Solved

Win 2000 with multiple external NICs

Posted on 2001-06-20
2
251 Views
Last Modified: 2010-04-11
Any help with this would be very appreciated!!

Let's say I have been assigned the following Public IPs from my ISP:

200.19.66.49 (primary IP allocated)
200.19.75.16 through to 200.19.75.23 (extras purchased)

My Win 2000 Server is hooked up to 200.19.66.49 and can see the internet OK.  Now what I want to do is to use the other IPs such that they are visible to the outside world and represent physically different machines.

I have installed an extra NIC in the server and bound the address 200.19.75.17 to it (the .16 is a broadcast address apparently so it can't be used)

So I have 2 NICs in the server both assigned to External IP addresses.

I also installed the routing and remote access in WIn2k to get the server to act as a router since the extra IPs are not on the same network (200.19.75.XXX rather than 200.19.66.XXX)

In another machine I have added a NIC an assigned the address 200.19.75.18.  This connects to the server NIC 200.19.75.17

The damn things don't seem to be talking to each other!

Anybody any ideas or alternatively any other suggestions on how else the network could be set up ?  I would like to use all the external IPs and also have some sort of private network using internal IPs.  A DMZ has been suggested before but I can't find any inof on how to set this up.


Thanks

Kurt
0
Comment
Question by:advansys
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 4

Accepted Solution

by:
jwalsh88 earned 300 total points
ID: 6209923
Well you really shouldn't be setup this way but if you insist this is how I would do it.  Setup the Windows 2000Svr machine with RRAS Install three NIC cards in the server.  One nic will for the internet and configured exactly the way you want it.  The other will be configured with a Private IP address like 10.0.2.1 255.255.255.0 and this will be your DMZ.  All machines you want the public internet to have any kind of access to at all will be connected to this port, usually through a hub or switch connected to this interface.  You will assign them IP addresses in this range of 10.0.2.2-10.0.2.254.  Then put a configure the third NIC in the server with the IP address 10.0.1.1 255.255.255.0 and this will be your internal network where you will actually have users.  Here is an example:

*********
Internet
*********
 ||
*********
200.19.66.49
 ||
Windows 2000 Server RRAS=10.0.2.1**==DMZ 10.0.2.2-254
 ||
10.0.1.1
*********
 ||
*********
HUB
*********
 ||
*********
10.0.1.2-10.0.1.254
Internal Network IP Range
*********

Now you will need to setup NAT in RRAS.  You will want to say use NAT to hide all the devices connected to the 10.0.1.1 interface behind the public address assigned to the interface connected to the internet, 200.19.66.49.  The Still using NAT say that you want to Statically translate each one of your public servers on the DMZ with it's own public IP from the range 200.19.75.17-23.

Now while this is the safest, most secure and ideal way of setting it up it might not be for you since its not the easiest and most simple.  But I would not put myself out on the internet, and by that I mean put your user(s) computer(s) easily accessible by internet users.  Thats why you hide them behind the NAT on the win2k server.  then you put any servers you might want to be accessed from the internet on the DMZ.  This creates a safe architecture.  This doesn't make it that much safer because you still don't have any security measures on the Windows 2K server like a firewall to restrict traffic.  But if you decide to do that you won't have to reconfigure everything.  
0
 

Author Comment

by:advansys
ID: 6210122
Thanks..

I have a firewall in place for the Public IPs so that should be OK.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question