[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Setting up New Print Server with 2 NICs/Subnets (500 points)

Posted on 2006-04-21
3
Medium Priority
?
255 Views
Last Modified: 2010-04-18
Hi!

My company is switching to a new ISP with a Public Class C subnet.  Even though this is more IPs than we really need (for now), we would like to keep our network printers on their current local subnet.  They are currently on a private 192.168.x.x subnet.  

The idea is to take our current WSUS server and add print drivers to it to also make it a print server.  

Problem is all workstations will be using Public IPs (no NAT) and will have to communicate with the printers on the private 192.168.x.x subnet.  

I was thinking about adding a second NIC to the server.  Connect one to the Public subnet and the other to the private subnet.  

The way I imagine that this would be handled:
1.  A print request is sent to \\printserver\printer
2.  The print server's name is resolved by the firewall to the print server's IP and passed along to it.
3.  The request would then be passed along to the second NIC that is connected to the 192.168.x.x subnet.
4.  The printer would print and report on the job's status back to the Print Server's Public IP --> Public IP workstation.  

We would also like to limit access to this print server to only the Public IP range that is assigned to our workstations.  I know that we can set the firewall not to allow access to the print server from outside the firewall.  Is this going to be sufficient in terms of disallowing access to it by the general public?

Here are my questions:

1. Is the above a good idea for a solution?  Again, we need to make sure that printers stay on the private 192.168.x.x after the rest of the network switches to Public IPs.
2. The WSUS server currently manages 64 workstations and this number is expected to grow to about 100.  Will the server be able to handle print requests for roughly 15 network printers as well?  It's a dual P3 1000MHZ with 2GB of RAM and lots of HD space.
3.  In MS Windows Server 2003, where will I have to go to configure the NICs to pass along info between the public and private subnets?  I.e. a print request is sent in to the public IP, passed along to a printer on the local 192.168.x.x subnet.  4.  Let's say the public IP is 1.1.10.10 with a gateway address of 1.1.1.253 and the local address is 192.168.1.10.  What will the gateway have to be in order to communicate between the two NICs?  Just looking for a clear explanation of how this two NIC business works.  
5.  Should any new services be installed to allow for this functionality on the server itself?
0
Comment
Question by:taki1gostek
  • 2
3 Comments
 
LVL 51

Accepted Solution

by:
Netman66 earned 2000 total points
ID: 16509573
1)  I wouldn't use public IPs on my network at all.  You open up the possiblity of being compromised.  Private IPs are not routable on the internet and therefore make it much harder to attack from the outside.
2)  Yes.
3)  You must use a registry hack to allow IP forwarding: http://support.microsoft.com/default.aspx?scid=kb;en-us;323339
4)  There will likely be no gateway on the internal NIC.
5)  You could use RRAS.  It will serve as a basic firewall that will allow you a bit more security.


0
 
LVL 2

Author Comment

by:taki1gostek
ID: 16517601
Hey Netman!  Awesome you responded :)  Sorry it took me a while to get back to you.

1. Public IPs behind a PIX firewall, DHCP issued by our current AD server.  Supposed to make our packet shaper work better... not my idea to get rid of NAT.
2. Thanks.
3. Awesome.
4. Would you mind elaborating on how I should go about configuring the server with the two NICs?  Say #3 is done, I put the new NIC into the server.  Assign a static private IP address to it.  What's next, how do I make sure the two talk together?  Is there a protocol I will have to configure?
5. Any good RRAS guides for dummies?  Haven't done RRAS yet.  Thanks again for your help!
0
 
LVL 51

Expert Comment

by:Netman66
ID: 16519072
With respect to #4, put the NIC in and configure it before you do step #3.

The internal (LAN) side NIC must be at the top of the binding order and will likely not use a gateway once the hack in step #3 is done.

This page has a collection of articles for RRAS:
http://labmice.techtarget.com/windows2003/Network/defaut.htm

0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question