular small business OS they would become the new target. And an easier one at that, as the source code is, mostly, in the public domain.<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">
No, it is a HARDER target because the source code is available; anyone can fix vulnerabilities that are found, rather than having to depend on a specific vendor. As opposed to closed-source security vulns, which are only slightly harder to find, and are immensely more difficult to fix without the source code (completely impractical for most users).

<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote">Bottom line? Use the correct tool for the job and keep them sharp (i.e. up to date).<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">
Right. And MS software is NEVER the correct tool when it comes to servers and such. You can argue that MS is more appropriate for a desktop system, but certainly I would say it is unfit for almost any kind of server task.

mithrandi

 

[martin]

And Linux is getting easier to set up by the day and the internet resources to help you out are countless, so no need to even buy Linux manuals. The pro's so far outweigh the con's when it comes to Linux.

P.S. In my 4 years of working for my current company we have had only 1 virus infection, simply because we use a linux firewall. The virus was introduced by outside computer placed on our lan.

 

[Andre]

<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote"><i>Originally posted by mbs</i>
<br />If you've had no problems with NT's DHCP, then you're lucky - my experience with it has been disastrous
<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

I'm sorry to hear that you've had problems. We used it for more than 5 years and the only time it would act flakey was when plugging in an extra machine that used one more IP than what we were allocated by the ISP.

 

[mbs]

For Andre - like I said, you're fortunate. My experience with it dates from more than 3 years ago when we last used it, and believe it or not, it had problems with local private LAN addresses (192.168.x.x)! I also seem to recall that this became a problem after we installed SP6a (I might be wrong), and we had no 'funnies' running on the server which could have impacted on the service. Ah well, all probs went away after we installed RH...