Avatar of Edward van Nijmweegen
Edward van NijmweegenFlag for Netherlands

asked on 

How to set default gateway for two network cards

I've the following situation:
One server two networkcards. One is connected to the outside world to retrieve data via port 3000. The other is connected to the internal network, to let people connect to the database on the server.
Sometimes the proces outside, that should connect to this server via port 3000 can't see the server, because the server uses the internet connection that is used via the internal networkcard. So, when i run www.canyouseeme.org, i connects via the internal networkcard and not via the one that is connected to the outside world. When i turn of the internal card, it goes well, at that moment www.canyouseeme.org uses the external card.
How can i connect this server so, that people from the inside network can see the database on the server, and the process from the outside, can access the same server via the other network card. With other words, the internet connection should always and only go via the external network card, only communication to internal clients (to acces the database should go via the other network card)
Network ArchitectureNetwork ManagementServer Hardware

Avatar of undefined
Last Comment
Edward van Nijmweegen
ASKER CERTIFIED SOLUTION
Avatar of Lee W, MVP
Lee W, MVP
Flag of United States of America image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of ravenpl
ravenpl
Flag of Poland image

Add the static route to the "outside to port 3000" to the external eth card, leave default route to the internal.
Avatar of memo_tnt
memo_tnt
Flag of Palestine, State of image

Try to set two fixed IP on LAN PCs
primary IP from the same subnet of external NIC IP of your server with its consistence default gateway,
and the secondary IP from the same subnet of internal NIC subnet without default gateway

P.S: plz post your current network nodes, routers, network O.S


Avatar of Lee W, MVP
Lee W, MVP
Flag of United States of America image

Care to explain how you add a static route that applies to ONLY a port...?  I don't think you can... but if I'm wrong, it'd be good to see the syntax.
Avatar of ravenpl
ravenpl
Flag of Poland image

> Care to explain how you add a static route that applies to ONLY a port...?
I was not saying about route for port, but whole server IP that is suppose to connect to port 3000.
But it's possible to route one port only in fact. The scenario is
remote connects to local port 3000, we marking this connection with special mark value. The packets marked with this mark value are redirected to different routing table(other than default). The alternative routing table has different route to the server.
Avatar of Lee W, MVP
Lee W, MVP
Flag of United States of America image

I understand it may be possible to route via ports through network hardware... MAYBE.  But how to do it in Windows Server with no third party software?

What commands would one execute and/or how would it be setup?
Avatar of ravenpl
ravenpl
Flag of Poland image

Maybe I did wrong assumption that the servers runs *NIX OS. But the author haven't told the OS here.
Avatar of Member_2_231077
Member_2_231077

I can't see how it matters what OS you are using. Routes aren't done per-port although the traffic can be controlled if you are using the server as a firewall (ipchains, ISA server etc.)

Just remove the default gateway on the inside card and add static routes to any internal network. You can probably use route summarization so if there are 2 other internal networks 10.0.0.0/16 and 10.1.0.0/16 accessed through the same router you can add just one route 10.0.0.0/15 that covers both of them.
Avatar of ravenpl
ravenpl
Flag of Poland image

andyalder: IMHO the target is to have default route(general use internet) via some router inside the LAN, and only the port3000 accessed directly via the outside NIC.
Avatar of Member_2_231077
Member_2_231077

Oh, I see. In that case have the DG on the inside and a static route on the outside to whatever IP address/network it retrieves data from which is what you said previously. He can use port filtering on this interface to restrict it to port 3000 - obviously won't be able to see anything else on that address like a web server since it is filtered and won't go there through the DG.
Avatar of Edward van Nijmweegen

ASKER

This worked perfect, thanks.
Server Hardware
Server Hardware

Servers are computing devices that are similar to desktop computers in that they have the same basic components, but are significantly different in size, configuration and purpose. Servers are usually accessed over a network, and many run unattended, without a computer monitor, input device, audio hardware or USB interfaces. Many servers do not have a graphical user interface (GUI), and are configured and managed remotely. Servers typically include hardware redundancy such as dual power supplies, RAID disk systems, and ECC memory, along with extensive pre-boot memory testing and verification. Critical components might be hot swappable, and to guard against overheating, servers might have more powerful fans or use water cooling.

28K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo