I have a mailserver in the DMZ. It has two NICs, only one is active.
I want to back this up to the NAS on my LAN.
I'd like to turn on the 2nd NIC, add it to my LAN, but prevent any traffic from the outside "real Ip" interface from reaching the LAN.
Windows Firewall? What rule?
Another option depending on the switch, create a LAG group on the switch using the two interfaces as a team.
This way you can "double" the bandwidth available and create a rule to allow the traffic from The DMZ system to the nas, though not sure who you would isolate the issue.
If you have a backup client/server setup (bacula, zmanda, etc.) you would be able to set the parameters of access. with the direction to the NAS the DMZ server has to have access rights to share which is a much wider opening of the firewall.