Setting up multiple IPs on Windows Server 2003

  • Thread starter Thread starter citizenswift
  • Start date Start date
C

citizenswift

Hi,

I'm afraid I'm not very experienced in this area and hope someone out
there can help.

I have two NICs in my server and have been given multiple IPs by my
ISP. As we want to run two secured sites using SSL I want to assign two
public IPs to the server.

It seemed fairly straightforward. I set the router's private IP to
match it's public one and set the subnet mask to 255.255.255.252. Then
I turned off NAT.

In the server, I set the IPs of the NICs to two of the remaining three
I acquired from the ISP, but it wouldn't accept the same subnet mask.

This is where my inexperience tripped me. I set the subnet mask to
255.255.255.0, purely because it didn't complain about it and I could
then access the router again. I couldn't access the internet, though,
so I thought perhaps the subnet masks needed to be the same on the
server and the router.

Since I changed the subnet on the router to 255.255.255.0, I haven't
been able to access it at all!

Does anyone have any idea what I need to do to access my router again?
And once I've done that, how do I get these multiple hosts running on
separate IPs in the same server?

Please help!

Many thanks,

Chen.
 
Hi,

I'm afraid I'm not very experienced in this area and hope someone out
there can help.

I have two NICs in my server and have been given multiple IPs by my
ISP. As we want to run two secured sites using SSL I want to assign two
public IPs to the server.

It seemed fairly straightforward. I set the router's private IP to
match it's public one and set the subnet mask to 255.255.255.252. Then
I turned off NAT.
Click to expand...


Turning off NAT is not the same thing as bridging. If you want to use a
router, you'll need a /30 (255.255.255.252) network between your router and
your ISP's router that is different than the subnet of the three IPs for
your server, and your ISP will need to put a route in place to send traffic
to your servers via the router's IP address. This will comsume 4 IP
addresses for the /30 network, plus the three for your servers, a total of
7. I doubt they want to do it this way. You didn't say what kind of Internet
connection you have. For DSL, you'd just set the router up as a bridge. It's
usually a simple setting like a checkbox. The actual bridging authentication
and such is set by the ISP by phone number. Then you connect your 3 NICS to
the LAN ports, with a different IP address on each NIC. Or you can assign
all three IP addresses to the same NIC (which is what I'd do unless your
bandwidth for all 3 is going to exceed 100 megabits).

In the server, I set the IPs of the NICs to two of the remaining three
I acquired from the ISP, but it wouldn't accept the same subnet mask.
Click to expand...



You probably crossed the boundary of a /30 network. there are only 2 usable
IP addresses, i.e. if you were given 24.24.24.16 mask 255.255.255.252, your
usable IP addresses would be .17 and .18.


This is where my inexperience tripped me. I set the subnet mask to
255.255.255.0, purely because it didn't complain about it and I could
then access the router again. I couldn't access the internet, though,
so I thought perhaps the subnet masks needed to be the same on the
server and the router.

Since I changed the subnet on the router to 255.255.255.0, I haven't
been able to access it at all!

Does anyone have any idea what I need to do to access my router again?
Click to expand...

Do a reset to factory defaults. There's usually a button somewhere.
Sometimes you just press it once, sometimes a sequence of presses, and
sometimes you have to hold it down while you power up the router.

And once I've done that, how do I get these multiple hosts running on
separate IPs in the same server?
Click to expand...

That is probably beyond the scope of a newsgroup post. You can set up
virtual sites, and specify the IP address to use if you're using IIS. If
you're using 3rd party webware, you'll have to read the book.
 
Thankyou for your replies.

It's a Netcomm NB5580 on a DSL connection.

I'll try the things you said, Kurt, and post again.

By the way, it looks like the ISP is suggesting 255.255.255.255 on the
gateway and then 255.255.255.252 on the server(s).
 
Ok. Thanks to your suggestion, I have regained access to the router!

There doesn't seem to be any 'bridging' options in the router's
settings. Before, I just went to the DHCP page and checked 'disable',
but I'm guessing that's not what I'm supposed to do?

As far as setting up IIS is concerned, I don't think we have any
problems there. Once we have the IPs properly assigned to the NICs, the
rest should be plain sailing!

Thanks,

Chen.
 
CitizenSwift said:
By the way, it looks like the ISP is suggesting 255.255.255.255 on the
gateway and then 255.255.255.252 on the server(s).
Click to expand...

No they can't be. 255.255.255.255 is a broadcast address and cannot ever be
assigned to anything.
 
Actually, one local ISP here uses 255.255.255.255. for the subnet mask of
hosts. I'm not real clear on how it works, but it does. Basic networking
tells me it is a network of 1 host, so I guess it forwards everything to the
default gateway and doesn't allow browsing of any other hosts. But
255.255.255.252 is not a large enough mask for 3 IP addresses, so I'm not
sure where they were going with that. I've tried enering a /32 mask in
Windows and it won't accept it. I'll give a try on a router when I get the
chance.

....kurt
 
After a short conversation with my ISP, they said that x.68 can't be
used, so I only have x.69 and x.70 to play with. Apparently there is a
x.71 that I can't use as well.

The router is on x.32 and I set the WAN IP to that. Then I set the
private IP to the same.
255.255.255.255 isn't available in the private IP subnet drop-down
menu, so I select .252 (I'm guessing this is the appropriate subnet for
my LAN).

There isn't the option to select a subnet for the WAN. There is a drop
down to change the network type (?) with PPPoA and PPPoE etc, and some
of those let me enter a subnet, none of them use the word 'bridge'
though :(

I'll post the list of network type options tomorrow, I'm not at work
right now and can't remember off the top of my head.

Have a great weekend, guys. Thanks for your help so far!
 
I don't believe that will work. You'll need to configure the x.x.x.32
address (with a subnet mask and gateway also provided by your ISP for that
subnet) on your public side and use a subnet mask larger than
255.255.255.252 on the LAN Side. Otherwise, you're limited to one IP address
for your router and one for your host. The subnet would be x.x.x.68/30 (or
x.x.x.68 - mask 255.255.255.252). That leaves you with two host IP
addresses, x.x.x.69 and x.x.x.70. If you use one of them on your router,
you'll only have one left. The easiest thing to do would be to use a mask of
255.255.255.248 on the private side of the router and give it an IP address
of x.x.x.71. Unless there is something in the range of x.x.x.71 - 75 that
you need to get to on the Internet, that should satisfy your routing
requirements. You'll need to use 255.255.255.248 and the mask on the private
side of the router and on your Host NICs.

Router config:

Public IP address x.x.x.32
mask 255.255.255.0?
G/W x.x.x.1?

Private IP address x.x.x.71
mask 255.255.255.248

Hosts IP Address x.x.x.69 (and 70)
mask 255.255.255.248
G/W x.x.x.71

....kurt
 
Thanks Kurt. I couldn't get that to work, although I didn't enter
anything into the Public G/W. I don't have that information, is the ISP
supposed to provide it?

The options I have in the 'ADSL Connection Type' drop-down are:

1)Gateway using LLC encaps (dynamic IP)
2)Gateway using LLC encaps (static IP)*
3)Gateway using classical IP*
4)Gateway using PPPoE
5)Gateway using PPPoA
6)Router using LLC encaps (dynamic IP)
7)Router using LLC encaps (static IP)*
8)Router using classical IP (unnumbered IP)
9)Router using classical IP (static IP)*
10)Modem using LLC encaps
11)IP unnumbered over PPPoA
12)IP unnumbered over PPPoE

I put a '*' next to those that enable me to enter subnet details and
I'm actually trying to use number 7.
 
You still haven't said whether this is DSL, but from the options, it looks
like it. You'll need to consult the manual for the router to see what they
mean by "gateway" vs "router". Most DSL is PPoA (Point-to-Point over ATM).
You need to find out from your ISP how you are to connect. The private side
IP and public side IP must not only be different addresses, but on different
subnets. That's what routers do - route between _different_ subnets or
networks. Because they gave you an address other than the ones assigned to
you, I'm assuming they meant for you to route, but this is just an
assumption. Maybe they meant that .32 is the ISP's gateway. If that's what
they meant then you'll need to configure the router as a bridge (maybe
that's what they mean by "gateway" in the router config). If the router is
configured as a bridge, it has no IP address of it's own. It just acts as a
protocol converter between etherenet on the private side and PPP over ATM on
the public side. But, assuming you are routing (which is most likely), you'd
be set up something like this (all ip addresses are fictitious):

Internet
|
ISP ROUTER
23.24.25.1/24
|
23.24.25.32/24 g/w 23.24.25.1
Public Interface
YOUR ROUTER
Private Interface
65.66.67.71/29
| |
65.66.67.69/29 |
g/w .71 |
COMPUTER1 |
|
|
COMPUTER 2
65.66.67.69/29
g/w 65.66.67.71

Your ISP has to have a route to 65.66.67.68/30 via 23.24.25.32.

The only perplexing part is why they would tell you to use a /30 subnet
mask, knowing that you'd need one of the two valid addresses for your router
nterface. There are several possiibilities, some routers allow you to assign
a range of IP addresses to the public interface, then NAT as you see fit,
forwarding ports to private IPs on the inside depending on which IP address
gets the request from the outside. There's a good possibility that they
assumed that kind of capability - people requesting multiple IP addresses
usually have the equipment to handle it (i.e. a Cisco router). If they did
mean for the .32 IP address to be the public address of your router, then
they also need to provide you with a subnet mask and gateway.

....kurt
 
We finally worked it out! (After a call to the Netcomm customer service
dept)

Turned out there was no need to enter the external IP in the router, we
just selected IP unnumbered over PPPoE, then put the first of our
allocated IP range into the private IP section, along with the .252
subnet. Of course, you're right, it didn't make sense that we had to
use up both the useful IPs in the subnet, one for the router and one
for the web server, but we just wanted to get it working before we
ordered more IPs.

We've now ordered a bunch of 8, giving us 6 useful IPs to use :-)

If anyone else has the same problem with Netcomm NB5580, trying to
assign multiple IPs to a web server to enable SSL, use 'IP unnumbered
over PPPoE' and disable the firewall. Easy when you know how, I guess!

(That paragraph for the Googlers ;-)

Thanks to all of you for your help, especially Kurt.

All the best.

Chen.
 
Back
Top