Tags: IP Address Lookup, Information, and Location, Test Your Internet Connection Speed
|
#1
10-10-2009, 10:55 AM
|
|||
|
|||
Two Nic one Server
Hi, I'll explain the network and then what I want to do. I have a router which is connected to internet. A cable from router goes to a switch and all other computers including a server with a Windows Server 2003 is connected to the switch so to share the internet connection and files. What I want to do is to Connect the internet through my first Nic to the server and then connect the server via my second Nic card to the switch so everyone can share the internet connection and the files on the server. I'm doing this to control the bandwidth usage of the users and block some websites as this is a workplace network. As far as I know, I cannot do this on my current network as My switch is Unmanaged switch and my Router for internet is a basic D-Link DSL504t. Please advice on how to configure the IP addresses, Default gateways, subnets, firewall so to keep the network protected and anything else necessary. Thanks Vahid |
|
#2
10-10-2009, 11:09 AM
|
||||
|
||||
|
This is a great tool and very cheap. http://www.youngzsoft.net/ccproxy/
It'll work with your current network config. Is your 2k3 server a Domain Controller? If it is, then this will be even easier to set up using GPO. |
|
#3
10-10-2009, 11:56 PM
|
||||
|
||||
|
I think what you are trying to accomplish can be done with RRAS.
Cable modem --> NIC 1 NIC 2 --> switch Nothing gets plugged into the Internet port of your router, and be sure to turn off DHCP on the router and enable DHCP on the server. Set the server's LAN IP as a "router" in DHCP. Its a bit tricky, and there will be some trial/error your first time, but it can be done and it works well (I did it for years). |
|
#4
10-11-2009, 10:21 AM
|
|||
|
|||
|
The way you are describing what you want to do seems a little odd to me and there a number of solutions. I say odd because you are overloading the use of your Server. That being said here is a rudimentary configuration that would work.
I am assuming that your DLINK router is a NAT gateway, through which all traffic to the outside world passes. Already hanging off this DLINK router is your internal network, let us say it is using the 192.168.1.0/24 subnet. Let us also assume that its IP address is 192.168.1.254. Step 1. Assign the Server’s first NIC the IP address 192.168.1.1 and configure its default gateway to be 192.168.1.254, i.e. the internal IP of the DLINK router. Plug this NIC into the DLINK router. Test that you can access the outside world from the server. Once that is known to be working, proceed. Step. 2. Assign the IP address 192.168.2.254 to the Server’s second NIC. Do not assign it a default gateway. Plug your unmanaged switch into this NIC. Step 3. Configure your Server as a router so that it will forward packets between these two subnets. Hard to test this until you complete Step 4, so proceed. Step 4. Hook up all your client machines to the unmanaged switch and give them IP addresses on the 192.168.2.0/24 subnet (e.g. 192.168.2.1, 192.168.2.2, 192.168.2.3, etc,) using 192.168.2.254 as their gateway, which is the IP address of the second NIC on your "routing Server". Step 5. This is a crucial but subtle step. Assign to your DLINK router, a static network route. According to the manual for your DLINK router this is quite easy to do (see page 57, under the heading Static Routing). Quick background on why you need to do this. Although your DLINK router will have no problem forwarding packets from 192.168.2.1 to the outside world, it will not known what to do with the return packets. The reason for this is that the DLINK router only knows about two subnets at this point, 192.168.1.0/24 and the rest of the world. And since return packets will have the destination address of 192.168.2.1, the DLINK router will treat them as the rest of the world and therefore use its default gateway and send them back out on to the Internet. This is *NOT* what you want to happen. So you have to tell your DLINK router that packets destined for 192.168.2.0/24 should be sent to 192.168.1.1, the routing Server on your internal network. And this is done by using a static network route. So given the topology I have just described, add the following static network route to your DLINK router (as per the instruction manual). Destination: 192.168.2.0 Netmask: 255.255.255.0 Gateway: 192.168.1.1 This tells your DLINK router that packets destined for the 192.168.2.0/24 subnet should be forwarded to the routing Server at 192.168.1.1. And since the routing server has an IP on the 192.168.2.0/24 subnet, it will send them out via the NIC on that subnet. When you have it all setup correctly, the client at 192.168.2.1 will send packets destined for the outside world to its default gateway (192.168.2.254. The Server will then forward these packets to its default gateway 192.168.1.254 (via its first NIC) to the DLINK router, which in turn will send it to the outside world, after performing some form of NAT. The return packets will hit the DLINK router, be de-NAT'd and sent to 192.168.1.1 once it references its Static Network route. So in short you will be using two internal subnets that are routed by your Server. At this juncture, you can then configured your Server to filter packets, since by definition all packets from 192.168.2.0/24 must pass through it when accessing remote sites. |
|
#5
10-12-2009, 10:51 PM
|
||||
|
||||
|
aprotosimaki, have you tested that setup?
|
|
#6
10-12-2009, 11:39 PM
|
|||
|
|||
|
Quote:
|
|
#7
10-13-2009, 05:55 AM
|
|||
|
|||
|
Quote:
I use this set up frequently. |
|
#8
10-14-2009, 12:22 AM
|
||||
|
||||
|
It sounds like a good setup, you have the windows machine working as a router yet still keep it behind the firewall that is the router.
I'm just a bit surprised that the static route is necessary. I imagine that as far as the router is concerned, all requests are coming from the server, not the devices that the server is routing to/from. So, I would think it would simply forward all those requests to it. I think of it as being a LAN that is behind two routers and NAT devices. I don't recall testing it specifically (although I think I may have, and I can test it tomorrow), but I'm pretty sure if you just do this kind of a setup: Internet -- > Internet port of router (router) numbered port <<->> internet port of second router (2nd router) numbered port <<-- PC The PC would still surf the web fine. Your setup makes me think that the first router would need a static route, but I've never heard that to be the case in that kind of a setup. Have you ever attempted this setup by having the server connected directly to the Internet, so that one interface has an Internet IP and another is the LAN? Thats what I've done many times, and it worked like a charm. |
|
#9
10-15-2009, 07:34 AM
|
||||||
|
||||||
|
Quote:
Quote:
So in my recommended setup the next hop router (DLINK) will see the IP address of the client not the Windows router. This is why a static net route is required, since the next hop router (in this case the DLINK) will not know where to send return traffic destined for the 192.168.2.0/24 subnet or, more precisely, it will send them back out its default gateway. Quote:
Quote:
Quote:
But if you make a connection from the Windows router, it will get the return traffic. Why? The DLINK router has an IP on the 192.168.1.0/24 subnet and therefore it knows to send packets destined for 192.168.1.1 out of the interface configured on that subnet (i.e. the 192.168.1.0/24 subnet is local to the DLINK router). This must be distinguished from the case where 192.168.2.0/24 is not local. The DLINK router will then make this type of choice. "I have return traffic destined for 192.168.2.1 (after de-NATing the packet). Is this subnet directly accessible? No it is not. Is there additional information in my routing tables that tells me where to send packets for this subnet? No, therefore I must send it out via my default gateway." However, the addition of a static net route to the DLINK router will cause a different set of choices to be made. "I have traffic destined for 192.168.2.1 (after de-NATing the packet). Is this subnet directly accessible? No it is not. What do my routing tables tell me? I have static net route for this subnet and it tells me to forward this packet to the machine at 192.168.1.1. Therefore I shall forward the packet to that machine and let it sort it out. And the Windows router will then send it on to 192.168.2.1, since that subnet is locally configured on it." There is a massive difference between the two set of choices. Quote:
I hope my explanation is not too tedious or patronizing (I just found out my wife is pregnant, so I am a bit knocked over!) |
|
#10
10-17-2009, 01:22 AM
|
||||
|
||||
|
You mention that the windows machine is not a nat..
BUT RRAS does indeed support NAT, and I've done it that way before... so in that case I'm thinking the static route will not be necessary. As for putting a windows machine on the Internet, I found it to be fine as long as you have good firewall software, like comodo. |
 |
| Bookmarks |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
