Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 290
  • Last Modified:

help configuring a "second" internal network

I acknowledge that I know only enough to be dangerous with networking, but it has gotten me through this far.  Please advise if you can help me ... :-)

Our very small business hosts 3 separate SSL websites (for different aspects of our business).  Each has its own static public IP, and each has its own private network with various other PCs and servers attached.  The websites are 3-tier, using IIS6, ASP.net and MS-SQL.  All servers are Windows 2003 Standard SP2.

We use a 4th private network (with its own static public IP) for all of our own internal business transactions and communication.  This 4th network hosts no websites, but does have various servers, a multitude of storage, and several PC clients, printers, etc.  It's my hope to grant certain machines on the "other" 3 networks access to resources on the 4th.

I've done this (kind of) over the last year with wireless adapters on certain machines needing access to the 4th network. I can also gain access through a SSL-VPN on the 4th network.
But, both "indirect" options are slow.

So, I thought I'd try to make it faster by installing additional NICs in these machines, and connecting these via a Gb switch to the 4th network.  Everything connects just fine, and everyone can talk to each other, each on 2 separate private networks (one common to all).  My problem is that my SSL websites become unreachable from outside, as soon as I enable these connections (and they are restored almost instantly when I disable the connections).

Clearly, there is some security issue of which I'm unaware, that's keeping everyone from being connected and happy.  But I need help.   Why am I able to establish additional wireless or VPN network connections on the 1,2,3 servers that don't affect the websites, but a hard-wired one does?  Is it just settings?  Am I crazy trying to do this?  Do I need to setup a 5th internal network - that doesn't (in and of itself) have an internet connection?

This is not super-high security stuff, so I'm not real worried about doing something that is slightly unconventional.  Any suggestions will be helpful.  I'm just trying to get fast, reliable, always-on access for networks 1,2,3 to resources on the 4th network.  Thanks!
0
cacliffo
Asked:
cacliffo
3 Solutions
 
cacliffoAuthor Commented:
I think I may have found the solution, taking a hint from another thread.  By removing the 'default gateway' on the 2nd NICs, I now have all the networks talking to each other (within the private network), and the SSL websites are exposed and running from the outside world.

If someone could confirm that this is OK, and an acceptable solution, that would be great.  Please advise if there are any cautions recommended.
0
 
giltjrCommented:
That should be the correct solution.  In fact if you think about it for a second, how can a computer have two defaults?  Easy, it can't.
MS makes you believe that you can have a unique default route for each NIC, when you can't.  The default gateway is for the whole box.

IP does not send traffic out the same NIC it came in on, it sends it out the "best" NIC based on the routing table.  If you have two (or more) NIC's and you define more than one default gateway, only one is the real default gateway.  

The other one will not be used except in the case when the 1st one become unreachable.
0
 
cj_1969Commented:
Yes, what you have is fine, well its the only thing that will work :)

Just be aware ... since the default gateway is on the external NIC and there is no routing (or there shouldn't be) to any of your internal networks from this interface.  If you have any subnets that are not included in the 3 internal ones that are configured on the other interfaces you will need to explicity define a route on the server for them and tell the OS which internal router interface (gateway) to use to get to it/them.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now