Dual NICs and router - separate WAN and LAN

Microsoft Windows small business server...
October 20, 2011 at 07:40:39
Specs: Windows Server 2003, P4 DualCore 3.2GHz/3GB RAM
I wish to have the two network cards in the server machine to handle LAN and WAN separately.

NIC2 should handle all in/out WAN traffic emanating on the server while NIC1 should handle all in/out LAN traffic between server and clients.

Here is my network topography illustrated in full handrawn splendor:

http://i54.photobucket.com/albums/g...


See More: Dual NICs and router - separate WAN and LAN

Report •

#1
October 20, 2011 at 08:58:12
incorrect design. might want to consider what purpose you are trying to address. your design would have both nics in the same subnet which accomplishes nothing.

if you are trying to increase bandwidth to the server you would use adapter teaming and a managed switch that supports that.

correct design

internet<>modem<>router<>nic2>[server]<nic1<>switch<>lan/pcs
which would give you the ability to install traffic shaping/internet monitoring/restricting.

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •

#2
October 20, 2011 at 13:10:03
Thank you for replying!

The design is quite intentional. I dont want ANY of the LAN clients to have to go THROUGH the server to get at the WAN port.

The switch you see in my diagram is there only because the server, modem and router are are physically separated from the four wired clients as they sit one floor above in the building, so it s a simple uplink as I dont want 4 cables coming down from upstairs. This switch is to be exchanged for a Gbit switch in the near future.

I simply want to be able to give one set of FW rules for the LAN adapter and another set of rules for the WAN adapter.


Report •

#3
October 20, 2011 at 13:28:18
You would put a switch in the 4 pc location. The single line between floors would go to the router as would the server on a single line to the router.

There is no need to use two ports in the server.

I am curioius as to this statement
"I simply want to be able to give one set of FW rules for the LAN adapter and another set of rules for the WAN adapter."

How do you propose to do that?

Understand I am asking this from a perspective of 18 years in the field of networking and servers.

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •

Related Solutions

#4
October 20, 2011 at 23:35:50
Thanks for continnuing to try to help me with this.

As you already know, multiple network interfaces (NIC s and custom connections like VPNs etc) show up as separate entries on the advanced tab in the windows firewall. This makes it extremely easy and convenient to deal with firewall settings as you can do it on a per interface basis.

That is why I want all server traffic coming in from and going out to the LAN to pass through one NIC and all server traffic coming in from and going out to the WAN to pass through another NIC.

All the wired clients and the wireless one access the WAN directly through the hardware router.

I m sure theres other ways to accomlish this through software configuration but to me, this seems like such a straightforward and intuitive way to do it.


Report •

#5
October 21, 2011 at 15:32:57
what is it you think you are addressing?

Increased bandwidth? no
Increased security? no

Lets look at a local dns request. A pc makes a request of the server for yahoo.com ip address. MS server DNS doesn't know so it forwards to the internet out the wan port to get a answer. Answer comes back via the wan interface.

How is the MS dns server going to know to take that answer and send it to the lan port? You aren't routing. No tables to consult.

Now if you point the workstation to the gateway or isp dns server for dns you can't join a pc to the domain nor will you have any local name resolution since you are pointed to the internet that has no knowledge of your local network names.

You have a tag saying SBS which infers running Exchange. Oh boy let the fun with email begin as exchange tries to figure out where to send mail.

Standard operating procedure is to either use two interfaces with routing in the server [RRAS] or use just one nic for all.

You appear determined to do this in a unconventional way. Let us know how it works out for you.

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •

Ask Question