Two network connections on single WinXP system.

[Dell]

I have a PC that needs access to an internal network, primarily for printing
resources, and to an external DSL connection for direct Internet access. Not
having the resources (or experience) to buy a true routing switch, I'd like
to install a second nic for the internal network, and only have traffic going
to two or three specific IP addresses communicate via this port; all other
traffic should go via a consumer router to the DSL modem. I do not want any
routing to take place through the PC between the Internet and the internal
network; the internal network uses 10.x.x.x and communication to the router
will be to 192.168.7.1 (or whatever I want it to be.) All DNS queries should
go to the router and Internet; internal DNS is not necessary as the printers
have static IP's. Of course the machine will be locked down as much as
possible against virus, spyware, trojans, etc. with a real 3rd party firewall
(not the WinXP SP2 firewall.) The only incoming port to be opened on the
router's & PC's firewall will be for FTP, and from what I understand,
Filezilla can be configured with good security settings (long & complex
usernames & passwords, disable most brute force attacks, etc.). Any
suggestions appreciated on how to configure the XP system's networking would
be appreciated.

 

[Jack \(MVP-Networking\).]

Hi
If each NIC is sitting on a different network it should work (which is so in
your IP example).
However only the Network that sits on the Cable/DSL Router would be able to
access the Internet.

I am not totally clear about everything that you want to do.

If the computer with the two NICs runs WinXP Pro you can use WinXP Pro
Bridging capacity to Bridge the two Networks and get the second Network
going to the Internet too.
This page (not exactly your configuration but describes well the principle)
have info about Bridging.
http://www.windowsnetworking.com/articles_tutorials/wxpbrdge.html

Make sure that you understand Bridging so that your security needs would not
be compromised.

Jack (MVP-Networking).

 

[John B]

So you've got a double homed XP computer. No big deal. Yes, you need two
NICs there, one of which is likely the integrated NIC in your modern
motherboard; the other is a PCI plug-in expansion card. I suppose there are
ways to do the "other net" with USB, but let's not go there now.

I don't like your use of the word "internal" for one of the networks. Both
nets are internal. Nomenclature is important, especially if you're wishing
to collaborate with other people. Why don't you simply call your two
internal networks "Wired_netA" and "Wired_netB"? (Name them accordingly in
your XP computer.) Let netB operate at 192.168.2.x and netA be at
192.168.1.x. NetA connects router and computer. NetB connects computer and
all other devices you spoke of. By default, the computer won't route these
two networks; I've been trying to DO that without success, and you might dig
around in this newsgroup to see how that's done (search on my name) in case
you want to steer clear of routing, as you have indicated. Be sure to set
your subnet masks at 255.255.255.0 if you follow my addressing
recommendations.

I don't know why you've chosen a Class A net (10.x.x.x) for the tiny net
that I call "NetB." The use of a Class A address implies a colossal
installation, which obviously is inappropriate.

While you're at it, you might want to investigate what the word "network"
means in the parlance of TCP/IP. A textbook would help.

Here is an overly-complex dissertation
http://www.networkcomputing.com/unixworld/tutorial/001.html on IP
addressing, defining Classes A, B, and C. Stick to Class C if you want lots
of company, which I recommend.

Modern routers are eminently configurable, to block or enable various
features of the TCP/IP feature set, but as you have indicated your reticence
to get into that, the simple solution is as described above: two Class C
nets with no bridging or networking.

By the way, you said "DNS isn't necessary...in the internal network." More
to the point, it isn't AVAILABLE. You MUST assign all IP addresses on NetB
statically. Be sure to set your subnet mask consistently with the class of
network you've chosen. A Class C subnet is therefore 255.255.255.0; that's
FF.FF.FF.0 in hexadecimal.

A high comfort level with hexadecimal addressing and digital electronics
design would bring sense to the otherwise-seemingly bizarre nature of subnet
addressing. None of this is necessary if the ordinary user sticks to the
well-beaten path of Class C addressing.