Public IP on an internal server

Posted on 2005-05-06
Last Modified: 2012-06-27
** I'm giving max points for this! ** I'm doing a job for a real estate place and I'm no networking genius although I am pretty good with it. This is the setup they have: 3 servers, a T1 line going into an access point which is hooked to a 5 port switch which is hooked to a broadband router which goes into three 16 port switches. One of the servers, which is currently configured with a static internal IP and running Win2000 Server, is hooked into one of the 16 port switches. (this server holds software for the VOIP phone system which allows routing tables and other features to be used with the IP phones). It must now be made accessible to the internet so that a remote office with 3 of our IP phones can also use the routing software. The software comes with an option to define an external hostname as well as internal. I also forgot to mention that the router is configured with a static public IP and uses NAT and DHCP to connect the workstations to the internet; it is the gateway for the whole network. Now I need that server to bypass the router and its public ip so that I can configure a 2nd public IP just for that server so that the remote office can connect and use the software. What I did is install a new NIC into the server and connected it straight to the switch (which is right after the access point and right before the router). So now I'm kinda confused cause if I disable the network connection for the internal NIC, I'm still not getting internet on the 2nd NIC which I configured with a public IP. Does anyone know what I can do to get this thing running in the internal network as well as external? I know it's not the clearest question and thats cause I'm burnt out but if you have questions, ask them and I'll check back several times a day. Thanks so much for the help.
Question by:bluntz48
    LVL 10

    Expert Comment

    1) What type of router (it is not an "access point", though it may have an integrated wireless AP) is connected to the T1 line?  
    2) Do you have a public IP block that you control?  What is the subnet mask? (What is the IP address & mask on the broadband router?)
    3) Is it not possible to simply create a static translation and allow a port into the server using the broadband router? (It is not advisable to place a server directly on the Internet if it can be avoided)

    LVL 2

    Expert Comment

    If I read this correctly, right now the problem is that you have a server with dual NICs and the NICs are not working as expected?

    One common problem encountered when doing multiple NIC on a machine is internal routing. If you have two default gateways, one out each NIC, asymmetrical or suboptimal routing can cause problems.

    Now your explanation did confuse me. Lets call the VOIP Server Office the (SO) and the Remote Office the RO. Ok, so does the SO NAT all outbound connections to a single IP on the public Internet or does it use a public pool? Is the goal here for the AO users to have the ability to hit the SO VOIP Server?

    Hope I can help,
    LVL 5

    Expert Comment

    You need to configure the 2nd NIC (the one with the public IP) on the VOIP server with:
    - public IP address
    - subnet mask
    - default gateway
    - DNS server(s)

    If any of those things were missing or set wrong (e.g. your DNS was set to "obtain DNS info automatically"), you wouldn't get successful internet connectivity from the NIC with the public IP address.  If you don't have your ISP's DNS info handy, you should be able to use the same DNS settings as on the router.

    Author Comment

    To answer your questions, there is an access point and it is connected to the is a Netopia access point and is not wireless. As for the two gateways, I'm not sure which to use since the router is the usual gateway but in this case, I need it to bypass the router and its static ip so that the "SO" can have its own public ip. The goal is for the "RO" to be able to hit the "SO" thru the internet and gain access to the VOIP phone software. As for the last post, I understand all this but like I said, I'm not sure what the gateway should be set to. It almost seems like there shouldn't be a gateway except maybe for the access point. Correct me if I'm wrong, please...I'm only trying to learn. Thanks for the help so far.
    LVL 10

    Expert Comment

    I'm sorry, bluntz48, but we need to be clear about what type of devices you have and the physical topology.

    The term "access point" typically refers to a wireless device, not a router (though many consumer-grade routers have integrated access points and serve both roles).  The Netopia is probably your T1 router -- that is, a cable is directly connected to a DSU/CSU interface on the Netopia router from an NIU on the wall (this is your T1 circuit).  From the Netopia router, you are saying that you have a 5-port switch, then another broadband router (please specify type), and then (3) 16-port switches.  Please verify if the physical topology looks like the diagram below:

    T1 circuit----Netopia router----5-port switch----"broadband router"----16-port switch(es)- - -

    If the above topology is correct, you will connect your "public" server NIC to the 5-port switch.  It must be configured to use the Netopia router as its gateway, and you must have an available public IP address to assign to it.  You can determine your IP block by looking at the network settings on the WAN interface of your broadband router or the LAN interface on the Netopia router.  If the subnet used between these devices is private (10.x.x.x, 172.16.x.x, 192.168.x.x) or if the mask is only big enough for two hosts (, then you will need to contact your ISP for a usable IP address.  (Do you have access to the Netopia router, or is it managed by your ISP?)

    Please specify the details of your public IP block if you need further assistance.

    Author Comment

    Ok sorry I wasn't so clear but I'm just a networking guy...not an expert. To answer your questions ruddg, the reason I refer to it as an access point is because when you access the setup page it says Netopia Access Point( it is definately not wireless. It's got two ports on it and no more, one with the T1 in from the circuit and one with a cable out to the 5 port switch. This switch is plugged into various things and one of them is a plain little grey D-Link router. This router serves as the gateway for the servers ( It is plugged into one 16-port switch with 2 more uplinking to eachother. I'll be at the site later today and give you the specifics about the subnet mask but I can tell you they own a block of 10 IP's and I know which one I'm using. Your answer seems very reasonable and I will try it step by step soon as I get in there and report back to you. You do believe though that it will run seamlessly with 2 NIC's in a Windows 2000 Server? Even if they use different gateways and all that?
    LVL 10

    Accepted Solution

    Running a Windows 2000 server with two NICs (one public and one private) is not a problem.  However, the IP addressing that you are describing thus far is a problem.  If you are accessing the Netopia at, then it is using private address space on its LAN side interface and you cannot directly assign a public IP address to the server NIC.  In this scenario, if you have an IP block, it is being NATed on the Netopia router (or is not being used at all).  What purpose is the D-Link router serving exactly? (It is not presently a necessary device by the sound of it, but the following might change that...)

    If possible, reconfigure the Netopia router to use your public IP block on its LAN interface (assign the first usable IP address to the Netopia router, second to the D-Link router, third to the server, etc.)  Otherwise, the server only needs *one* NIC and can use its regular private IP address, while the Netopia router must be configured to NAT one public address to the private address of the server and allow the traffic that is required for your VOIP communications.  This is actually the preferred method, since it lessens the exposure of the server to the Internet.

    What is the IP subnet that resides on the "inside" of the D-Link router?

    Author Comment

    Ok...I figured it all out by myself in the end although ruddg did guide me in the right direction by making me re-think the scenario. I ended up getting on the D-Link router which is actually set up with a public and performs NAT for all the workstations and I got the ISP's gateway from there and set that up on the second NIC. The netopia router was not actually configured with that local IP I gave you, I was mistaken. I connected the 2nd NIC directly to the switch and also configured it with the public IP I had reserved for it and entered the ISP's DNS servers. After this, I was able to get an internet connection and access the server's sub directories which in turn allowed me access to the web client for the phones. I tested and everything is good. Thanks alot for your help!!

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Suggested Solutions

    #Citrix #Citrix Netscaler #HTTP Compression #Load Balance
    Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now