Two Nic one Server

vahiiid asked 1 year ago

Hi, I'll explain the network and then what I want to do.
I have a router which is connected to internet.
A cable from router goes to a switch and all other computers including a server with a Windows Server 2003 is connected to the switch so to share the internet connection and files.
What I want to do is to Connect the internet through my first Nic to the server and then connect the server via my second Nic card to the switch so everyone can share the internet connection and the files on the server.
I'm doing this to control the bandwidth usage of the users and block some websites as this is a workplace network.
As far as I know, I cannot do this on my current network as My switch is Unmanaged switch and my Router for internet is a basic D-Link DSL504t.

Please advice on how to configure the IP addresses, Default gateways, subnets, firewall so to keep the network protected and anything else necessary.

Thanks
Vahid

3 Answers
wimiadmin Staff answered 1 year ago

This is a great tool and very cheap. http://www.youngzsoft.net/ccproxy/

It'll work with your current network config.

Is your 2k3 server a Domain Controller? If it is, then this will be even easier to set up using GPO.

aprotosimaki answered 1 year ago

The way you are describing what you want to do seems a little odd to me and there a number of solutions. I say odd because you are overloading the use of your Server. That being said here is a rudimentary configuration that would work.

I am assuming that your DLINK router is a NAT gateway, through which all traffic to the outside world passes.

Already hanging off this DLINK router is your internal network, let us say it is using the 192.168.1.0/24 subnet. Let us also assume that its IP address is 192.168.1.254.

Step 1.

Assign the Server’s first NIC the IP address 192.168.1.1 and configure its default gateway to be 192.168.1.254, i.e. the internal IP of the DLINK router. Plug this NIC into the DLINK router. Test that you can access the outside world from the server. Once that is known to be working, proceed.

Step. 2.

Assign the IP address 192.168.2.254 to the Server’s second NIC. Do not assign it a default gateway.

Plug your unmanaged switch into this NIC.

Step 3.

Configure your Server as a router so that it will forward packets between these two subnets. Hard to test this until you complete Step 4, so proceed.

Step 4.

Hook up all your client machines to the unmanaged switch and give them IP addresses on the 192.168.2.0/24 subnet (e.g. 192.168.2.1, 192.168.2.2, 192.168.2.3, etc,) using 192.168.2.254 as their gateway, which is the IP address of the second NIC on your "routing Server".

Step 5.

This is a crucial but subtle step. Assign to your DLINK router, a static network route. According to the manual for your DLINK router this is quite easy to do (see page 57, under the heading Static Routing).

Quick background on why you need to do this.

Although your DLINK router will have no problem forwarding packets from 192.168.2.1 to the outside world, it will not known what to do with the return packets. The reason for this is that the DLINK router only knows about two subnets at this point, 192.168.1.0/24 and the rest of the world. And since return packets will have the destination address of 192.168.2.1, the DLINK router will treat them as the rest of the world and therefore use its default gateway and send them back out on to the Internet. This is *NOT* what you want to happen.

So you have to tell your DLINK router that packets destined for 192.168.2.0/24 should be sent to 192.168.1.1, the routing Server on your internal network. And this is done by using a static network route.

So given the topology I have just described, add the following static network route to your DLINK router (as per the instruction manual).

Destination: 192.168.2.0
Netmask: 255.255.255.0

Gateway: 192.168.1.1

This tells your DLINK router that packets destined for the 192.168.2.0/24 subnet should be forwarded to the routing Server at 192.168.1.1. And since the routing server has an IP on the 192.168.2.0/24 subnet, it will send them out via the NIC on that subnet.

When you have it all setup correctly, the client at 192.168.2.1 will send packets destined for the outside world to its default gateway (192.168.2.254.

The Server will then forward these packets to its default gateway 192.168.1.254 (via its first NIC) to the DLINK router, which in turn will send it to the outside world, after performing some form of NAT. The return packets will hit the DLINK router, be de-NAT'd and sent to 192.168.1.1 once it references its Static Network route.

So in short you will be using two internal subnets that are routed by your Server.

At this juncture, you can then configured your Server to filter packets, since by definition all packets from 192.168.2.0/24 must pass through it when accessing remote sites.

Kris Kris answered 2 months ago

And that does not work like this?

Know the answer? Login or sign up for an account to answer this question.
Sign Up