Solved

route a port to a specific nic

Posted on 2007-11-20
10
4,592 Views
Last Modified: 2008-02-01
route a port to a specific nic
0
Comment
Question by:neldo736
  • 2
  • 2
  • 2
  • +2
10 Comments
 
LVL 8

Expert Comment

by:JjcampNR
ID: 20325384
Perhaps you could elaborate a bit?  If this is something you want to set from the switch side, perhaps it should be posted in the networking section...but I'm happy to help here.  So you want to set one port on a switch to only work with one NIC?  If that's the case, and the switch is configurable, you can set an ACL on that port to only allow the MAC of that one NIC to access it.  If you need help doing this let me know what type of switch you're using (Brand and model) and I'll get you the config.
0
 

Expert Comment

by:eng_khalid101
ID: 20325854
what is the type of your router??
0
 

Author Comment

by:neldo736
ID: 20327035
I am using a hotbrick 401vpn x2 router for the companies main router we have terminal services for employee remote access.  Also have an Exchange 2003 email server and the routing is handled by the same router.  We have a primary and backup domain controller.

We also have a second DSL internet connection with a static ip address and a second router of the same type.

On the DC there is a second NIC which I would like to connect to the second router which would be connected to the DSL modem.

The reason for donung this is because we do off site data backup over a FTP connection.  Over the weekend there is a huge amount of data sent out and when users login to terminal services response times are slow.

So if I could connect the second router and modem and route port 21 to say go this this specific NIC with bi-directional communications and still maintain a firewall with the router.  DHCp is hanled by the DC and DNS.  The software that does the ftp backup is on the DC.

I hope this helps.
0
 
LVL 10

Expert Comment

by:Darylx
ID: 20327279
You could add a static route to the server that sends all traffic destined for a particular IP address or subnet out of the second interface using the Route Add command.

For example, just say the second router IP is 10.10.10.20 and the IP address of the offsite backup is 100.100.100.1, you could use the following command.

route add -p 100.100.100.1 mask 255.255.255.255 10.10.10.20

This would send all traffic destined for 100.100.100.1 out through the second router.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:neldo736
ID: 20327491
Yes that is great but I do not want all trafic to go to the offsite backup server.  I only want dort 21 to go to the second NIC.  The backup software determines the offsie location for examle:ftp.servername.com

There for I need to tell the DC that only traffic on port 21 needs to go through the second NIC.

Thanks for your response.  Any other suggestions.
0
 
LVL 10

Expert Comment

by:Darylx
ID: 20327568
It wouldn't send ALL traffic to the offsite backup server.  It would only send traffic that you want to go to the offsite backup server out through the second NIC.
0
 
LVL 8

Expert Comment

by:JjcampNR
ID: 20337212
The problem with the route statement above is that it doesn't specify that only the second NIC should be used for that traffic.  If that route is valid from both NICs, then both will be used for sending the FTP traffic.

What you want to do is make sure both routers are on different networks, and there's not route between them.  Put one of your NICs on each of your networks so this way only ONE of your NICs will have a valid route to that backup DSL modem for your FTP traffic.  So for instance, if your main network router is on a 192.168.0.x /24 network, put the backup DSL router on a 192.168.1.x /24 network and you should be all set.
0
 
LVL 11

Accepted Solution

by:
infotrader earned 500 total points
ID: 20354474
OK... Before we get ahead of ourselves, haven't anyone of you read that it is bad mojo to have a DUAL-HOMED Domain Controller??!!  There are tons of article saying why this is a bad idea, but people still do it anyway, so if you absolutely need to do that, here's one of the many links for you: http://www.pcreview.co.uk/forums/thread-1450941.php

NOW, assuming that you still would like to go ahead and do this, there are a couple of ways you can do this:

1.  There are actually router/switches that can do this.  It is kind of expensive, but you can actually get a router that would allow you to do this.  They are sometimes problematic and, quite frankly, is too much cost/effort for what you want to do.
2.  I agree with Darylx...  Just specify one IP address and add a static route to the FTP site you are trying to access.  True that it will send ALL TRAFFIC going to that SPECIFIC IP ADDRESS through the second router, but I think it is actually the most cost-effective solution.

Also, FORGET ABOUT THE SEPARATE NETWORK SUBNET!!!  For starters, I don't think there is a need to have two NIC in the first place.  You can have multiple Gateway as long as they are pre-defined on the route statement.  For example, I have two routers, 192.168.1.1 and 192.168.1.2.  You can have a route statement that says: route add -p 100.100.100.100 mask 255.255.255.255 192.168.1.2 metric 1

Assuming that your "Default Gateway" is 192.168.1.1, The above statement would make sure that ONLY data going to 100.100.100.100 will go out through the second router.  Additionally, if you add "IF 1" (or "IF 2") statement at the end, it would also identify which interface the above route is going to.

My solution?  remove the second NIC if you don't need it.  Add a permanent route statement to the computer so outbound data to the service provider will only go through that one IP, and you are done.  No hassle, and no potential problems!!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Learn about cloud computing and its benefits for small business owners.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now