Public and Private IP add on same network card

I have a couple of servers who have public Ip addresses and I would like to keep them that way, however I want my internal workstations to still be able to browse to them, is there any problem with giving the server an additional Invalid IP on the same network card as the external, will this cause any type of problem
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Juan OcasioApplication DeveloperCommented:
As I mentioned in my post to your other question, you should add another NIC card instead.  This way you'll have your internal and external IP addresses assigned to different cards.
focusenAuthor Commented:
Currently I do not have 2 network cards for this machine.  And I need this setup right away.
This is a duplicate question?
See my post in your other Q
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

I agree with going with the two network cards. We have a similar setup at work. The setup is:

T1 --> Cisco Router --> WAN switch (feeds all of the WAN).

From the WAN, we go to a SonicWall, which feeds our LAN switch. All workstations go to the LAN, and the server with two nics has a patchcord to the WAN in one Nic and a patchcord to the LAN switch in the other Nic.

I did not design this setup, it was that way when I took it over. However, it has functioned well for several years now.

As I have learned more about networking, I figured out that the server with a public IP address is wide open on the Internet. If all you need the public IP addresses for is publishing standard services, such as e-mail or web pages, there are ways to put the server in a DMZ or on private IP addresses and they will work just fine...and not leave your server set up for getting owned by some 14 year old script kiddie who learns about a hole six weeks before you do.

If I ever get more time at work, I plan on enhancing our setup to provide more security. But the main issue with that is just getting the time to do it.

And I know you didn't ask about this, but if you have multiple public IPs to serve multiple web sites, you can also easily setup virtual domains now and just use one public IP address to serve multiple web sites. I setup a FreeBSD box not too long ago with one public IP address and Apache configured for virtual domains, and so far I have five web sites being served from that one public IP address. It works great.

focusen, I found a couple of links that I thought might be helpful to you:

The above explains how to use an ISA server to put your servers on private IP address (the most secure DMZ configuration for the ISA server).

The above info explains a SonicWall's features, which include a DMZ: The SonicWALL DMZ has a third network connection allowing a third network or DeMilitarised Zone to be connected to the system. Visible from the WAN, the DMZ allows public services to be protected from external attacks by a full firewall yet still remain visible. In addition to this, if a hacker does manage to break into the DMZ, he still has a full firewall to break through to get to the LAN.

This is something you might not want to do now, since you seem like you are in a hurry to deploy, but it  is certainly something to keep in mind for the future.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
On the same network card, wouldn’t that cause a massive security hole… would the card route the packets to the other IP’s?? You may find it routes the packets on without you knowning. It may work at the same time; I’d laugh if it bites you on the arse. I'd get another card.
Better yet, your talking about a few servers, get a few good firewall/nat routers, make a DMZ and fix up the site! A few hundred bucks would do it. Stop messing about!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Hardware-Other

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.