Solved

Win 2000 with multiple external NICs

Posted on 2001-06-20
2
245 Views
Last Modified: 2010-04-11
Any help with this would be very appreciated!!

Let's say I have been assigned the following Public IPs from my ISP:

200.19.66.49 (primary IP allocated)
200.19.75.16 through to 200.19.75.23 (extras purchased)

My Win 2000 Server is hooked up to 200.19.66.49 and can see the internet OK.  Now what I want to do is to use the other IPs such that they are visible to the outside world and represent physically different machines.

I have installed an extra NIC in the server and bound the address 200.19.75.17 to it (the .16 is a broadcast address apparently so it can't be used)

So I have 2 NICs in the server both assigned to External IP addresses.

I also installed the routing and remote access in WIn2k to get the server to act as a router since the extra IPs are not on the same network (200.19.75.XXX rather than 200.19.66.XXX)

In another machine I have added a NIC an assigned the address 200.19.75.18.  This connects to the server NIC 200.19.75.17

The damn things don't seem to be talking to each other!

Anybody any ideas or alternatively any other suggestions on how else the network could be set up ?  I would like to use all the external IPs and also have some sort of private network using internal IPs.  A DMZ has been suggested before but I can't find any inof on how to set this up.


Thanks

Kurt
0
Comment
Question by:advansys
2 Comments
 
LVL 4

Accepted Solution

by:
jwalsh88 earned 300 total points
Comment Utility
Well you really shouldn't be setup this way but if you insist this is how I would do it.  Setup the Windows 2000Svr machine with RRAS Install three NIC cards in the server.  One nic will for the internet and configured exactly the way you want it.  The other will be configured with a Private IP address like 10.0.2.1 255.255.255.0 and this will be your DMZ.  All machines you want the public internet to have any kind of access to at all will be connected to this port, usually through a hub or switch connected to this interface.  You will assign them IP addresses in this range of 10.0.2.2-10.0.2.254.  Then put a configure the third NIC in the server with the IP address 10.0.1.1 255.255.255.0 and this will be your internal network where you will actually have users.  Here is an example:

*********
Internet
*********
 ||
*********
200.19.66.49
 ||
Windows 2000 Server RRAS=10.0.2.1**==DMZ 10.0.2.2-254
 ||
10.0.1.1
*********
 ||
*********
HUB
*********
 ||
*********
10.0.1.2-10.0.1.254
Internal Network IP Range
*********

Now you will need to setup NAT in RRAS.  You will want to say use NAT to hide all the devices connected to the 10.0.1.1 interface behind the public address assigned to the interface connected to the internet, 200.19.66.49.  The Still using NAT say that you want to Statically translate each one of your public servers on the DMZ with it's own public IP from the range 200.19.75.17-23.

Now while this is the safest, most secure and ideal way of setting it up it might not be for you since its not the easiest and most simple.  But I would not put myself out on the internet, and by that I mean put your user(s) computer(s) easily accessible by internet users.  Thats why you hide them behind the NAT on the win2k server.  then you put any servers you might want to be accessed from the internet on the DMZ.  This creates a safe architecture.  This doesn't make it that much safer because you still don't have any security measures on the Windows 2K server like a firewall to restrict traffic.  But if you decide to do that you won't have to reconfigure everything.  
0
 

Author Comment

by:advansys
Comment Utility
Thanks..

I have a firewall in place for the Public IPs so that should be OK.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Article by: IanTh
Hi Guys After a whole weekend getting wake on lan over the internet working, I thought I would share the experience. Your firewall has to have a port forward for port 9 udp to your local broadcast x.x.x.255 but if that doesnt work, do it to a …
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now