Public and Private IP add on same network card

Posted on 2006-04-15
Last Modified: 2013-11-09
I have a couple of servers who have public Ip addresses and I would like to keep them that way, however I want my internal workstations to still be able to browse to them, is there any problem with giving the server an additional Invalid IP on the same network card as the external, will this cause any type of problem
Question by:focusen
    LVL 14

    Expert Comment

    by:Juan Ocasio
    As I mentioned in my post to your other question, you should add another NIC card instead.  This way you'll have your internal and external IP addresses assigned to different cards.

    Author Comment

    Currently I do not have 2 network cards for this machine.  And I need this setup right away.
    LVL 79

    Expert Comment

    This is a duplicate question?
    See my post in your other Q
    LVL 2

    Expert Comment

    I agree with going with the two network cards. We have a similar setup at work. The setup is:

    T1 --> Cisco Router --> WAN switch (feeds all of the WAN).

    From the WAN, we go to a SonicWall, which feeds our LAN switch. All workstations go to the LAN, and the server with two nics has a patchcord to the WAN in one Nic and a patchcord to the LAN switch in the other Nic.

    I did not design this setup, it was that way when I took it over. However, it has functioned well for several years now.

    As I have learned more about networking, I figured out that the server with a public IP address is wide open on the Internet. If all you need the public IP addresses for is publishing standard services, such as e-mail or web pages, there are ways to put the server in a DMZ or on private IP addresses and they will work just fine...and not leave your server set up for getting owned by some 14 year old script kiddie who learns about a hole six weeks before you do.

    If I ever get more time at work, I plan on enhancing our setup to provide more security. But the main issue with that is just getting the time to do it.

    And I know you didn't ask about this, but if you have multiple public IPs to serve multiple web sites, you can also easily setup virtual domains now and just use one public IP address to serve multiple web sites. I setup a FreeBSD box not too long ago with one public IP address and Apache configured for virtual domains, and so far I have five web sites being served from that one public IP address. It works great.

    LVL 2

    Accepted Solution

    focusen, I found a couple of links that I thought might be helpful to you:

    The above explains how to use an ISA server to put your servers on private IP address (the most secure DMZ configuration for the ISA server).

    The above info explains a SonicWall's features, which include a DMZ: The SonicWALL DMZ has a third network connection allowing a third network or DeMilitarised Zone to be connected to the system. Visible from the WAN, the DMZ allows public services to be protected from external attacks by a full firewall yet still remain visible. In addition to this, if a hacker does manage to break into the DMZ, he still has a full firewall to break through to get to the LAN.

    This is something you might not want to do now, since you seem like you are in a hurry to deploy, but it  is certainly something to keep in mind for the future.

    LVL 2

    Expert Comment

    On the same network card, wouldn’t that cause a massive security hole… would the card route the packets to the other IP’s?? You may find it routes the packets on without you knowning. It may work at the same time; I’d laugh if it bites you on the arse. I'd get another card.
    LVL 2

    Expert Comment

    Better yet, your talking about a few servers, get a few good firewall/nat routers, make a DMZ and fix up the site! A few hundred bucks would do it. Stop messing about!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    This article is a how to to configure a UCS Ethernet-uplink portchannel via the console. It is easy to do and can be done quite quickly. In certain versions of the UCS manager the portchannel has issues coming up and this is a workaround. I am…
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now