Setting up New Print Server with 2 NICs/Subnets (500 points)


My company is switching to a new ISP with a Public Class C subnet.  Even though this is more IPs than we really need (for now), we would like to keep our network printers on their current local subnet.  They are currently on a private 192.168.x.x subnet.  

The idea is to take our current WSUS server and add print drivers to it to also make it a print server.  

Problem is all workstations will be using Public IPs (no NAT) and will have to communicate with the printers on the private 192.168.x.x subnet.  

I was thinking about adding a second NIC to the server.  Connect one to the Public subnet and the other to the private subnet.  

The way I imagine that this would be handled:
1.  A print request is sent to \\printserver\printer
2.  The print server's name is resolved by the firewall to the print server's IP and passed along to it.
3.  The request would then be passed along to the second NIC that is connected to the 192.168.x.x subnet.
4.  The printer would print and report on the job's status back to the Print Server's Public IP --> Public IP workstation.  

We would also like to limit access to this print server to only the Public IP range that is assigned to our workstations.  I know that we can set the firewall not to allow access to the print server from outside the firewall.  Is this going to be sufficient in terms of disallowing access to it by the general public?

Here are my questions:

1. Is the above a good idea for a solution?  Again, we need to make sure that printers stay on the private 192.168.x.x after the rest of the network switches to Public IPs.
2. The WSUS server currently manages 64 workstations and this number is expected to grow to about 100.  Will the server be able to handle print requests for roughly 15 network printers as well?  It's a dual P3 1000MHZ with 2GB of RAM and lots of HD space.
3.  In MS Windows Server 2003, where will I have to go to configure the NICs to pass along info between the public and private subnets?  I.e. a print request is sent in to the public IP, passed along to a printer on the local 192.168.x.x subnet.  4.  Let's say the public IP is with a gateway address of and the local address is  What will the gateway have to be in order to communicate between the two NICs?  Just looking for a clear explanation of how this two NIC business works.  
5.  Should any new services be installed to allow for this functionality on the server itself?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

1)  I wouldn't use public IPs on my network at all.  You open up the possiblity of being compromised.  Private IPs are not routable on the internet and therefore make it much harder to attack from the outside.
2)  Yes.
3)  You must use a registry hack to allow IP forwarding:;en-us;323339
4)  There will likely be no gateway on the internal NIC.
5)  You could use RRAS.  It will serve as a basic firewall that will allow you a bit more security.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
taki1gostekAuthor Commented:
Hey Netman!  Awesome you responded :)  Sorry it took me a while to get back to you.

1. Public IPs behind a PIX firewall, DHCP issued by our current AD server.  Supposed to make our packet shaper work better... not my idea to get rid of NAT.
2. Thanks.
3. Awesome.
4. Would you mind elaborating on how I should go about configuring the server with the two NICs?  Say #3 is done, I put the new NIC into the server.  Assign a static private IP address to it.  What's next, how do I make sure the two talk together?  Is there a protocol I will have to configure?
5. Any good RRAS guides for dummies?  Haven't done RRAS yet.  Thanks again for your help!
With respect to #4, put the NIC in and configure it before you do step #3.

The internal (LAN) side NIC must be at the top of the binding order and will likely not use a gateway once the hack in step #3 is done.

This page has a collection of articles for RRAS:

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.