bluntz48
asked on
Public IP on an internal server
** I'm giving max points for this! ** I'm doing a job for a real estate place and I'm no networking genius although I am pretty good with it. This is the setup they have: 3 servers, a T1 line going into an access point which is hooked to a 5 port switch which is hooked to a broadband router which goes into three 16 port switches. One of the servers, which is currently configured with a static internal IP and running Win2000 Server, is hooked into one of the 16 port switches. (this server holds software for the VOIP phone system which allows routing tables and other features to be used with the IP phones). It must now be made accessible to the internet so that a remote office with 3 of our IP phones can also use the routing software. The software comes with an option to define an external hostname as well as internal. I also forgot to mention that the router is configured with a static public IP and uses NAT and DHCP to connect the workstations to the internet; it is the gateway for the whole network. Now I need that server to bypass the router and its public ip so that I can configure a 2nd public IP just for that server so that the remote office can connect and use the software. What I did is install a new NIC into the server and connected it straight to the switch (which is right after the access point and right before the router). So now I'm kinda confused cause if I disable the network connection for the internal NIC, I'm still not getting internet on the 2nd NIC which I configured with a public IP. Does anyone know what I can do to get this thing running in the internal network as well as external? I know it's not the clearest question and thats cause I'm burnt out but if you have questions, ask them and I'll check back several times a day. Thanks so much for the help.
If I read this correctly, right now the problem is that you have a server with dual NICs and the NICs are not working as expected?
One common problem encountered when doing multiple NIC on a machine is internal routing. If you have two default gateways, one out each NIC, asymmetrical or suboptimal routing can cause problems.
Now your explanation did confuse me. Lets call the VOIP Server Office the (SO) and the Remote Office the RO. Ok, so does the SO NAT all outbound connections to a single IP on the public Internet or does it use a public pool? Is the goal here for the AO users to have the ability to hit the SO VOIP Server?
Hope I can help,
james
One common problem encountered when doing multiple NIC on a machine is internal routing. If you have two default gateways, one out each NIC, asymmetrical or suboptimal routing can cause problems.
Now your explanation did confuse me. Lets call the VOIP Server Office the (SO) and the Remote Office the RO. Ok, so does the SO NAT all outbound connections to a single IP on the public Internet or does it use a public pool? Is the goal here for the AO users to have the ability to hit the SO VOIP Server?
Hope I can help,
james
You need to configure the 2nd NIC (the one with the public IP) on the VOIP server with:
- public IP address
- subnet mask
- default gateway
- DNS server(s)
If any of those things were missing or set wrong (e.g. your DNS was set to "obtain DNS info automatically"), you wouldn't get successful internet connectivity from the NIC with the public IP address. If you don't have your ISP's DNS info handy, you should be able to use the same DNS settings as on the router.
- public IP address
- subnet mask
- default gateway
- DNS server(s)
If any of those things were missing or set wrong (e.g. your DNS was set to "obtain DNS info automatically"), you wouldn't get successful internet connectivity from the NIC with the public IP address. If you don't have your ISP's DNS info handy, you should be able to use the same DNS settings as on the router.
ASKER
To answer your questions, there is an access point and it is connected to the router...it is a Netopia access point and is not wireless. As for the two gateways, I'm not sure which to use since the router is the usual gateway but in this case, I need it to bypass the router and its static ip so that the "SO" can have its own public ip. The goal is for the "RO" to be able to hit the "SO" thru the internet and gain access to the VOIP phone software. As for the last post, I understand all this but like I said, I'm not sure what the gateway should be set to. It almost seems like there shouldn't be a gateway except maybe for the access point. Correct me if I'm wrong, please...I'm only trying to learn. Thanks for the help so far.
I'm sorry, bluntz48, but we need to be clear about what type of devices you have and the physical topology.
The term "access point" typically refers to a wireless device, not a router (though many consumer-grade routers have integrated access points and serve both roles). The Netopia is probably your T1 router -- that is, a cable is directly connected to a DSU/CSU interface on the Netopia router from an NIU on the wall (this is your T1 circuit). From the Netopia router, you are saying that you have a 5-port switch, then another broadband router (please specify type), and then (3) 16-port switches. Please verify if the physical topology looks like the diagram below:
T1 circuit----Netopia router----5-port switch----"broadband router"----16-port switch(es)- - -
If the above topology is correct, you will connect your "public" server NIC to the 5-port switch. It must be configured to use the Netopia router as its gateway, and you must have an available public IP address to assign to it. You can determine your IP block by looking at the network settings on the WAN interface of your broadband router or the LAN interface on the Netopia router. If the subnet used between these devices is private (10.x.x.x, 172.16.x.x, 192.168.x.x) or if the mask is only big enough for two hosts (255.255.255.252), then you will need to contact your ISP for a usable IP address. (Do you have access to the Netopia router, or is it managed by your ISP?)
Please specify the details of your public IP block if you need further assistance.
The term "access point" typically refers to a wireless device, not a router (though many consumer-grade routers have integrated access points and serve both roles). The Netopia is probably your T1 router -- that is, a cable is directly connected to a DSU/CSU interface on the Netopia router from an NIU on the wall (this is your T1 circuit). From the Netopia router, you are saying that you have a 5-port switch, then another broadband router (please specify type), and then (3) 16-port switches. Please verify if the physical topology looks like the diagram below:
T1 circuit----Netopia router----5-port switch----"broadband router"----16-port switch(es)- - -
If the above topology is correct, you will connect your "public" server NIC to the 5-port switch. It must be configured to use the Netopia router as its gateway, and you must have an available public IP address to assign to it. You can determine your IP block by looking at the network settings on the WAN interface of your broadband router or the LAN interface on the Netopia router. If the subnet used between these devices is private (10.x.x.x, 172.16.x.x, 192.168.x.x) or if the mask is only big enough for two hosts (255.255.255.252), then you will need to contact your ISP for a usable IP address. (Do you have access to the Netopia router, or is it managed by your ISP?)
Please specify the details of your public IP block if you need further assistance.
ASKER
Ok sorry I wasn't so clear but I'm just a networking guy...not an expert. To answer your questions ruddg, the reason I refer to it as an access point is because when you access the setup page it says Netopia Access Point(192.168.10.2)...and it is definately not wireless. It's got two ports on it and no more, one with the T1 in from the circuit and one with a cable out to the 5 port switch. This switch is plugged into various things and one of them is a plain little grey D-Link router. This router serves as the gateway for the servers (192.168.10.10). It is plugged into one 16-port switch with 2 more uplinking to eachother. I'll be at the site later today and give you the specifics about the subnet mask but I can tell you they own a block of 10 IP's and I know which one I'm using. Your answer seems very reasonable and I will try it step by step soon as I get in there and report back to you. You do believe though that it will run seamlessly with 2 NIC's in a Windows 2000 Server? Even if they use different gateways and all that?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok...I figured it all out by myself in the end although ruddg did guide me in the right direction by making me re-think the scenario. I ended up getting on the D-Link router which is actually set up with a public and performs NAT for all the workstations and I got the ISP's gateway from there and set that up on the second NIC. The netopia router was not actually configured with that local IP I gave you, I was mistaken. I connected the 2nd NIC directly to the switch and also configured it with the public IP I had reserved for it and entered the ISP's DNS servers. After this, I was able to get an internet connection and access the server's sub directories which in turn allowed me access to the web client for the phones. I tested and everything is good. Thanks alot for your help!!
2) Do you have a public IP block that you control? What is the subnet mask? (What is the IP address & mask on the broadband router?)
3) Is it not possible to simply create a static translation and allow a port into the server using the broadband router? (It is not advisable to place a server directly on the Internet if it can be avoided)