Public and Private IP add on same network card

Posted on 2006-04-15
Medium Priority
Last Modified: 2013-11-09
I have a couple of servers who have public Ip addresses and I would like to keep them that way, however I want my internal workstations to still be able to browse to them, is there any problem with giving the server an additional Invalid IP on the same network card as the external, will this cause any type of problem
Question by:focusen
LVL 15

Expert Comment

by:Juan Ocasio
ID: 16460538
As I mentioned in my post to your other question, you should add another NIC card instead.  This way you'll have your internal and external IP addresses assigned to different cards.

Author Comment

ID: 16460550
Currently I do not have 2 network cards for this machine.  And I need this setup right away.
LVL 79

Expert Comment

ID: 16460555
This is a duplicate question?
See my post in your other Q
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.


Expert Comment

ID: 16460660
I agree with going with the two network cards. We have a similar setup at work. The setup is:

T1 --> Cisco Router --> WAN switch (feeds all of the WAN).

From the WAN, we go to a SonicWall, which feeds our LAN switch. All workstations go to the LAN, and the server with two nics has a patchcord to the WAN in one Nic and a patchcord to the LAN switch in the other Nic.

I did not design this setup, it was that way when I took it over. However, it has functioned well for several years now.

As I have learned more about networking, I figured out that the server with a public IP address is wide open on the Internet. If all you need the public IP addresses for is publishing standard services, such as e-mail or web pages, there are ways to put the server in a DMZ or on private IP addresses and they will work just fine...and not leave your server set up for getting owned by some 14 year old script kiddie who learns about a hole six weeks before you do.

If I ever get more time at work, I plan on enhancing our setup to provide more security. But the main issue with that is just getting the time to do it.

And I know you didn't ask about this, but if you have multiple public IPs to serve multiple web sites, you can also easily setup virtual domains now and just use one public IP address to serve multiple web sites. I setup a FreeBSD box not too long ago with one public IP address and Apache configured for virtual domains, and so far I have five web sites being served from that one public IP address. It works great.


Accepted Solution

usurper_ii earned 2000 total points
ID: 16461477
focusen, I found a couple of links that I thought might be helpful to you:


The above explains how to use an ISA server to put your servers on private IP address (the most secure DMZ configuration for the ISA server).


The above info explains a SonicWall's features, which include a DMZ: The SonicWALL DMZ has a third network connection allowing a third network or DeMilitarised Zone to be connected to the system. Visible from the WAN, the DMZ allows public services to be protected from external attacks by a full firewall yet still remain visible. In addition to this, if a hacker does manage to break into the DMZ, he still has a full firewall to break through to get to the LAN.

This is something you might not want to do now, since you seem like you are in a hurry to deploy, but it  is certainly something to keep in mind for the future.


Expert Comment

ID: 16464466
On the same network card, wouldn’t that cause a massive security hole… would the card route the packets to the other IP’s?? You may find it routes the packets on without you knowning. It may work at the same time; I’d laugh if it bites you on the arse. I'd get another card.

Expert Comment

ID: 16464476
Better yet, your talking about a few servers, get a few good firewall/nat routers, make a DMZ and fix up the site! A few hundred bucks would do it. Stop messing about!

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question