2 NIC Not Talking

Posted on 2006-04-11
Last Modified: 2011-09-20
I want to install a second NIC in a PC, so the PC can talk to both networks.
NIC-A is attached to production network
NIC-B is attached to admin network that's on the internet.
Question: Running XP SP2 how do I ensure that this PC DOESN'T bridge the networks internally?
Question by:rlbeasley
    LVL 15

    Expert Comment

    1. Make sure RRAS is disabled
    2. Manually set this registry setting: (if necessary)
    IPEnableRouter = 0
    LVL 18

    Expert Comment

    there not going to be bridged unless you bridge them, and they become one unit, a network bridge.  The trick to doing this and obtainting the results you want is clever route commands.
    splain more and draw a quick diagram we'll help with route commands needed to make it all work
    LVL 15

    Accepted Solution

    Not bridging network connections still allow the possibility of traffic passing from one network to the other.  I think the author may have accidently used the wrong term.  I believe he is looking to prevent traffic from his admin network from ever interfering with the production network.

    Bridging network connections will allow Layer2 broadcasts to pass transparently across the NICs, which allows a single IP subnet across multiple segments.  If you want to keep your networks seperate, then you definately don't want to do this.  If you are also looking to make sure that your production network isn't exposed to internet traffic, you will have to turn off the routing capabilities.  Also make sure that NIC-B has a default gateway but NIC-A does not.

    If you are looking to keep malicious software out of your production network though, there is one problem with this setup.  The computer that has 2 NICs (multihomed) runs the risk of being infected by some nasty program thru NIC-B.  It can then spread to the production network thru NIC-A and it won't technically be passing from one NIC to the other.  It will actually be originating with the infected machine which is technically part of the production network.

    Author Comment

    What if I was to install something like ZoneAlarm on the PC.  Work it affective block anything to the production network, expect for the PC itself.
    LVL 15

    Expert Comment

    That's not really what zonealarm is for.  Although ZoneAlarm is very configurable and highly effective.  The only sure way to protect a network is to ensure that no computer on it has access to another un-protected network.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now