Solved

multihomed 2008 Web server with internal database

Posted on 2010-09-13
5
438 Views
Last Modified: 2012-05-10
I have a development web server multihomed with two gateways:
            ISP
            |
            ISP Modem
            IP x.x.x.0
            GW x.x.x.1
            |
Router A ------------------------------------Router B
IP x.x.x.2                  IP x.x.x.3
GW x.x.x.1                  GW x.x.x.1
NAT 192.168.1.1            NAT 192.168.65.1
|      |            |            
|      SERVER2 NIC2      NIC1
|      IP 192.168.1.101      IP 192.168.65.100
|      GW 192.168.1.1      GW 192.168.65.1
|      |            |
|      --------------------------------SERVER2
|                  Website2
|
SERVER1 NIC1
IP 192.168.1.136
GW 192.168.1.1
|
SERVER1
Website1/SQL/DC

What I am trying to sort out is the correct way to configure firewall and security in order to allow access to the SQL server instance on Server1 from the website2 on Server2.

Right now, my connections to the database from server2 do not work. I have enabled ports 1443, 1444 for only NIC2 and it still does not work.

Any ideas on a better database setup are appreciated. I will be putting a new DC in the place of Server1 so it can just be the SQL server. Website1 will be moved to Server2. My idea is to place the sql server on a third subnet with restricted access to IP addresses on the two subnets so that internal applications can access the database as well as the websites.
0
Comment
Question by:DevMikeDallas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 1

Expert Comment

by:Hex255
ID: 33666567
Can you do a "route print" (in CMD window) for both servers and paste it here?

good luck
0
 

Author Comment

by:DevMikeDallas
ID: 33666964
SERVER1


IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface

0x10003 ...xx xx xx xx xx xx ...... Intel(R) PRO/1000 MT Network Connection
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.136      1
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
      192.168.1.0    255.255.255.0    192.168.1.136    192.168.1.136      1
    192.168.1.136  255.255.255.255        127.0.0.1        127.0.0.1      1
    192.168.1.255  255.255.255.255    192.168.1.136    192.168.1.136      1
        224.0.0.0        240.0.0.0    192.168.1.136    192.168.1.136      1
  255.255.255.255  255.255.255.255    192.168.1.136    192.168.1.136      1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None





SERVER2
===========================================================================
 11 ...xx xx xx xx xx xx ...... Intel(R) PRO/100 S Server Adapter
 
 10 ...xx xx xx xx xx xx ...... Intel(R) PRO/1000 MT Network Connection
 
 1 ........................... Software Loopback Interface 1
 
 12 ...xx xx xx xx xx xx xx xx  isatap.{----}
 
 14 ...xx xx xx xx xx xx ...... Teredo Tunneling Pseudo-Interface
 
 13 ...xx xx xx xx xx xx xx xx  isatap.{----}
 ===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.65.1   192.168.65.100    276
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.101    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.101    276
    192.168.1.101  255.255.255.255         On-link     192.168.1.101    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.101    276
     192.168.65.0    255.255.255.0         On-link    192.168.65.100    276
   192.168.65.100  255.255.255.255         On-link    192.168.65.100    276
   192.168.65.255  255.255.255.255         On-link    192.168.65.100    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    192.168.65.100    276
        224.0.0.0        240.0.0.0         On-link     192.168.1.101    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    192.168.65.100    276
  255.255.255.255  255.255.255.255         On-link     192.168.1.101    276
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0     192.168.65.1  Default
          0.0.0.0          0.0.0.0      192.168.1.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 14     18 ::/0                     On-link
  1    306 ::1/128                  On-link
 14     18 2001::/32                On-link
 14    266 2001:0:4137:9e76:3cf8:d4f:3f57:fe9a/128
                                    On-link
 10    276 fe80::/64                On-link
 11    276 fe80::/64                On-link
 14    266 fe80::/64                On-link
 14    266 fe80::3cf8:d4f:3f57:fe9a/128
                                    On-link
 11    276 fe80::40fe:557a:fd93:fc07/128
                                    On-link
 10    276 fe80::4435:812d:4d32:925f/128
                                    On-link
  1    306 ff00::/8                 On-link
 14    266 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
0
 
LVL 1

Accepted Solution

by:
Hex255 earned 0 total points
ID: 33666995
The problem you have is that you entered 2 default gateways in SERVER2:
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.65.1   192.168.65.100    276
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.101    276

That is invalid.

You will need to address that before you can move on.
0
 

Author Comment

by:DevMikeDallas
ID: 33674107
It looks like I had also typed the name of the database wrong on Server2. SQL access now works for both websites.

On the gateway issue, is there a way I can demonstrate this is a problem? It all seems to be working...

I have been modifiying rules in the firewall so that port 80 inbound only comes from gateway 192.168.65.1, and after adding ports 1443, 1444 to the nic2 (192.168.1.101) the SQL server is accessible. I also turned off one of the tcp parameters in the registry for server2, ICMP redirect I think, during some review to harden the TCPIP stack... windows 2008 was missing some of the items listed here, and others were already hardened:
http://msdn.microsoft.com/en-us/library/aa302363.aspx

By the way, there is another person who did a similar setup and a similar solution proposed:
http://www.experts-exchange.com/Networking/Q_20861927.html

I am going to test setting the gateway to the first router, 192.168.1.1, and see if that works. I will let you know.
0
 

Author Comment

by:DevMikeDallas
ID: 33674770
Well, it all seems to be working except network browse, of course. And I found the article that explained the issue in detail, thanks to your answer that pointed me in the right direction:

http://windows.microsoft.com/en-US/windows-vista/Configuring-multiple-gateways-on-a-network
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
QoS on Cisco router 10 59
SQL Lag Function DateDiff 2 26
Report 8 27
Necessity of Gigabit network infrastructure? 7 36
In this article we will learn how to fix  “Cannot install SQL Server 2014 Service Pack 2: Unable to install windows installer msi file” error ?
A Stored Procedure in Microsoft SQL Server is a powerful feature that it can be used to execute the Data Manipulation Language (DML) or Data Definition Language (DDL). Depending on business requirements, a single Stored Procedure can return differe…
Viewers will learn how to use the INSERT statement to insert data into their tables. It will also introduce the NULL statement, to show them what happens when no value is giving for any given column.
Viewers will learn how to use the SELECT statement in SQL to return specific rows and columns, with various degrees of sorting and limits in place.

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question