Hi all, Could anyone tell me how to config multiple nic card in same PC? I'm currently using WIN2K Professional version on Dell laptop. One lan is build-in, the other is PCMCIA Xircom lan+modem card. I tried to connect to difference network; internal and external.Both using DHCP, they already have correct network address on both card.Still I can't use both at same time or sometime even can't use them both. Please help!

Placing multiple Nics in w2k (called multihoming) allows you to route packets across otherwise dissimiliar interfaces and/or subnets. This type of setup will require you to set up either a DHCP superscope or manually add both Ips in your primary DHCP scope if you want to set up and/or give out DHCP IPs on both networks seperately. (Setup a superscope if your IP's and subnet's are dissimilar (e.g. 192.168.0.1 and 207.224.18.10 with netmask of 255.25.255.0 and 255.255.255.248 respectively) - You should set the scope to read two internal NIC Ip #s (e.g 192.168.1.2 and 192.168.1.3 both with a subnet mask of 255.255.255.0) only if you are otherwise using a NAT router and are firewalled (e'g Norton or Zone alarm) and routing accordingly to internal ips using a (set route add command - I'll show you that later as an e.g.) and letting your eth0 router interface use an internal IP # like 192.168.0.1 to filter your VIP0, VIP1 or WAN0-0 "outside ISP assigned" ip address to NAT the traffic to your internal network machine. I'll ASSUME you don't have routed traffic this way though and will instead tell you the way to get to the basic NAT setup and multihome a W2K machine to setup your PC as the router. An example of a network setup for routing through multi homed would be something very similiar to this: NIC #1 Ip 192.168.0.1 Subnet = 255.255.255.0 DNS server (you have 2 choices here) either use the publicly assigned DNS from your ISP if you can - or set up DNS on your own on the 192.168.1.0 interface. To do this properly you must figure out which IP binds first on bootup in your pc and assign that as your internal IP host and the second one as your public IP host. To figure out which boots first in the machine attach a ethernet (or whatever your using for cable) line to your hub and boot up. Whichever one says LAN is your private host card and the one that says LAN#2 is your public host NIC. Assign an address to the private NIC of 192.168.0.1 and rename it Local or something similiar - then add Nic #2 and assign it your public IP (if you were given one by your isp) and rename it public. If you are on dial up you will want to assign this as your dial up interface and allow for dhcp from your provider to set you up with an ip. Otherwise you (e.g.) want a public # on the public NIC to use an external IP like (207.224.18.10). Most likely if you have an assigned IP# you'll have a public subnet of 255.255.255.248 to use on the public NIC. Use a subnet (with a non-routable IP such as your private 192. #) and post 255.255.255.0. as your subnet on your internal NIC so it can't be routed to from outside your network. If you use 255.255.255.0 though remember that this leaves you room for only 1 subnet on the internal network with up to 253 hosts (one is your network (192.168.0.0 - one is your broadcast 192.168.1.255 - and one is your gateway 192.168.0.(1 is usually the gateway but you can assign anythign in the list for this from 1 to 254) so for a 0 to 225 range that's 256-3=253 possible hosts). If you don't have that many pcs you can modify your private subnet to read 255.255.255.192 instead and have 4 subnets available and 64 hosts per subnet which allows some future expansion flexibility, that of course requires a different setup though which I won't get into but you'd modify any subnet info acordingly throughout as needed. Either way with w2k the default on NIC1 Private is 192.168.0.1 with 255.255.0.0 and my suggestion would be to change that class B subnet to a class C and use the 255.255.255.0 instead (again it's your choice). Whichever way you go you'll have to tell DHCP which one is used in your primary setup scope. (I'll assume 255.255.255.0 though from here on out. In your case now you'd want to setup DHCP, RRAS & DNS. So you can do this: Set DHCP up with the scope 192.168.0.0 and a subnet of 255.255.255.0 - and create this as a new scope (if you plan to host your own DNS then point the DNS requests to 192.168.0.1 (to resolve your internal network names requests for info first before hiotting the internet as the primary DNS) and use your ISP DNS for secondary and third options as allowed for naming resolution or use them 1st and 2nd if you don't plan to host DNS!! Set a metric route of 2 on the internal nic using advanced tcp/ip functions on the NIC1 card and since you are hopping your 2k box now as a router this will let it reach hop-2 as your ultimate objective for name resolution on the internet when required (through either your modem or ISP router) so when requested by an internal network machine you can resolve www addresses also. If you'll use WINS for naming resolution set up the WINS server to use the 192.168.0.1 (first bound IP) address again and enable netbios on the the private NIC (this requires the netbeui protocol to be loaded and used on Private NIC as a protocol). Disallow netbios on the public NIC to prevent netbios scans and many attack types from the outside (even though this is not sure fire means of preventing attack it helps to keep certain enumeration packets from getting in to your private nic) and controlling your ip. If you have a hosts file - then you can allow lmhosts to be seen on NIC#1 (otherwise disallow would be my suggestion). On NIC #2 - your address will be your public IP of 207.224.18.10 or whatever you've been assigned (NOTE: do not squat on this address or use this address as it PROBABLY belongs to someone who would be pretty PISSED OFF if you start using their address for resolution) - This is for example only - and no this is not my own address). Set the subnet you were given (usually 255.255.255.248 (ISP assigned which allows for 5 public hosts and 1 gateway - 1 broadcast - 1 network IP) or 8 total used .... 0 to 255 makes 256(-8)= .248 If your going to setup your own DNS then allow dynamic updates but don't allow zone transfers (or at least keeps them from allowing "any" server to copy the zone (this way you are somewhat protected from spoofing) and allow for transfer to only known servers. If you setup by default using the DNS wizard it might set up the primary zone (unless you are using active directory) with a zone called (.) yes thats just a dot. delete this zone and restart DNS server through control panel/ services. This allows you to set a forwarder for resolution to your ISP DNS servers. Set your public NIC DNS servers to read from your ISP DNS servers only and on both NICS there is no gateway required ***** Next in DNS create a reverse lookup zone with the name (of your choice for your zone usually xxxxxxx.com or www.xxxxxx.com with whatever your domain name is (whatever you name your forward zone is ok) and it will append a .dns to the end of that name which then becomes the resolved name of your DNS server. Use the numbers 192.168.0 as your reverse zone primary address during setup of the reverse zone and create a 2nd reverse zone for 207.224.18 to resolve your extrenal IPs if you plan on setting up a w2k IIS server or FTP site, RAS server, etc. Then go into your primary forward zone and create your A hosts (anything 192 or 207 related create an A host for). Then create a responsible person contact under other host options and place your e-mail address (hotmail, etc.) as the contact point listed for your DNS "if you want the DNS to resolve outside your internal network" (again IIS, etc). Lastly, open the properties on your forward and reverse zones and modify the responsible person address to read your actual e-mail address (hotmail.com or whatever) and then create A hosts for any of your publicly seen addresses (207 addr.) and create a 2nd reverse lookup for that range using the 207.224.18(.X) example for your resolving public zone config... (Again don't allow (any) zone transfer unless you have other zones specifically listed that "you own" and that you want the dns server copied too. If you don't so this you can have your tables stolen and re-routed by anyone at all pretty easily just by them making the request. If you have a port addressing scheme on your router you can go one step further and allow tcp and udp in on just that port and then tell your nics to permit only that port # on tcp/udp under the advanced properties boxes for each NIC. *Note - This disallows a lot of port scanners and script kiddies from getting to your internal box (again it won't keep them all out but the enumeration takes a little longer so they might move on faster if your only open on one port). If you run a webserver or FTP you'll have to open port 80 (dangerous because of code red) and 21 (highly known scanned port) or you can set up NAT to redirect those port requests to an internally resolvable address and port like 192.168.0.1 port (e.g 4221 FTP and 4280 for HTTP) and by using a map command like: set nat entry add 192.168.0.1 4221 207.224.18.10 21 FTP and another: set NAT entry add 192.168.0.1 4280 207.224.18.10 80 TCP You can also add to the end of each line the metric (e.g. metric 2) as needed. But this is beyond the scope of this explaination). Anyway, next enable WINS (in the private NIC properties) if you'll be using netbeui for network resolution and point it to 192.168.0.1. Next start WINS (or add it from add/remove programs in control panel) and name it with the name of your server or IP of 192.168.0.1). It should resolve either way of you enter the server name right). Set the renew rate for whatever you want (mine is 15 minutes) and the rest is basically default in most circumstances. close this and open up DHCP again - Check your defaults and set these options: Enable audit logging (check path for log path so you can see who does what, when & where later). DNS= auto update-always update-discard froward to name-enable updates for non-clients. Conflict detection attempts (I set to 0 but you can have resolution for 1 if you want) and make sure the binding s include both your IPs of 192.168.0.1 and 207.224.18.10 (or whichever your public IP is of you machine - NOT what your gateway address Ip is!!) Make sure you name your internal scope (like 192 Internal or something) make the start address 192.168.0.1 and end address 192.168.0.254 (this actually should have been done when you setup your DHCP if you went automatic with active directory) and set the lease perios (in learnign mode I set for 5 minutes. Once a system is stable you can set the lease for 30 days - I use 8 days - do what you are comfortable with). For DNS (still in DHCP) options set options autoupdate - always update - discard forward to name lookup - enable update for non-clients and advanced = DHCP only. Set the DHCP address pool (192.168.0.1 - 192.168.0.254) and exclude 192.168.1.1 to 192.168.1.20 and also th high end of 192.168.1.240 - 192.168.1.254 (suggested) for static IP assignment to your internal boxes. Create reservations on your machines in your network liek your server (192.168.0.1 and post the physicall address (MAC address) as required (use a command prompt and type ipconfig /all to get these physical addresses you need. Create a reservation for each box you have that you wnat a static address on (and if you wnat you can create another scope or Superscope to include your 207 addresses and then reserve their addresses as well (again - beyond this explanation).... Set the Scope options (2k requests if you want to do this - say yes) set router address as 192.168.0.1 and then set the DNS addresses as the "ISP" DNS servers... Next under server option for DNS if you set up DNS locally make option #1 192.168.0.1 and then list the 2 other ISP DNS servers after that. Set a DNS domain name of whatever your domain name is (unless you are in workgroup only and haven't run dcpromo to go active directory.... next set the server option for WINS/NBNS server to 192.168.0.1 and use option WINS/NBT and set to 0x8 For the DNS options set the server name and choose your interfaces as 192.168.0.1 and 207.224.18.10 (again e.g on that public IP). select forwarders and i9nsert your ISP DNS servers here so you can resolve www requetss outside your own domain or workgroup. Do Not use Recursion. You can test your setup now by choosing DNS and selecting the server and right clicking to properties (select monitering and test the simple and the recursive) you should pass on both if your setup right to resolve internal and external host addresses. Under advanced options select bind secondarys-enable roundrobin-enable network ordering... defaults....test through monitering. If you can't resolve make sure you removed the (.) zone from your DNS and set the forwarders for resolution outside the internal network to resolve your web requests to your ISP DNS servers. In DNS set your properties to to start SOA using your primary server name or address (created a host record you should be able to walk the tree to browse to now) of 192.168.0.1 and make sure name servers are set to use 192.168.0.1 and 207.224.18.10 (e.g) - select wins lookup address as 192.168.0.1 and again on zone transfers I set mine to only those listed as my choice (not allow anyone who requests it). Still in DNS options set the wins reverse lookup zone to 207.224.18 (it adds arpa to the end of that and that becomes you zone name) and again be sure you created A records for hosts so you can resolve those addresses using wins and DNS. Go to RRAS and open (use configure RRAS) to start the wizard if needed - Add server (insert server name here or address or use local computer, etc) Enable this pc as router only (for now) check router box, security = defaults, Ip = enable IP routing and allow Ip Based etc., Let it use DHCP as it's already setup (default this with NO check or it will use ICS setup and null everything you've just done) Use the IPX and Netbios defaults (easiest way for now) under PPP check all 4 options and note the log path for later veiwing, event log = enable ppp logging..... Under General - (1) public properties = Enable Ip manager Config=207.224.18.10 subnet 255.255.255.248 (or whatever you ISP assigned netmask you got earlier) Adv. - Interface metric = 1 (2) Private properties = Enable Ip mangr. config = 192.168.0.1 subnet = 255.255.255.0 (or whatever you chose in setup on private NIC#1) Adv. = Interface metric =2 create a static route = 0.0.0.0 subnet = 0.0.0.0 gateway = 207.224.18.10 (public IP#) Metric = 3 (to be safe - could be 2 though). if you use multicast you can set IGMP for public = proxy up 0.0.0.0 and private = router V2 Querier 192.168.0.1.... ** Note if you do this and you start multicasting away from myour private subnet you will beflagged by IANA and catch crap from the Govt for broadcasting the net (not good). So if you don't have machines on other subnets you tunnel to then leave the IGMP option out of the eqaution!! Under RRAS NAT properties - general and translation can = defaults address assignment - 192.168.0.0 subnet = 255.255.255.0 (e.g. again) DO NOT USE THIS DHCP as this again is th ICS Setup method for RRAS..... Exlude = n/a Name Resolution = clients using DNS ... IPX Routing=All Defaults Make sure in WINS you have server="servername" or 192.168.0.1 and renew = amount of time of wins lease (mines 15 minutes like I said). Add your users under either computer management or active directory users and computers and be sure to reboot when it asks you to make changes effective. That is how to NAT setup your w2k LAN multihomed server.