[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 362
  • Last Modified:

Public and Private Networks Server 2003 R2

Brain fart.  Getting old.  Maybe no more a Guru?
Anyway question is:
Got a Windows 2003 Server 2003 R2 X64, 2 NIC's (Dell Server).
Got DSL, (Verizon router/modem combo), set one NIC to 192.168.1.149 with DSL modem/router 192.168.1.1. (Gateway and DNS set to 192.168.1.1)  Goes to 3 PC's, Internet access.
Got the other NIC at 192.168.2.149 and no Gateway or DNS set in Properties.  Goes to a switch feeding 5 PC's, all static.

Purpose here is to keep the subnets separate, meaning 3 PC's on 192.168.1.149 NIC that have Internet access should not be able to be compromised and have others see, ping, browse, etc., to anything on the 192.168.2.149 network (5 other PC's).

All seems to be A-OK, except that the "Internet PC's" can browse/see the other network (albeit they request login and password).

What am I doing wrong here, like I said, 2 NIC's, Server 2003, DSL on one NIC, LAN (Intranet) on other NIC... keep segregated.......diagrams work my brain is tired.
0
guruuno
Asked:
guruuno
  • 5
  • 3
1 Solution
 
dkarpekinCommented:
"routing and remote  access" is probably running, connection those two NIC's together.
0
 
dkarpekinCommented:
Use "tracert" from interesting PC, see where traffic is heading  to........
0
 
jcs5003Commented:
192.168.1.0/24 and 192.168.2.0/24 can communicate with each other without routing as long as they share the same broadcast domain.
Try changing the 192.168.2.0/24 network to 192.168.3.0/24 or a completely seperate Class. You could go 172.16.1.0/24 and that would definantly do it. I know it sounds odd. But i've seen it before and is technically valid.
Does your switch have VLAN capabilities? If so, just create a VLAN for these 5 machines that dont get internet and they can be on whatever subnet you want, and they wont communicate with anything thats not in the VLAN.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
dkarpekinCommented:
Agree. Saw it before too............since then , I'm trying to avoid  192.16.x.x as much as possible, but for some reason a lot of people keep using on"production", when it is ment to be used on "homy" networks............
0
 
guruunoAuthor Commented:
OK, I'll try this when onsite at customers on Wednesday next week.
Possibly also try via home test environment beforehand.
One additional question before I do this however.
I now pull AV definitions to the server (NOD32) from the web and distribute them to the clients on the INTRANET (no Internet access) by accessing http://IP ADDRESS:2221 in the setup of NOD on the clients.

All works.

So if I change the pointed to IP from 192.168.2.1 to 172.16.1.149 after all the changes suggested, will I still be able to update the clients?

Thanks all so far for the suggestions.....
0
 
dkarpekinCommented:
As long clients on same subnet , as server- yes.
0
 
guruunoAuthor Commented:
Does this sample diagram depict the way it will be/work as suggested?
(No way for 172 clients to see/access anything on 192 network/server....)
(jpeg attached)
Sample-Diagram-for-Client.jpeg
0
 
dkarpekinCommented:
Usially those kind of design , is achived by VLAN's. Benefit of which seperate networks, but still allow them them use "shared" resources, and been on same subnet.
Of couse as it is shown will work just fine, for 172.x.x.x routing/remote access needs to be enabled, if they internet as well.

http://safari.oreilly.com/1587201003/ch08lev1sec2
http://net21.ucdavis.edu/newvlan.htm
http://www.cisco.com/warp/public/614/11.html
0
 
guruunoAuthor Commented:
Client rescheduled, but I'll end this, thanks!!!!
(didn't try yet, but will next week, thanks, thanks, thanks)
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now