Re: Dual Nic - Network Settings Advice
From: SuperGumby [SBS MVP] (not_at_your.nellie)
Date: 07/05/04
- Next message: Dirk-Thomas Brown: "Re: Massive memory usage on SBS 2003"
- Previous message: Henry Craven: "Re: Creating trust between SBS 2003 & 2000 server"
- In reply to: Stuart Mackie [MCP, MSP]: "Dual Nic - Network Settings Advice"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 6 Jul 2004 08:29:00 +1000
Hi Stuart,
it may be possible to do what you propose but it gets a little ugly. You
would need
Internet
|
|
Router
|
|----Point A
|
SBS External
SBS Internal
|
|---- to Point A
|
LAN
and as you can see the router must be able to handle the two subnets,
External and Internal. This normally requires the router to have two IP's on
it's LAN interface, or a tri-homed router (something like a Watchguard
Firebox).
Normal clients would get IP assignment via DHCP which would give the SBS as
default gateway. 'bypass' clients would need to be set at manual IP's and
use the router as default gateway.
I suppose the tri-homed firewall figure makes the most sense
Internet
|
|
Public IP
Tri-homed router ---- Internal 192.168.1.1
DMZ 10.0.0.1
|
|
SBS External 10.0.0.2
SBS Internal 192.168.1.2
|
|---- to Internal
|
LAN 182.168.1.10-254
"Stuart Mackie [MCP, MSP]" <me@--REMOVE_THIS--stu.uk.com> wrote in message
news:%23%23uaSjhYEHA.2816@TK2MSFTNGP11.phx.gbl...
> Hi. I am trying to achieve a slightly odd dual network card configuration
> with my sbs2k3 server and would appreciate any advice. At the minute all
> internal systems are connected via a 24 port switch to a hardware firewall
> which is then connected to our router. The server has a single nic with
> internal IP of 10.0.0.10 subnet 255.255.255.0, and the workstation range
> uses the same subnet with IP 10.0.0.30....100. All the internal systems
> therefore use the firewall as their gateway and are unrestricted to the
> internet/external network.
>
> What I want to achieve is a dual nic setup on the server (ISA will be used
> as well), but still allow certain clients direct unrestricted access to
the
> internet without having to go through the servers dual nic. I know this
is
> totally unusual but I would appreciate any advice on whether this is
> possible. My currently plan was to keep the current nic with
> 10.0.0.10/255.255.255.0 as the internal nic, and add a second nic with
> settings 10.0.1.10/255.255.255.0 as the external nic (i.e. the second nic
is
> on a different subnet). The hardware firewall will then be configured
with
> an exclusions list filter which says unless the client nic and MAC address
> are in the list below deny access. This then makes sure workstations
can't
> bypass the server dual nic for ISA etc, while still allowing the handful
of
> systems direct access to the external network without having to go through
> the server.
>
> My main concern was the choice of network card settings. From what I
> understand as long as the internal and external network cards are on
> different subnets, there shouldn't be any technical problem with doing
this
> ? If on the other hand we used something like 10.0.0.10/255.255.255.0 and
> 10.0.0.20/255.255.255.0 it wouldn't work becuase the network cards would
be
> on the same subnet ? Can anyone confirm whether this would or wouldn't
work
> ?
>
> --
> Thanks for any help,
> Stuart Mackie [MCP, MSP]
> www.stu.uk.com
>
>
- Next message: Dirk-Thomas Brown: "Re: Massive memory usage on SBS 2003"
- Previous message: Henry Craven: "Re: Creating trust between SBS 2003 & 2000 server"
- In reply to: Stuart Mackie [MCP, MSP]: "Dual Nic - Network Settings Advice"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
