[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

One server, 2 NICs, 2 default gateways

Posted on 2010-03-24
5
Medium Priority
?
433 Views
Last Modified: 2012-05-09
I have looked through the other posting about multiple default gateways but I am not seeing what I am looking for.

I have a Windows 2003 server that has two NIC cards.  One NIC is connected to our internal network.  The other is connected to our DMZ.  Each of them have their own default gateway.

This server is our FTP and other web services server.  It will work fine for a while and then internal and external users cannot connect to the server.  I have to disable and enable both interfaces for the problem to clear itself.

There have been posts regard the Routing and Remote Access service.  This looks to be the answer but I still don't understand how to configure RRAS to fix the problem I am having.

There are 500 points to the person who can help me get this issue resolved.

Thank you very much,
Mike
0
Comment
Question by:csg_int_it
5 Comments
 
LVL 3

Expert Comment

by:Jeff Morlen
ID: 28476874
Is there a reason you are doing port forwarding on your firewall instead of a DMZ?

Most likely, you are running into a routing loop between your Internal network and your DMZ.
This can corrupt/poison the routing table in Windows server.

I would suggest using port forwarding with your firewall and do away with your DMZ.
By putting your server in the DMZ as well as the internal network, you are circumventing the security that your firewall has.
0
 

Author Comment

by:csg_int_it
ID: 28477124
jeffmorlen,
Is port forwarding the same as NATing?

Mike
0
 
LVL 20

Accepted Solution

by:
edster9999 earned 2000 total points
ID: 28477208
You can set a default gateway on two nics... but you should not really be able to do this.
The definition of a default gateway is the routing off your subnetwork if all else fails.
Two have two of these is a bit pointless.
Really the OSs should ban the idea of having 2 live default gateways.

A better system would be to add extra routes.
If you had a machine with something like this :


192.168.1.x ------- pc ------- 192.168.2.x -------- 192.168.3.x

Ie the machine has two network off it. 192.168.1.x and 192.168.2.x
and a machine or a route bridges off to another network 192.168.3.x (off say 192.168.2.100) and not shown here the internet gateway is on 192.168.1.1.

The the routes should be

192.168.2.0 subnet 255.255.255.0 -> eth 2
192.168.1.0 subnet 255.255.255.0 -> eth 1
192.168.3.0 subnet 255.255.255.0 -> eth 2 -> gateway 192.168.2.100
default -> eth1 -> gateway 192.168.1.1

0
 
LVL 20

Expert Comment

by:edster9999
ID: 28477462
>>> Is port forwarding the same as NATing?

No.

Nat = Network address translation.  Mapping a full network like an internal 192.168.1.x network onto one IP address (maybe your public IP)

Port forwarding = when traffic comes in on a port on this public address (like port 80) then forward it to the right box on the inside.  So if you had a web server on 192.168.1.50 then you would port forward all port 80 traffic to that box.
0
 

Expert Comment

by:Maximillian1975
ID: 28479863
When you setup a default gateway on internal and external it will warn you that having such a setup will "not function properly"...

Set the default gateway on the DMZ interface and leave it blank on the internal and you will be all set.
multiple-gateway-warning.bmp
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
Moving your enterprise fax infrastructure from in-house fax machines and servers to the cloud makes sense — from both an efficiency and productivity standpoint. But does migrating to a cloud fax solution mean you will no longer be able to send or re…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

640 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question