?
Solved

route a port to a specific nic

Posted on 2007-11-20
10
Medium Priority
?
4,621 Views
Last Modified: 2008-02-01
route a port to a specific nic
0
Comment
Question by:neldo736
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2
10 Comments
 
LVL 8

Expert Comment

by:JjcampNR
ID: 20325384
Perhaps you could elaborate a bit?  If this is something you want to set from the switch side, perhaps it should be posted in the networking section...but I'm happy to help here.  So you want to set one port on a switch to only work with one NIC?  If that's the case, and the switch is configurable, you can set an ACL on that port to only allow the MAC of that one NIC to access it.  If you need help doing this let me know what type of switch you're using (Brand and model) and I'll get you the config.
0
 

Expert Comment

by:eng_khalid101
ID: 20325854
what is the type of your router??
0
 

Author Comment

by:neldo736
ID: 20327035
I am using a hotbrick 401vpn x2 router for the companies main router we have terminal services for employee remote access.  Also have an Exchange 2003 email server and the routing is handled by the same router.  We have a primary and backup domain controller.

We also have a second DSL internet connection with a static ip address and a second router of the same type.

On the DC there is a second NIC which I would like to connect to the second router which would be connected to the DSL modem.

The reason for donung this is because we do off site data backup over a FTP connection.  Over the weekend there is a huge amount of data sent out and when users login to terminal services response times are slow.

So if I could connect the second router and modem and route port 21 to say go this this specific NIC with bi-directional communications and still maintain a firewall with the router.  DHCp is hanled by the DC and DNS.  The software that does the ftp backup is on the DC.

I hope this helps.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 10

Expert Comment

by:Darylx
ID: 20327279
You could add a static route to the server that sends all traffic destined for a particular IP address or subnet out of the second interface using the Route Add command.

For example, just say the second router IP is 10.10.10.20 and the IP address of the offsite backup is 100.100.100.1, you could use the following command.

route add -p 100.100.100.1 mask 255.255.255.255 10.10.10.20

This would send all traffic destined for 100.100.100.1 out through the second router.
0
 

Author Comment

by:neldo736
ID: 20327491
Yes that is great but I do not want all trafic to go to the offsite backup server.  I only want dort 21 to go to the second NIC.  The backup software determines the offsie location for examle:ftp.servername.com

There for I need to tell the DC that only traffic on port 21 needs to go through the second NIC.

Thanks for your response.  Any other suggestions.
0
 
LVL 10

Expert Comment

by:Darylx
ID: 20327568
It wouldn't send ALL traffic to the offsite backup server.  It would only send traffic that you want to go to the offsite backup server out through the second NIC.
0
 
LVL 8

Expert Comment

by:JjcampNR
ID: 20337212
The problem with the route statement above is that it doesn't specify that only the second NIC should be used for that traffic.  If that route is valid from both NICs, then both will be used for sending the FTP traffic.

What you want to do is make sure both routers are on different networks, and there's not route between them.  Put one of your NICs on each of your networks so this way only ONE of your NICs will have a valid route to that backup DSL modem for your FTP traffic.  So for instance, if your main network router is on a 192.168.0.x /24 network, put the backup DSL router on a 192.168.1.x /24 network and you should be all set.
0
 
LVL 11

Accepted Solution

by:
infotrader earned 2000 total points
ID: 20354474
OK... Before we get ahead of ourselves, haven't anyone of you read that it is bad mojo to have a DUAL-HOMED Domain Controller??!!  There are tons of article saying why this is a bad idea, but people still do it anyway, so if you absolutely need to do that, here's one of the many links for you: http://www.pcreview.co.uk/forums/thread-1450941.php 

NOW, assuming that you still would like to go ahead and do this, there are a couple of ways you can do this:

1.  There are actually router/switches that can do this.  It is kind of expensive, but you can actually get a router that would allow you to do this.  They are sometimes problematic and, quite frankly, is too much cost/effort for what you want to do.
2.  I agree with Darylx...  Just specify one IP address and add a static route to the FTP site you are trying to access.  True that it will send ALL TRAFFIC going to that SPECIFIC IP ADDRESS through the second router, but I think it is actually the most cost-effective solution.

Also, FORGET ABOUT THE SEPARATE NETWORK SUBNET!!!  For starters, I don't think there is a need to have two NIC in the first place.  You can have multiple Gateway as long as they are pre-defined on the route statement.  For example, I have two routers, 192.168.1.1 and 192.168.1.2.  You can have a route statement that says: route add -p 100.100.100.100 mask 255.255.255.255 192.168.1.2 metric 1

Assuming that your "Default Gateway" is 192.168.1.1, The above statement would make sure that ONLY data going to 100.100.100.100 will go out through the second router.  Additionally, if you add "IF 1" (or "IF 2") statement at the end, it would also identify which interface the above route is going to.

My solution?  remove the second NIC if you don't need it.  Add a permanent route statement to the computer so outbound data to the service provider will only go through that one IP, and you are done.  No hassle, and no potential problems!!
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many admins will agree: WSUS is is a nice invention but using it on the client side when updating a newly installed computer is still time consuming as you have to do several reboots and furthermore, the procedure of installing updates, rebooting an…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question