APPENDIX C Network Configuration Settings
Many small businesses already have an existing firewall device for their local network when they purchase Microsoft® Windows® Small Business Server 2003. Often, these devices also assign IP addresses to the client computers. If you are using a firewall device other than the one provided with Windows Small Business Server 2003, and the device does not support the UPnP framework, you must configure the firewall ports that are necessary to access your specific local network services.
Configuration Settings for an Existing Firewall Device
A firewall protects your local network from unauthorized Internet access. If you are not using the firewall service provided with Windows Small Business Server 2003, you must use a firewall device on the local network. Additionally, the firewall device must be configured with the necessary settings for your local network. If the device supports the UPnP framework, it is possible for the Configure E-mail and Internet Connection Wizard to configure the device automatically. Otherwise, you must manually configure the firewall ports that are necessary to access your specific local network services. Broadband router/firewall manufacturers typically refer to these settings as “Virtual Server,” “Port Range Forwarding,” or something similar.
You might encounter an error if you use the options on the Firewall Configuration page of the Configure E-mail and Internet Connection Wizard to configure a UPnP router/firewall device.
To try to resolve this issue, go to the Web site of the device manufacturer to download and install the latest firmware update. To download and install the latest firmware update for Microsoft base stations, see the Microsoft Broadband Networking Web site at https://go.microsoft.com/fwlink/?LinkID=18588. After you install the firmware update, rerun the Configure E-mail and Internet Connection Wizard and try to configure the device.
If the problem persists, you must manually configure the device by using the settings documented in this appendix.
If the firewall device also serves as a router to connect to the Internet and your server uses two network adapters (one to connect to the Internet and one to connect to the local network), you can use the firewall service provided by the router, the one provided with Windows Small Business Server 2003, or both.
Services to be Accessible Through the Firewall Device
If you are running any of the following services on your server, you must forward the port numbers for these services to pass through the firewall. The protocol type for each of the services listed in the following table is Transmission Control Protocol (TCP). Configure the appropriate settings on the firewall as defined in the following table.
Service | TCP port number | Purpose |
---|---|---|
25 |
Allows incoming and outgoing Simple Mail Transfer Protocol (SMTP) traffic so Exchange can send and receive Internet e-mail. |
|
Web server |
80 (for https://) and 443 (for https://) |
Allows users on the Internet to access the default Web site or specific Web site services. Port 80 is required for HTTP requests for your site, and port 443 is required for HTTPS requests using Secure Sockets Layer (SSL), which secures communications from your server and a Web browser. Web site services that use ports 80 and/or port 443 include the following:
Web site services that use port 80 include the following:
Note In addition to forwarding the ports for Web server access, you must allow access to Web sites on the Web Services Configuration page of the Configure E-mail and Internet Connection Wizard. |
Windows SharePoint Services intranet site |
444 |
Allows users to access the intranet Web site created by Windows® SharePoint® Services. Port 444 is required to secure communications from your server and a Web browser. To securely connect to the intranet Web site from the Internet, users must type https://. If users are on the local network, users can type https://. If you create sites below the https://companyweb/ site in Windows SharePoint Services, the sites will also be accessible to the Internet when you allow access to the intranet Web site. Note In addition to opening the ports for Web server access, you must select to allow access to Web sites on the Web Services Configuration page of the Configure E-mail and Internet Connection Wizard. |
Remote Web Workplace |
4125 and 443 |
Allows designated users to:
This service requires that users type https:// to connect securely form a Web browser to the Web server. Note In addition to opening the ports for Web server access, you must allow access to this Web site on the Web Services Configuration page of the Configure E-mail and Internet Connection Wizard. |
Virtual Private Network (VPN) |
1723 |
Allows remote clients to connect securely to the network and then use resources as if the client were connected locally. |
Terminal Services |
3389 |
Allows remote clients to connect to the server using Terminal Services. |
File Transfer Protocol (FTP) |
21 |
Allows file transfer protocol (FTP) connections to the server. Note To use your server as an FTP server, you must first install and configure the FTP service. For more information, click Start, and then click Help and Support. |
Configuring Settings for an Existing DHCP Server Service on Your Network
Internet Protocol (IP) addresses for client computers can either be assigned dynamically or you can use static IP addresses.
Using Dynamic Host Configuration Protocol (DHCP) to assign IP address settings to client computers simplifies the administration of your local network addresses. If you have an existing device on the local network that assigns IP addresses to client computers using DHCP, it must be configured with the necessary settings for your local network. If the device supports the UPnP framework, you will be prompted during Setup to configure the device automatically. If the device does not support the UPnP framework or the standard used by the UPnP device is not supported by Setup, you must manually configure the DHCP settings as specified in the section "Settings to configure for an existing DHCP Server service."
Optionally, you can use the DHCP Server service provided with Windows Small Business Server 2003. If you use this service, do not disable the existing DHCP server device until you are prompted by Setup. This allows Setup to determine the range of IP addresses already in use on the network.
Important
Using the DHCP Server service provided with Windows Small Business Server 2003 ensures your DHCP settings are properly configured for your server. However, do not disable the existing DHCP server until after Setup prompts you to do so. Otherwise, Setup will not be able to determine the IP address range currently used by your local network.
If you elect to assign static IP addresses for client computers, you will need to manually configure an IP address for each client computer based on the guidelines given for configuring DHCP. For more information about how to statically assign an IP address, click Start, click Help and Support, and then search for "Setting up TCP/IP."
Settings to Configure for an Existing DHCP Server Service
To ensure that the DHCP Server service is properly configured for your local network, you must configure the settings as follows:
- Create a DHCP scope using the options specified in the section "DHCP Scope Options for an Existing DHCP Device." The scope needs to include enough IP addresses to accommodate each client computer, additional services, and network devices that require an IP address in your local network. Add an additional IP address to this range for each remote user you plan to allow to remotely connect to your local network, plus one for the remote access server.
- Exclude the IP address of the network adapter used to connect to the local network. This ensures that this address will not be given out by the DHCP server to a client computer. If you have additional devices on your network that use a static IP address, these should also be excluded from the scope. It is also recommended that you create an exclusion of 5 to 10 IP addresses in case you need to assign a static IP address to another device at a later time.
Note
It is not necessary to exclude the IP address of the local network adapter if the range of IP addresses used in the DHCP scope does not include the IP address used for the local network adapter.
DHCP Scope Options for an Existing DHCP Device
If the DHCP Server service has any of the following DHCP options, configure the options as defined in the following table.
Option | Description | Record value here |
---|---|---|
Router (default gateway) |
Defines the default gateway used by client computers.
|
____________________ |
Domain Name System (DNS) server |
Provides client computers with name resolution services for the local network. Specify the IP address of the local network adapter of the computer running Windows Small Business Server 2003. |
____________________ |
DNS domain name |
Provides client computers with the fully qualified domain name (FQDN) for the local network. Specify the full DNS name for the internal domain of the local network. For example, if you used the default full DNS for internal domain, it is your organization's name with the label .local, such as, wingtiptoys.local. |
____________________ |
Windows Internet Name Service (WINS) server |
Provides local network name resolution for computers running to Microsoft® Windows NT® Server 4.0 and earlier and Windows® 98 and earlier. If the DHCP server has the option to set a WINS server option, specify the IP address of the local network adapter of the computer running Windows Small Business Server. |
____________________ |
WINS node type |
Prevents unnecessary broadcast traffic. If the DHCP server has the option to set a WINS server, specify the WINS node type as hybrid or h-node (0x8). |
____________________ |
Moving the DHCP Server Service to the Computer Running Windows Small Business Server 2003
If you chose during Setup to use an existing device on the local network to assign IP addresses to client computers using DHCP, but you now want to use the DHCP Server service on the computer running Windows Small Business Server 2003, use the steps in the following procedure:
- Collect information about the scope options that are configured on the device currently running DHCP. (For example, if DHCP is currently running on a broadband router, follow the manufacturer’s instructions for viewing the DHCP server configuration.)
Description | Value |
---|---|
Starting IP address |
|
Ending IP address |
|
Subnet mask |
|
Excluded (or reserved) IP addresses |
|
Complete the form in the previous section, “DHCP Scope Options for an Existing DHCP Device.”
Disable the DHCP service on the device where it is currently running.
Install the DHCP Server service on the computer running Windows Small Business Server 2003.
- Click Start, point to Control Panel, and then click Add or Remove Programs.
- Click Add/Remove Windows Components.
- Select Networking Services, and then click Details.
- Click Dynamic Host Configuration Protocol (DHCP), and then click OK.
- Click Next, and then follow the instructions to complete the Windows Components Wizard.
Click Start, point to Administrative Tools, and then click DHCP.
In the console tree, click the DHCP server.
Right-click the DHCP server, click New Scope, and then complete the New Scope Wizard.
- On the Scope Name page, type SBS for the Name, and then type Local SBS network for the Description.
- On the IP Address Range page, enter the starting and ending IP addresses for the scope. It is recommended that you use the same range of IP addresses as on your existing DHCP server. Using the same range means you will not have to release and then renew the IP address of each client computer or change the IP address of the computer running Windows Small Business Server 2003.
- On the Add Exclusions page, enter any IP address that is a part of the range entered in Step 7b that is statically or manually assigned to a device on the network. For example, if a printer on the network has an IP address that never changes, this IP address should be listed as an exclusion.
- On the Lease Duration page, accept the default value.
- On the Configure DHCP Options page, click No, I will configure these options later.
- Follow the instructions to complete the New Scope Wizard.
Right-click the SBS scope that you just created in Step 7, and then click Activate.
Run the Configure E-mail and Internet Connection Wizard to automatically configure the necessary DHCP scope options.
- Click Start, and then click Server Management.
- In the console tree, click Internet and E-mail.
- In the details pane, click Connect to the Internet.
- On the Connection Type page, click Next to accept the connection type specified the last time the wizard was run.
- Until you reach the Firewall page, click Next on each wizard page to accept the settings specified the last time the wizard was run. On the Firewall page, accept the default of Do not change firewall configuration.
Note
The Firewall page does not appear if the server uses an external firewall and only one network adapter to connect to both the local network and the Internet.
On the Web Server Certificate page, accept the default of Do not change current Web server certificate.
On the Internet E-mail page, ensure that Do not change Internet e-mail configuration is selected.
Follow the instructions to complete the Configure E-mail and Internet Connection Wizard.