Re: One computer on 2 networks
- From: "Phillip Windell" <philwindell@xxxxxxxxxxx>
- Date: Tue, 17 Apr 2007 21:14:46 -0500
I'm getting ready to leave for the day, but here's a "quicky". We can chat more
tomorrow if need be.
1. On the server take the new "internet Nic" and set it up properly for the new
internet connection. But do not give it DNS Settings. Your DNS needs to stay
what it always has been.
2. Remove the Default Gateway from the regular LAN Nic.
3. Create a static route in the OS's routing table that uses the LAN Router (the
original default gateway?) as the path the the rest of the LAN.
These examples would handle all the RFC private ranges using only three routes:
c:\> route add -p 10.0.0.0 mask 255.0.0.0 <IP of LAN router>
c:\> route add -p 172.16.0.0 mask 255.240.0.0 <IP of LAN router>
c:\> route add -p 192.168.0.0 mask 255.255.0.0 <IP of LAN router>
So all the RFC Private address destinations will always use the LAN but all the
Public
Destinations will use the internet connection.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------
"John Francisco Williams" <JohnFranciscoWilliams1010@xxxxxxxxx> wrote in message
news:%23WYawLVgHHA.4936@xxxxxxxxxxxxxxxxxxxxxxx
Hi everybody again. Here's my scenario:
. I work with a mid size company that limits almost every port, in or out,
with the exception of port 80. In my location, we have about 1,500 PCs. I
don't work in the Network Admin Dept. I'm a developer.
. I am working on a project where we need to expose to the internet the
following services: a Web Server, VPN Server, Remote Desktop. I'm using a
Windows 2003 Server, to do that.
. Network Dept, didn't accept to open the ports we need for the project, but
the company agreed on getting a separate internet service of 2 MB so, I now
have two different connections. (I know, so much for the security.)
. I still need access to company's LAN resources: 2 printers, 2 web servers in
the intranet, a file server, a POP3 server
. That's why my 2003 server ended up with two NICS, without the need for a
router / gateway: To access LAN resources, I use NIC1. To access internet
"freely", I use NIC2.
I agree this is not the best solution. Any suggestion to improve this setup?
Again, thank you all for your help
Have a great day,
Frank
PS: I am putting this as a new post because, now, the question changed. Thanks
to everybody for the solution to my previous problem.
"Phillip Windell" <philwindell@xxxxxxxxxxx> wrote in message
news:et3MDLQgHHA.3424@xxxxxxxxxxxxxxxxxxxxxxx
Hi Guys,
I think a question should have been asked at the beginning.
Why is there two nics in the server to begin with? Normally this is just
flatout a bad design,...there is pretty much never ever a need for two nics
in a
server unless there is Nic teaming being done or the server is acting as a
LAN
Router or Internet Firewall/Proxy.
If the goal is to have a clean, properly designed, and effiecient network
that
is the first thing that should be looked at.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or
anyone else associated with me, including my cats.
-----------------------------------------------------
"grep" <grep@xxxxxxxxxxxxx> wrote in message
news:eEivr2OgHHA.4188@xxxxxxxxxxxxxxxxxxxxxxx
In Frank's case, since there are multiple 172 networks involved, it would be
easiest to do the latter, but Bill, be mindful of the RFC which creates the
172.x.x.x private network (RFC-1918, if you're interested). Not *all* 172
networks are private - only the range between 16 and 31. By using 172.0.0.0
with the mask 255.0.0.0, Frank will be prventing himself from getting to an
address at, say, 172.45.72.102 because it will try to route him to his
internal router.
So the correct route add syntax would be:
route add -p 172.16.0.0 255.240.0.0 172.30.204.100
Bill is right about leaving your default gateway as your Internet router, on
NIC2.
grep
Bill Grant wrote:
You can only have one default gateway, and that should be out to the
Internet. The gateway setting on the 172.30 NIC should be blank.
To get traffic for 172. addresses to a different router you should only
need one static route. If they were all 172.30 addresses you would use
route add -p 172.30.0.0 255.255.0.0 <router IP>
If they are not all 172.30 you need to use a shorter network mask (so
that it covers more addresses). To redirect all packets beginning with 172
you would use
route add -p 172.0.0.0 255.0.0.0 <router IP>
"John Francisco Williams" <JohnFranciscoWilliams1010@xxxxxxxxx> wrote in
message news:%23alCt5HgHHA.4704@xxxxxxxxxxxxxxxxxxxxxxx
Grep,
Thanks a lot for your help. The default gateway in the LAN where NIC1 is,
is
172.30.204.100. Is that the one you suggest me to use? Sorry to bother: How
exactly would the Route Add sentence be?
Thanks again,
Frank
"grep" <grep@xxxxxxxxxxxxx> wrote in message
news:eOy4zQGgHHA.1220@xxxxxxxxxxxxxxxxxxxxxxx
Hey Frank,
For your internal networking issue, the deal is that your mask
(255.255.252.0) says that subnetting your class B network (172.30.0.0)
into
6 subnets. i.e. 172.30.0.0 is a different network than 172.30.8.0. And you
say that you have hosts in networks that aren't even in 172.30.0.0 space.
Now when you cross over any network boundary, you need to have a router
(aka
gateway.) When you try to go from 172.30.0.5 to 172.30.16.7 or
172.22.0.129,
your machine is going to know (because of the mask) that those machines
are
not on its network. Since they aren't on its network, it doesn't know how
to
find them, unless you tell it.
There are effectively two ways you can tell it:
1. Adding static routes for your other network, and pointing them toward
the
appropriate router(s) to reach them.
2. Setting your default route to the local router, and let it direct your
traffic.
In your case, you can't do the latter because you can only have one
default
route on a machine, and yours must point to the Internet gateway.
Probably the easiest thing to do for you would be to add a route to
172.16.0.0 255.240.0.0 and point it to your local router on the NIC1 side.
(I'm assuming, of course, that you have one router to which you direct all
the internal network routes anyway.)
Good luck!
grep
John Francisco Williams wrote:
Hi All,
I have a computer that has 2 NICs, each connecting to a different
network.
NIC1:
172.30.204.100 Static
255.225.252.0
NIC2:
192.168.1.10 Static
255.255.255.0
Def Gateway: 192.168.1.254
Through NIC1, I need to have access to LAN resources: 2 printers, 2 web
servers in the intranet, a file server, a POP3 server. Those resources
are
all 172.x.x.x. NOT all of them are 172.30.x.x
Through NIC2, I need to have access to the internet.
Access to internet through NIC2, is working well but, to have access to
the
LAN resources, through NIC1, I've been having to do manual route add, for
each resource. Resources are added constantly. All I know of these
resources, is that they all start with 172.... (this looks like a Cert
exam!! :-D ) . My question: Is what I've been doing (Route Add), the
correct solution or, is there a better way to do it? There's probably
more
information missing here (my apologies for that). If that's the case,
please, let me know what other information is needed, to find an answer.
One other thing: When I tried to enter a default gateway for NIC1, while
keeping the one for NIC2, I got an error message stating that I should
only
have one default gateway and, effectively, network communication fails,
if
I keep both.
Thank you all for the help. Have a great day,
Frank
.
- Follow-Ups:
- Re: One computer on 2 networks
- From: Bill Grant
- Re: One computer on 2 networks
- References:
- Re: One computer on 2 networks
- From: John Francisco Williams
- Re: One computer on 2 networks
- Prev by Date: Re: One computer on 2 networks
- Next by Date: Re: RRAS dialup server not routing dialup clients to LAN resources
- Previous by thread: Re: One computer on 2 networks
- Next by thread: Re: One computer on 2 networks
- Index(es):
Relevant Pages
|
