Ask Me Help Desk - Two Differnet Networks in One System

Two Differnet Networks in One System

Hi Friends...

I am facing a trouble in my Network.
I have one web server it has two Ip address on two different NICs.Both are in two different networks.One n/w is for LAN purpose and another is for External Connection.I give details below.

Local Area Connection
Ip Address 192.168.1.4
SNM 255.255.255.0
D.G.Way 192.168.1.1 (Router Address which has the public Ip address is 203.163.252.226)
P.D.N.S 202.88.174.6
A.D.N.S 202.88.174.8

External Network
Ip Address 203.163.252.43 (Public Address)
SNM 255.255.255.248
203.163.252.225
P.D.N.S 202.88.174.6
A.D.N.S 202.88.174.8

Problem is The External IP working for some time.That is about 8 hours or 12 hours.
After the that it can't work but when I repair the LAN connection it works normally about some more 8 hours.
I set the Scheduled Task for the repair External Lan but it didn't work.

Pleas Give any suggetions.

Thanks and Regards
Srinivas

Problem #1:
The default gateway for the external adapter is not within the configured subnet of 203.163.252.40/29.

What is the physical arrangement of nics, switches, and routers?
When it stops working what does "ipconfig /all" (Windows?) show?

Problem #2:
In this configuration, if the web server ever gets compromised, so does your LAN. What are your reasons for not placing web server in a DMZ subnet?

Thanks Scleros...

I am using two NIC's One is OnBoard and another is Off-Board NIC.
On On-Board NIC I have configured Internal IP (i.e. 192.168.1.4 it is static IP ) which is connect to My Router.
The connection Details are as below.

I have Three switches (S1 {8-port Link Sys.}, S2 {24-port Link Sys} and S3 {24-port Net gear}).
I have one Net gear Wireless Router (WGR614v5).

I take cable from Media connector and put into Switch S1. From This S1 one cable to My Router and Another to My Web server's Off-Board NIC which has External IP address. (i.e. Two Cables taken from S1 one for Router Having IP 203.163.252.226 and second one for WebServer having IP 203.163.252.43)

Now from Router two cables are taken and connect to S2& S3. From these two switches I have connected my local systems. (Including Web Server's Local Ip {192.168.1.4}).

C:\Documents and Settings\administrator.PRODIGYSS>ipconfig /all

Windows IP Configuration

Host Name.. . : prodigyss-ws
Primary Dns Suffix.. . : prodigyss.local
Node Type.. . : Unknown
IP Routing Enabled.. . : No
WINS Proxy Enabled.. . : No
DNS Suffix Search List.. . : prodigyss.local

Ethernet adapter Local Area Connection 6:

Connection-specific DNS Suffix . :
Description.. . : Intel(R) PRO/100 VE Network Connection
Physical Address.. . : 00-19-D1-ED-DA-16
DHCP Enabled.. . : No
IP Address.. . : 192.168.1.4
Subnet Mask.. . : 255.255.255.0
Default Gateway.. . : 192.168.1.1
DNS Servers.. . : 202.88.174.6
202.88.174.8

Ethernet adapter Local Area Connection 10:

Connection-specific DNS Suffix . :
Description.. . : Realtek RTL8139 Family PCI Fast Ethernet
NIC
Physical Address.. . : 00-08-A1-68-E6-CD
DHCP Enabled.. . : No
IP Address.. . : 203.163.252.43
Subnet Mask.. . : 255.255.255.248
Default Gateway.. . : 203.163.252.225
DNS Servers.. . : 202.88.174.6
202.88.130.67

Problem#
The two Ip address working fine for some time.
But After Sometime The External IP (203.163.252.43) not working until I repair the connection.

Thanks & Regards
Srinivas

Just as an aside here, I do NOT recommend running a WEB server on your own. WEB hosting is so inexpensive and presents a much better value. Its unlikley a small shop can match the bandwidth, security and maintenance provided by a WEB host for the cost.

Quote:

Originally Posted by cnivas

Thanks Scleros....

Unless S1 is connected to a DMZ port on the router, you're attempting to run two networks on the same physical media - it's all one network.

Your public "external" network needs it's own switching fabric and to do so you need a three interface router. Typically the way this is done is:
Interface 1 = External WAN Port
Interface 2 = Public LAN (DMZ) < Web server connects here
Interface 3 = Private LAN

You connect a switch1 to interface2. You connect a switch2 to interface 3 and then connect a switch3 to switch2. Your web server's external nic connects to switch1 and the internal nic connects to switch2or3.

But, this setup is still a major security risk for your LAN if the web server gets compromised. I'm not trying to be mean, but if your server hardening skills are commensurate with your networking skills, your server is likely to get compromised fairly quickly. This is basic stuff.

Quote:

Originally Posted by ScottGem

Its unlikely a small shop can match the bandwidth, security and maintenance provided by a WEB host for the cost

I wholeheartedly agree with Scott - have your web site hosted.

You must have ONLY ONE gateway address configured. Based on your configuration, I would remove the GW from the LAN NIC and leave it on the WAN NIC. If the computer already has access to the Internet with a direct connection, then why are you trying to perform a circular route with a second gateway?

Second, for security sake (at least minimal), you need to disable File and Print Sharing and Windows Logon on the WAN NIC. Make sure that ONLY TCP/IP is enabled and that Dynamic DNS registrations are DISABLED.

If the LAN NIC had a GW address to route within your corporate WAN then you will need to add a static route for those network ID's only.