Two NIC's in one 2000 server

  • Thread starter Thread starter Boya
  • Start date Start date
B

Boya

I have one windows 2000 server with 2 NIC's in that, one
is attached to Public IP address and other is attached to
local LAN.
On this server, our web site is running, people from
outside can't get into website. But from the server i am
able to go to the Internet. So I removed Gateway for
Internal NIC after restarting the Server, for few minutes
people can able access our website. After some time like
10 mins, even I cann't able to access the Internet from
the server and outside people cann't able get into our
website.

Please give me some suggestion as how to resolve the
problem.

Thanks in advance
 
in message
My comments within...

: I have one windows 2000 server with 2 NIC's in that, one
: is attached to Public IP address and other is attached to
: local LAN.

attached? You don't attach to an IP address. You attach to an
interconnectivity device. You assign an IP address. Is that what you're
referring to? If you're connecting your server to a private network and a
public network you may soon be compromised.

: On this server, our web site is running,

Then it shouldn't be on the private network if this web site is public.

: people from
: outside can't get into website.

Then this is a routing or naming [DNS] issue.

: But from the server i am
: able to go to the Internet.

So, routing works and it has nothing to do with incoming traffic if it is a
naming issue.

: So I removed Gateway for
: Internal NIC after restarting the Server,

Unless the users are routing through the server, you don't need a gateway
since the NIC on the LAN side doesn't need a gateway to get to the local
subnet, because it's already there!

: for few minutes
: people can able access our website. After some time like
: 10 mins, even I cann't able to access the Internet from
: the server and outside people cann't able get into our
: website.
: Please give me some suggestion as how to resolve the
: problem.

Please explain the actual [physical] setup of the server, clients, router,
how one NIC has a public IP address, show the ipconfig /all of the server
for all interfaces. You can dummy the public IP addressing and domain name,
describe the DNS setup for public and private.

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Online Support for IT Professionals -
http://support.microsoft.com/servicedesks/technet/default.asp?fr=0&sd=tech
How-to: Windows 2000 DNS:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308201
FAQ W2K/2K3 DNS:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;291382
 
Hi Roland,
Thank you for response. Sorry abt my language.
Attachend means nothing but connecting server to internal
LAN by giving private IP address.
I will clearly explain once again.
I have Windows 2000 Server which has two Network cards.
First NIC has private IP address of 192.168.1.3 without
gateway address and which is connected through ethernet
cable to local HUB-1, which inturn connected to PIX
firewall.
Second Network card has Public IP address of
64.83.43.32 with Gateway address as 64.83.43.1 which is
ISP's Gateway. ( Note we have DSL connection) The Second
Network card is connected to HUB-2 with ethernet cable.
HUB-2 is getting cables from DSL Router and Pix firewall.
All users connect to the Internet VIA PIX firewall, so
routing is not required through this server.
This server roles ares Domain controller and (local)DNS,
Web and MAIL server.
I am giving ipconfig ouput

C:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : webserver
Primary DNS Suffix . . . . . . . : eninc.com
Node Type . . . . . . . . . . . . : Brodcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : eninc.com

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com EtherLink
XL 10/100 PCI TX NIC(3C905B-TX) #4
Physical Address. . . . . . . . . : 00-50-DA-69-
4D-FF
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 64.83.43.32
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 64.83.43.1
DNS Servers . . . . . . . . . . . : 64.83.0.10
Primary WINS Server . . . . . . . : 192.168.0.202

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix .
Description . . . . . . . . . . . : 3Com EtherLink
XL 10/100 PCI TX NIC(3C905B-TX) #3
Physical Address. . . . . . . . . : 00-10-5A-1B-F3-
9B
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.3



Please suggest me, where am I doing wrong

Once Thanks a lot.

-----Original Message-----
in message [email protected]...

My comments within...

: I have one windows 2000 server with 2 NIC's in that, one
: is attached to Public IP address and other is attached to
: local LAN.

attached? You don't attach to an IP address. You attach to an
interconnectivity device. You assign an IP address. Is that what you're
referring to? If you're connecting your server to a private network and a
public network you may soon be compromised.

: On this server, our web site is running,

Then it shouldn't be on the private network if this web site is public.

: people from
: outside can't get into website.

Then this is a routing or naming [DNS] issue.

: But from the server i am
: able to go to the Internet.

So, routing works and it has nothing to do with incoming traffic if it is a
naming issue.

: So I removed Gateway for
: Internal NIC after restarting the Server,

Unless the users are routing through the server, you don't need a gateway
since the NIC on the LAN side doesn't need a gateway to get to the local
subnet, because it's already there!

: for few minutes
: people can able access our website. After some time like
: 10 mins, even I cann't able to access the Internet from
: the server and outside people cann't able get into our
: website.
: Please give me some suggestion as how to resolve the
: problem.

Please explain the actual [physical] setup of the server, clients, router,
how one NIC has a public IP address, show the ipconfig /all of the server
for all interfaces. You can dummy the public IP addressing and domain name,
describe the DNS setup for public and private.

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Online Support for IT Professionals -
http://support.microsoft.com/servicedesks/technet/default. asp?fr=0&sd=tech
How-to: Windows 2000 DNS:
http://support.microsoft.com/default.aspx?scid=kb;EN- US;308201
FAQ W2K/2K3 DNS:
http://support.microsoft.com/default.aspx?scid=kb;EN- US;291382


.
Click to expand...
 
: Hi Roland,
: Thank you for response. Sorry abt my language.
: Attachend means nothing but connecting server to internal
: LAN by giving private IP address.
: I will clearly explain once again.
: I have Windows 2000 Server which has two Network cards.
: First NIC has private IP address of 192.168.1.3 without
: gateway address and which is connected through ethernet
: cable to local HUB-1, which inturn connected to PIX
: firewall.

Server[NIC1] - HUB1 - PIX - ? - Users

: Second Network card has Public IP address of
: 64.83.43.32 with Gateway address as 64.83.43.1 which is
: ISP's Gateway. ( Note we have DSL connection) The Second
: Network card is connected to HUB-2 with ethernet cable.
: HUB-2 is getting cables from DSL Router and Pix firewall.

xDSL - HUB2 - [NIC2]Server[NIC1] - HUB1 - PIX - ? - Users
HUB2 - HUB1 - PIX - ? - Users

: All users connect to the Internet VIA PIX firewall, so
: routing is not required through this server.

What do the users really connect to that then connects to the PIX firewall?
Is this PIX on a Cisco router?
Where is the protection for the server if it is outside the firewall?

: This server roles ares Domain controller and (local)DNS,
: Web and MAIL server.

Your public web server should never be on a server servicing a private
network. If there is no firewall between you and the Internet, I'd be
surprised if you're not already compromised.

: I am giving ipconfig ouput
:
: C:\>ipconfig /all
:
: Windows 2000 IP Configuration
:
: Host Name . . . . . . . . . . . . : webserver
: Primary DNS Suffix . . . . . . . : eninc.com
: Node Type . . . . . . . . . . . . : Brodcast
: IP Routing Enabled. . . . . . . . : No
: WINS Proxy Enabled. . . . . . . . : No
: DNS Suffix Search List. . . . . . : eninc.com
:
: Ethernet adapter Local Area Connection 2:
:
: Connection-specific DNS Suffix . :
: Description . . . . . . . . . . . : 3Com EtherLink
: XL 10/100 PCI TX NIC(3C905B-TX) #4
: Physical Address. . . . . . . . . : 00-50-DA-69-
: 4D-FF
: DHCP Enabled. . . . . . . . . . . : No
: IP Address. . . . . . . . . . . . : 64.83.43.32
: Subnet Mask . . . . . . . . . . . : 255.255.255.0
: Default Gateway . . . . . . . . . : 64.83.43.1
: DNS Servers . . . . . . . . . . . : 64.83.0.10
: Primary WINS Server . . . . . . . : 192.168.0.202

Where is this WINS server located?

: Ethernet adapter Local Area Connection:
:
: Connection-specific DNS Suffix .
: Description . . . . . . . . . . . : 3Com EtherLink
: XL 10/100 PCI TX NIC(3C905B-TX) #3
: Physical Address. . . . . . . . . : 00-10-5A-1B-F3-
: 9B
: DHCP Enabled. . . . . . . . . . . : No
: IP Address. . . . . . . . . . . . : 192.168.1.3
: Subnet Mask . . . . . . . . . . . : 255.255.255.0
: Default Gateway . . . . . . . . . :
: DNS Servers . . . . . . . . . . . : 192.168.1.3

Is this a 4-port NIC? Is anything connected to the other ports?

: Please suggest me, where am I doing wrong

This appears to be a very dangerous design. Your server should not serve
public and private. Web servers should be in the DMZ and there is generally
no reason for them to be in a domain. Your [first] firewall should separate
your private network from the Internet, not separate your users from the DC.
You have a WINS server so obviously there is another server, unless that's
on another of the 4-port NIC in the same server. A 4-port NIC puts a lot of
traffic on a single bus and should never be used to connect public and
private networks even if they don't route.

Your DC should be on the private network only and have AD, local DNS and
WINS [if you need browsing]. The web server should be in the DMZ as a
stand-alone server. In a worst case scenario, similar to running SBS, you
could have everything on one box but you would only be opening up ports that
services only specific services and not hanging your DC outside the
firewall.

Looking up eninc.com I see the domain is for sale. Are you trying to use a
domain you don't own?
http://eninc.com/

eninc.com nameserver = ns1.sedoparking.com
eninc.com nameserver = ns2.sedoparking.com

ns1.sedoparking.com internet address = 217.160.95.94
ns2.sedoparking.com internet address = 217.160.141.42

Server: UnKnown
Address: 217.160.141.42

eninc.com
primary name server = ns1.sedoparking.com
responsible mail addr = hostmaster.sedo.de
serial = 2004030106
refresh = 28800 (8 hours)
retry = 7200 (2 hours)
expire = 604800 (7 days)
default TTL = 86400 (1 day)
eninc.com internet address = 212.227.253.147
eninc.com nameserver = ns1.sedoparking.com
eninc.com nameserver = ns2.sedoparking.com
ns1.sedoparking.com internet address = 217.160.95.94
ns2.sedoparking.com internet address = 217.160.141.42
 
Back
Top