[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

multihomed 2008 Web server with internal database

Posted on 2010-09-13
5
Medium Priority
?
442 Views
Last Modified: 2012-05-10
I have a development web server multihomed with two gateways:
            ISP
            |
            ISP Modem
            IP x.x.x.0
            GW x.x.x.1
            |
Router A ------------------------------------Router B
IP x.x.x.2                  IP x.x.x.3
GW x.x.x.1                  GW x.x.x.1
NAT 192.168.1.1            NAT 192.168.65.1
|      |            |            
|      SERVER2 NIC2      NIC1
|      IP 192.168.1.101      IP 192.168.65.100
|      GW 192.168.1.1      GW 192.168.65.1
|      |            |
|      --------------------------------SERVER2
|                  Website2
|
SERVER1 NIC1
IP 192.168.1.136
GW 192.168.1.1
|
SERVER1
Website1/SQL/DC

What I am trying to sort out is the correct way to configure firewall and security in order to allow access to the SQL server instance on Server1 from the website2 on Server2.

Right now, my connections to the database from server2 do not work. I have enabled ports 1443, 1444 for only NIC2 and it still does not work.

Any ideas on a better database setup are appreciated. I will be putting a new DC in the place of Server1 so it can just be the SQL server. Website1 will be moved to Server2. My idea is to place the sql server on a third subnet with restricted access to IP addresses on the two subnets so that internal applications can access the database as well as the websites.
0
Comment
Question by:DevMikeDallas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 1

Expert Comment

by:Hex255
ID: 33666567
Can you do a "route print" (in CMD window) for both servers and paste it here?

good luck
0
 

Author Comment

by:DevMikeDallas
ID: 33666964
SERVER1


IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface

0x10003 ...xx xx xx xx xx xx ...... Intel(R) PRO/1000 MT Network Connection
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.136      1
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
      192.168.1.0    255.255.255.0    192.168.1.136    192.168.1.136      1
    192.168.1.136  255.255.255.255        127.0.0.1        127.0.0.1      1
    192.168.1.255  255.255.255.255    192.168.1.136    192.168.1.136      1
        224.0.0.0        240.0.0.0    192.168.1.136    192.168.1.136      1
  255.255.255.255  255.255.255.255    192.168.1.136    192.168.1.136      1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None





SERVER2
===========================================================================
 11 ...xx xx xx xx xx xx ...... Intel(R) PRO/100 S Server Adapter
 
 10 ...xx xx xx xx xx xx ...... Intel(R) PRO/1000 MT Network Connection
 
 1 ........................... Software Loopback Interface 1
 
 12 ...xx xx xx xx xx xx xx xx  isatap.{----}
 
 14 ...xx xx xx xx xx xx ...... Teredo Tunneling Pseudo-Interface
 
 13 ...xx xx xx xx xx xx xx xx  isatap.{----}
 ===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.65.1   192.168.65.100    276
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.101    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.101    276
    192.168.1.101  255.255.255.255         On-link     192.168.1.101    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.101    276
     192.168.65.0    255.255.255.0         On-link    192.168.65.100    276
   192.168.65.100  255.255.255.255         On-link    192.168.65.100    276
   192.168.65.255  255.255.255.255         On-link    192.168.65.100    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    192.168.65.100    276
        224.0.0.0        240.0.0.0         On-link     192.168.1.101    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    192.168.65.100    276
  255.255.255.255  255.255.255.255         On-link     192.168.1.101    276
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0     192.168.65.1  Default
          0.0.0.0          0.0.0.0      192.168.1.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 14     18 ::/0                     On-link
  1    306 ::1/128                  On-link
 14     18 2001::/32                On-link
 14    266 2001:0:4137:9e76:3cf8:d4f:3f57:fe9a/128
                                    On-link
 10    276 fe80::/64                On-link
 11    276 fe80::/64                On-link
 14    266 fe80::/64                On-link
 14    266 fe80::3cf8:d4f:3f57:fe9a/128
                                    On-link
 11    276 fe80::40fe:557a:fd93:fc07/128
                                    On-link
 10    276 fe80::4435:812d:4d32:925f/128
                                    On-link
  1    306 ff00::/8                 On-link
 14    266 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
0
 
LVL 1

Accepted Solution

by:
Hex255 earned 0 total points
ID: 33666995
The problem you have is that you entered 2 default gateways in SERVER2:
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.65.1   192.168.65.100    276
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.101    276

That is invalid.

You will need to address that before you can move on.
0
 

Author Comment

by:DevMikeDallas
ID: 33674107
It looks like I had also typed the name of the database wrong on Server2. SQL access now works for both websites.

On the gateway issue, is there a way I can demonstrate this is a problem? It all seems to be working...

I have been modifiying rules in the firewall so that port 80 inbound only comes from gateway 192.168.65.1, and after adding ports 1443, 1444 to the nic2 (192.168.1.101) the SQL server is accessible. I also turned off one of the tcp parameters in the registry for server2, ICMP redirect I think, during some review to harden the TCPIP stack... windows 2008 was missing some of the items listed here, and others were already hardened:
http://msdn.microsoft.com/en-us/library/aa302363.aspx

By the way, there is another person who did a similar setup and a similar solution proposed:
http://www.experts-exchange.com/Networking/Q_20861927.html

I am going to test setting the gateway to the first router, 192.168.1.1, and see if that works. I will let you know.
0
 

Author Comment

by:DevMikeDallas
ID: 33674770
Well, it all seems to be working except network browse, of course. And I found the article that explained the issue in detail, thanks to your answer that pointed me in the right direction:

http://windows.microsoft.com/en-US/windows-vista/Configuring-multiple-gateways-on-a-network
0

Featured Post

Simplify Your Workload with One Tool

How do you combat today’s intelligent hacker while managing multiple domains and platforms? By simplifying your workload with one tool. With Lunarpages hosting through Plesk Onyx, you can:

Automate SSL generation and installation with two clicks
Experience total server control

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lease-to-own eliminates the expenditure of hardware replacement and allows you to pay off the server over time. Usually, this is much cheaper than leasing servers. Think of lease-to-own as credit without interest.
An alternative to the "For XML" way of pivoting and concatenating result sets into strings, and an easy introduction to "common table expressions" (CTEs). Being someone who is always looking for alternatives to "work your data", I came across this …
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question