Public and Private Networks Server 2003 R2

Brain fart.  Getting old.  Maybe no more a Guru?
Anyway question is:
Got a Windows 2003 Server 2003 R2 X64, 2 NIC's (Dell Server).
Got DSL, (Verizon router/modem combo), set one NIC to with DSL modem/router (Gateway and DNS set to  Goes to 3 PC's, Internet access.
Got the other NIC at and no Gateway or DNS set in Properties.  Goes to a switch feeding 5 PC's, all static.

Purpose here is to keep the subnets separate, meaning 3 PC's on NIC that have Internet access should not be able to be compromised and have others see, ping, browse, etc., to anything on the network (5 other PC's).

All seems to be A-OK, except that the "Internet PC's" can browse/see the other network (albeit they request login and password).

What am I doing wrong here, like I said, 2 NIC's, Server 2003, DSL on one NIC, LAN (Intranet) on other NIC... keep segregated.......diagrams work my brain is tired.
Who is Participating?
dkarpekinConnect With a Mentor Commented:
Usially those kind of design , is achived by VLAN's. Benefit of which seperate networks, but still allow them them use "shared" resources, and been on same subnet.
Of couse as it is shown will work just fine, for 172.x.x.x routing/remote access needs to be enabled, if they internet as well.
"routing and remote  access" is probably running, connection those two NIC's together.
Use "tracert" from interesting PC, see where traffic is heading  to........
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

jcs5003Commented: and can communicate with each other without routing as long as they share the same broadcast domain.
Try changing the network to or a completely seperate Class. You could go and that would definantly do it. I know it sounds odd. But i've seen it before and is technically valid.
Does your switch have VLAN capabilities? If so, just create a VLAN for these 5 machines that dont get internet and they can be on whatever subnet you want, and they wont communicate with anything thats not in the VLAN.
Agree. Saw it before too............since then , I'm trying to avoid  192.16.x.x as much as possible, but for some reason a lot of people keep using on"production", when it is ment to be used on "homy" networks............
guruunoAuthor Commented:
OK, I'll try this when onsite at customers on Wednesday next week.
Possibly also try via home test environment beforehand.
One additional question before I do this however.
I now pull AV definitions to the server (NOD32) from the web and distribute them to the clients on the INTRANET (no Internet access) by accessing http://IP ADDRESS:2221 in the setup of NOD on the clients.

All works.

So if I change the pointed to IP from to after all the changes suggested, will I still be able to update the clients?

Thanks all so far for the suggestions.....
As long clients on same subnet , as server- yes.
guruunoAuthor Commented:
Does this sample diagram depict the way it will be/work as suggested?
(No way for 172 clients to see/access anything on 192 network/server....)
(jpeg attached)
guruunoAuthor Commented:
Client rescheduled, but I'll end this, thanks!!!!
(didn't try yet, but will next week, thanks, thanks, thanks)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.