Re: One computer on 2 networks

Hi everybody again. Here's my scenario:



.. I work with a mid size company that limits almost every port, in or out,
with the exception of port 80. In my location, we have about 1,500 PCs. I
don't work in the Network Admin Dept. I'm a developer.

.. I am working on a project where we need to expose to the internet the
following services: a Web Server, VPN Server, Remote Desktop. I'm using a
Windows 2003 Server, to do that.

.. Network Dept, didn't accept to open the ports we need for the project, but
the company agreed on getting a separate internet service of 2 MB so, I now
have two different connections. (I know, so much for the security.)

.. I still need access to company's LAN resources: 2 printers, 2 web servers
in the intranet, a file server, a POP3 server

.. That's why my 2003 server ended up with two NICS, without the need for a
router / gateway: To access LAN resources, I use NIC1. To access internet
"freely", I use NIC2.



I agree this is not the best solution. Any suggestion to improve this setup?



Again, thank you all for your help



Have a great day,



Frank



PS: I am putting this as a new post because, now, the question changed.
Thanks to everybody for the solution to my previous problem.






"Phillip Windell" <philwindell@xxxxxxxxxxx> wrote in message
news:et3MDLQgHHA.3424@xxxxxxxxxxxxxxxxxxxxxxx
Hi Guys,

I think a question should have been asked at the beginning.
Why is there two nics in the server to begin with? Normally this is just
flatout a bad design,...there is pretty much never ever a need for two
nics in a
server unless there is Nic teaming being done or the server is acting as a
LAN
Router or Internet Firewall/Proxy.

If the goal is to have a clean, properly designed, and effiecient network
that
is the first thing that should be looked at.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or
Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------

"grep" <grep@xxxxxxxxxxxxx> wrote in message
news:eEivr2OgHHA.4188@xxxxxxxxxxxxxxxxxxxxxxx
In Frank's case, since there are multiple 172 networks involved, it would
be
easiest to do the latter, but Bill, be mindful of the RFC which creates
the
172.x.x.x private network (RFC-1918, if you're interested). Not *all* 172
networks are private - only the range between 16 and 31. By using
172.0.0.0
with the mask 255.0.0.0, Frank will be prventing himself from getting to
an
address at, say, 172.45.72.102 because it will try to route him to his
internal router.

So the correct route add syntax would be:

route add -p 172.16.0.0 255.240.0.0 172.30.204.100

Bill is right about leaving your default gateway as your Internet router,
on
NIC2.

grep

Bill Grant wrote:
You can only have one default gateway, and that should be out to the
Internet. The gateway setting on the 172.30 NIC should be blank.

To get traffic for 172. addresses to a different router you should
only
need one static route. If they were all 172.30 addresses you would use

route add -p 172.30.0.0 255.255.0.0 <router IP>

If they are not all 172.30 you need to use a shorter network mask
(so
that it covers more addresses). To redirect all packets beginning with
172
you would use

route add -p 172.0.0.0 255.0.0.0 <router IP>

"John Francisco Williams" <JohnFranciscoWilliams1010@xxxxxxxxx> wrote in
message news:%23alCt5HgHHA.4704@xxxxxxxxxxxxxxxxxxxxxxx

Grep,

Thanks a lot for your help. The default gateway in the LAN where NIC1
is, is
172.30.204.100. Is that the one you suggest me to use? Sorry to bother:
How
exactly would the Route Add sentence be?

Thanks again,

Frank

"grep" <grep@xxxxxxxxxxxxx> wrote in message
news:eOy4zQGgHHA.1220@xxxxxxxxxxxxxxxxxxxxxxx

Hey Frank,

For your internal networking issue, the deal is that your mask
(255.255.252.0) says that subnetting your class B network (172.30.0.0)
into
6 subnets. i.e. 172.30.0.0 is a different network than 172.30.8.0. And
you
say that you have hosts in networks that aren't even in 172.30.0.0
space.

Now when you cross over any network boundary, you need to have a router
(aka
gateway.) When you try to go from 172.30.0.5 to 172.30.16.7 or
172.22.0.129,
your machine is going to know (because of the mask) that those machines
are
not on its network. Since they aren't on its network, it doesn't know
how to
find them, unless you tell it.

There are effectively two ways you can tell it:
1. Adding static routes for your other network, and pointing them
toward the
appropriate router(s) to reach them.

2. Setting your default route to the local router, and let it direct
your
traffic.

In your case, you can't do the latter because you can only have one
default
route on a machine, and yours must point to the Internet gateway.

Probably the easiest thing to do for you would be to add a route to
172.16.0.0 255.240.0.0 and point it to your local router on the NIC1
side.
(I'm assuming, of course, that you have one router to which you direct
all
the internal network routes anyway.)

Good luck!

grep

John Francisco Williams wrote:

Hi All,

I have a computer that has 2 NICs, each connecting to a different
network.

NIC1:
172.30.204.100 Static
255.225.252.0

NIC2:
192.168.1.10 Static
255.255.255.0
Def Gateway: 192.168.1.254

Through NIC1, I need to have access to LAN resources: 2 printers, 2
web
servers in the intranet, a file server, a POP3 server. Those resources
are
all 172.x.x.x. NOT all of them are 172.30.x.x

Through NIC2, I need to have access to the internet.

Access to internet through NIC2, is working well but, to have access
to the
LAN resources, through NIC1, I've been having to do manual route add,
for
each resource. Resources are added constantly. All I know of these
resources, is that they all start with 172.... (this looks like a Cert
exam!! :-D ) . My question: Is what I've been doing (Route Add), the
correct solution or, is there a better way to do it? There's probably
more
information missing here (my apologies for that). If that's the case,
please, let me know what other information is needed, to find an
answer.

One other thing: When I tried to enter a default gateway for NIC1,
while
keeping the one for NIC2, I got an error message stating that I should
only
have one default gateway and, effectively, network communication
fails, if
I keep both.

Thank you all for the help. Have a great day,

Frank






.

Relevant Pages

  • Re: Outgoing POP3 email missing/lost/not received
    ... ISP's mail server instead of the domain name on the ... SUMMARY OF SETTINGS FOR CONFIGURE E-MAIL AND INTERNET ... Internet Connection Wizard. ... After the wizard completes, the following network connection ...
    (microsoft.public.windows.server.sbs)
  • Re: Connect the SBS to a remote IIS for Internet Printing
    ... the server can access the Internet with no problems at all. ... Checking network connection, and after a few seconds it says The ... the problem is cause by the configuration of ISA. ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA 2006 Basic Configuration
    ... Why would we point Preferred DNS to itself? ... Configuring the Internal Network Interface ... In the Internet Protocol Properties dialog box, ... Select the Use the following DNS server addresses option. ...
    (microsoft.public.isa.configuration)
  • Re: One computer on 2 networks
    ... On the server take the new "internet Nic" and set it up properly for the ... Create a static route in the OS's routing table that uses the LAN Router ... don't work in the Network Admin Dept. I'm a developer. ...
    (microsoft.public.windows.server.networking)
  • Re: SBS 2003 (no SP) - file saving over network suddenly very slow
    ... > resources turn to be slow in SBS 2003 environment. ... > the SBS server box? ... > Norton Internet Security, Norton System Works, and Norton Anti-Virus etc. ... > II Please ensure proper binding order of the network adapter cards. ...
    (microsoft.public.windows.server.sbs)