2 NIC Cards – External and Internal IP Addresses – Odd Setup

55 pts.
Tags:
External IP Addresses
Internal IP
Microsoft Windows Server 2003
NIC
I am in the process of re-doing the configurations of a few production webservers but find myself at a loss with the following issue. There are 3 external facing webservers w/ a external IP and a internal IP as well. They are not on a DMZ. The servers should continue to function regardless of the state of the internal network however they do not. Below is a example of the setup. Server 1: External IP: 65.1.xxx.xxx External DNS: 67.1.xxx.xxx External Gateway: 65.2.xxx.xxx Internal IP: 10.0.12.80 Internal DNS: 10.0.12.1 Internal Gateway: 10.0.12.2 Server 2: External IP: 65.2.xxx.xxx External DNS: 67.1.xxx.xxx External Gateway: 65.2.xxx.xxx Internal IP: 10.0.12.81 Internal DNS: 10.0.12.1 Internal Gateway: 10.0.12.2 Server 3: External IP: 65.3.xxx.xxx External DNS: 67.1.xxx.xxx External Gateway: 65.2.xxx.xxx Internal IP: 10.0.12.82 Internal DNS: 10.0.12.1 Internal Gateway: 10.0.12.2 I've asked the individuals who originally set this up why its setup in this manner but they don't 'know', they just know it works but doesn't when you mess w/ internal NIC settings. The physical aspect looks like this: T1 (ISP Internet) <--> Cisco Router <--> Switch <--> Servers 1,2,3 <--Switch--> LAN <--> DSL You can see why I don't like how it is presently configured. The cisco router is nothing more than a interface for the T1 and doesn't provide anything aside from inet connection.

Answer Wiki

Thanks. We'll let you know when a new response is added.

1. I don’t see a question here.

We’ll need more details:
* What OS on the servers?
* What does the routing table look like on each server? This setup is doable, if you have the right things routed out the right interfaces.

Discuss This Question: 7  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Faustcoder
    OS is Windows Server 2003. Ill report back the routing table next.
    55 pointsBadges:
    report
  • Faustcoder
    The issue is that these are external facing servers and that there isnt any segregation between external and internal networks. These should be on a DMZ shouldnt they?
    55 pointsBadges:
    report
  • Kevin Beaver
    When they stop functioning, what do they do? Can you just put them on the external segment only? Or, just bring them inside and use NAT or port forwarding?
    17,800 pointsBadges:
    report
  • Faustcoder
    Well problem sorta solved. The traffic goes out thru my LAN and not thru the cisco router.
    55 pointsBadges:
    report
  • Faustcoder
    @Kevin When they stop functioning the webapps they host can't be reached. I plan on creating another router using pfSense. (As I mentioned earlier the Cisco is nothing more than a interface to the T1 connection.) I don't know yet if I want to bring them in and just use NAT or create a DMZ and leave them on the outside. It's a odd setup they have for the webapp. Example: WebApp gets data from client and sends that data to a middle database which sends the data to the main production database. Files that clients upload are accessed by our users via a network share directly to WebApp. If I create a DMZ Ill have to figure out how to have users access files and make sure the data still reaches main database. If I use NAT it should continue to work w/o any problems but I would like to have users on LAN separate from production servers.
    55 pointsBadges:
    report
  • Kevin Beaver
    The first solution you mention will be ideal but, man, it can be a beast getting everything talking to each over various interfaces (case of security over convenience like I talk about here). The latter would be much easier...many people still do it that way. Perhaps you could put servers internal and install personal firewalls (i.e. Windows Firewall) on them to keep users out?
    17,800 pointsBadges:
    report
  • Faustcoder
    @Kevin Agreed, I've decided to keep it simple and just secure systems even more. A DMZ would be nice but the setup and time would be more than I can handle at the moment. Thanks again guys!
    55 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following