Solved

Win 2000 with multiple external NICs

Posted on 2001-06-20
2
248 Views
Last Modified: 2010-04-11
Any help with this would be very appreciated!!

Let's say I have been assigned the following Public IPs from my ISP:

200.19.66.49 (primary IP allocated)
200.19.75.16 through to 200.19.75.23 (extras purchased)

My Win 2000 Server is hooked up to 200.19.66.49 and can see the internet OK.  Now what I want to do is to use the other IPs such that they are visible to the outside world and represent physically different machines.

I have installed an extra NIC in the server and bound the address 200.19.75.17 to it (the .16 is a broadcast address apparently so it can't be used)

So I have 2 NICs in the server both assigned to External IP addresses.

I also installed the routing and remote access in WIn2k to get the server to act as a router since the extra IPs are not on the same network (200.19.75.XXX rather than 200.19.66.XXX)

In another machine I have added a NIC an assigned the address 200.19.75.18.  This connects to the server NIC 200.19.75.17

The damn things don't seem to be talking to each other!

Anybody any ideas or alternatively any other suggestions on how else the network could be set up ?  I would like to use all the external IPs and also have some sort of private network using internal IPs.  A DMZ has been suggested before but I can't find any inof on how to set this up.


Thanks

Kurt
0
Comment
Question by:advansys
2 Comments
 
LVL 4

Accepted Solution

by:
jwalsh88 earned 300 total points
ID: 6209923
Well you really shouldn't be setup this way but if you insist this is how I would do it.  Setup the Windows 2000Svr machine with RRAS Install three NIC cards in the server.  One nic will for the internet and configured exactly the way you want it.  The other will be configured with a Private IP address like 10.0.2.1 255.255.255.0 and this will be your DMZ.  All machines you want the public internet to have any kind of access to at all will be connected to this port, usually through a hub or switch connected to this interface.  You will assign them IP addresses in this range of 10.0.2.2-10.0.2.254.  Then put a configure the third NIC in the server with the IP address 10.0.1.1 255.255.255.0 and this will be your internal network where you will actually have users.  Here is an example:

*********
Internet
*********
 ||
*********
200.19.66.49
 ||
Windows 2000 Server RRAS=10.0.2.1**==DMZ 10.0.2.2-254
 ||
10.0.1.1
*********
 ||
*********
HUB
*********
 ||
*********
10.0.1.2-10.0.1.254
Internal Network IP Range
*********

Now you will need to setup NAT in RRAS.  You will want to say use NAT to hide all the devices connected to the 10.0.1.1 interface behind the public address assigned to the interface connected to the internet, 200.19.66.49.  The Still using NAT say that you want to Statically translate each one of your public servers on the DMZ with it's own public IP from the range 200.19.75.17-23.

Now while this is the safest, most secure and ideal way of setting it up it might not be for you since its not the easiest and most simple.  But I would not put myself out on the internet, and by that I mean put your user(s) computer(s) easily accessible by internet users.  Thats why you hide them behind the NAT on the win2k server.  then you put any servers you might want to be accessed from the internet on the DMZ.  This creates a safe architecture.  This doesn't make it that much safer because you still don't have any security measures on the Windows 2K server like a firewall to restrict traffic.  But if you decide to do that you won't have to reconfigure everything.  
0
 

Author Comment

by:advansys
ID: 6210122
Thanks..

I have a firewall in place for the Public IPs so that should be OK.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question