+ Post New Thread
Results 1 to 10 of 10
Windows Server 2008 Thread, Two NICs - Different Networks in Technical; Hi Guys & Gals, I have a server 2008 machine with 2 NICs. When i connect to our domain with ...
  1. #1
    phughes's Avatar
    Join Date
    Oct 2007
    Location
    Burnley
    Posts
    77
    Thank Post
    11
    Thanked 4 Times in 2 Posts
    Rep Power
    15

    Two NICs - Different Networks

    Hi Guys & Gals,

    I have a server 2008 machine with 2 NICs. When i connect to our domain with both NICs set with our IP settings, all is well. However, i want to use this server as a web server and have one NIC configured and connected to our domain and the other configured and connected to the CLEO network (we have a web gateway setup).

    My issue is... when i configure the NICs (in exactly the same way as another web server on 2003) i cannot connect to it. If i uplug/disable the CLEO connection, i can then access it again. I have configured this on numerous server 2003 machines and it has worked fine.

    • Does server 2008 have inbuilt NIC pooling that is getting confused because of different IP settings? Can i disable it?
    • Is there something else i am missing?

    The server is a SuperServer 6024H-82R.

    Any ideas?

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,029
    Thank Post
    887
    Thanked 1,723 Times in 1,488 Posts
    Blog Entries
    12
    Rep Power
    453
    By the way if someone compromises security on that webserver your internal school network is at risk. I highly recommend you don’t have the second NIC in your LAN

  3. #3
    phughes's Avatar
    Join Date
    Oct 2007
    Location
    Burnley
    Posts
    77
    Thank Post
    11
    Thanked 4 Times in 2 Posts
    Rep Power
    15
    Quote Originally Posted by FN-GM View Post
    By the way if someone compromises security on that webserver your internal school network is at risk. I highly recommend you don’t have the second NIC in your LAN
    Fear not. This is through a web gateway provided by county. Basically a redirect through county. All our internal domain requires authentication to do anything.

  4. #4

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,816
    Thank Post
    272
    Thanked 1,138 Times in 1,034 Posts
    Rep Power
    350
    Are you setting two gateways?

    You need to only setup the external Nic with a DG and the internal network is fine.

    Are you using Vlans internally?

  5. #5


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    The correct way to do this is put the webserver in a separate DMZ VLAN which is controlled by the firewall.


    Quote Originally Posted by phughes View Post
    Fear not. This is through a web gateway provided by county. Basically a redirect through county. All our internal domain requires authentication to do anything.
    That isn't really going to help, as @FN-GM points out if the web server is compromised they still have access to the internal LAN whether or not you have domain authentication.

    What firewall do you use?

  6. #6
    phughes's Avatar
    Join Date
    Oct 2007
    Location
    Burnley
    Posts
    77
    Thank Post
    11
    Thanked 4 Times in 2 Posts
    Rep Power
    15
    @CyberNerd We're currently using a smoothwall server. But we have bought a CISCO ASA 5505, not managed to get round to setting it up yet.
    @glennda No VLANS, tried all different configurations with DG.

    This server has dual LAN, could it be a server config that uses both ports that i need to turn off? Works perfectly fine with 2s IP on one network, just not one internal and one external.

  7. #7

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,816
    Thank Post
    272
    Thanked 1,138 Times in 1,034 Posts
    Rep Power
    350
    Set the default gateway on the external card and leave the internal card without one. It should then work fine as the machine will be able to communicate with all clients locally on the same subnet without requiring any routes set.

  8. #8


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by phughes View Post
    @CyberNerd We're currently using a smoothwall server. But we have bought a CISCO ASA 5505, not managed to get round to setting it up yet.
    Cisco ASA is really good kit. We have one here. Set it up and use a VLAN for the DMZ. Configure the DMZ so that only allowed traffic can flow back into your internal network.

  9. #9
    phughes's Avatar
    Join Date
    Oct 2007
    Location
    Burnley
    Posts
    77
    Thank Post
    11
    Thanked 4 Times in 2 Posts
    Rep Power
    15
    @glennda I tried that one, but as soon as i plug into the external my remote desktop session ends and i can no longer connect / communicate from internal.
    @CyberNerd I will one day! I need to get port forwarding working too, but i cant do this while school is live and our holidays are completely booked up with work. School are also cutting our staff down to 2 and adding primary schools to support (you know how it is)

  10. #10
    phughes's Avatar
    Join Date
    Oct 2007
    Location
    Burnley
    Posts
    77
    Thank Post
    11
    Thanked 4 Times in 2 Posts
    Rep Power
    15
    Right, sorted it!

    Turns out that when adding remote desktop users and it says "DOMAIN\administrator already has access", this is only the case up until you plug into a public network. Then you have to add domian admin to the group otherwise no user can from the domain can remote to the server.

    By adding this user this apparently meant that request was granted by Windows Firewall as the request was being blocked by one of the public profile inbound rules.

    Thats a new one
    Last edited by phughes; 27th March 2012 at 11:02 AM.

SHARE:
+ Post New Thread

Similar Threads

  1. Two Nics Two Internet Modems
    By jmair in forum Windows
    Replies: 5
    Last Post: 13th July 2009, 04:24 PM
  2. Replies: 3
    Last Post: 21st February 2008, 08:50 AM
  3. two NIC's on email server
    By Samson in forum *nix
    Replies: 13
    Last Post: 2nd April 2007, 02:08 PM
  4. Replies: 9
    Last Post: 11th January 2007, 10:31 PM
  5. Replies: 2
    Last Post: 12th October 2006, 12:44 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •