Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 259
  • Last Modified:

Win 2000 with multiple external NICs

Any help with this would be very appreciated!!

Let's say I have been assigned the following Public IPs from my ISP:

200.19.66.49 (primary IP allocated)
200.19.75.16 through to 200.19.75.23 (extras purchased)

My Win 2000 Server is hooked up to 200.19.66.49 and can see the internet OK.  Now what I want to do is to use the other IPs such that they are visible to the outside world and represent physically different machines.

I have installed an extra NIC in the server and bound the address 200.19.75.17 to it (the .16 is a broadcast address apparently so it can't be used)

So I have 2 NICs in the server both assigned to External IP addresses.

I also installed the routing and remote access in WIn2k to get the server to act as a router since the extra IPs are not on the same network (200.19.75.XXX rather than 200.19.66.XXX)

In another machine I have added a NIC an assigned the address 200.19.75.18.  This connects to the server NIC 200.19.75.17

The damn things don't seem to be talking to each other!

Anybody any ideas or alternatively any other suggestions on how else the network could be set up ?  I would like to use all the external IPs and also have some sort of private network using internal IPs.  A DMZ has been suggested before but I can't find any inof on how to set this up.


Thanks

Kurt
0
advansys
Asked:
advansys
1 Solution
 
jwalsh88Commented:
Well you really shouldn't be setup this way but if you insist this is how I would do it.  Setup the Windows 2000Svr machine with RRAS Install three NIC cards in the server.  One nic will for the internet and configured exactly the way you want it.  The other will be configured with a Private IP address like 10.0.2.1 255.255.255.0 and this will be your DMZ.  All machines you want the public internet to have any kind of access to at all will be connected to this port, usually through a hub or switch connected to this interface.  You will assign them IP addresses in this range of 10.0.2.2-10.0.2.254.  Then put a configure the third NIC in the server with the IP address 10.0.1.1 255.255.255.0 and this will be your internal network where you will actually have users.  Here is an example:

*********
Internet
*********
 ||
*********
200.19.66.49
 ||
Windows 2000 Server RRAS=10.0.2.1**==DMZ 10.0.2.2-254
 ||
10.0.1.1
*********
 ||
*********
HUB
*********
 ||
*********
10.0.1.2-10.0.1.254
Internal Network IP Range
*********

Now you will need to setup NAT in RRAS.  You will want to say use NAT to hide all the devices connected to the 10.0.1.1 interface behind the public address assigned to the interface connected to the internet, 200.19.66.49.  The Still using NAT say that you want to Statically translate each one of your public servers on the DMZ with it's own public IP from the range 200.19.75.17-23.

Now while this is the safest, most secure and ideal way of setting it up it might not be for you since its not the easiest and most simple.  But I would not put myself out on the internet, and by that I mean put your user(s) computer(s) easily accessible by internet users.  Thats why you hide them behind the NAT on the win2k server.  then you put any servers you might want to be accessed from the internet on the DMZ.  This creates a safe architecture.  This doesn't make it that much safer because you still don't have any security measures on the Windows 2K server like a firewall to restrict traffic.  But if you decide to do that you won't have to reconfigure everything.  
0
 
advansysAuthor Commented:
Thanks..

I have a firewall in place for the Public IPs so that should be OK.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now