|
|
Question : Problem: Configuring 2 nics with different gateways for different networks
|
|
I have a web server that has 2 network cards and is connected to 2 different networks Network Card A - Our internal network Network Card B - Dedicated internet line This server contains web sites that are live to the public and a few sites that we only use internally. the internal sites use internal dns names on our dns servers. they have no externally hosted dns name. My problem is that Network A includs a number of vpn's with different subnets. these subnets are unable to see our internal sites because Network Card A does not have a gateway set and cannot respond over the vpn's to them. If I set the gateway on Card A it messes up all of our external site access because traffic coming in on Card B is not always going to respond on Card B, it will use Card A and this just doesn't work. I understand why this doesn't work,
my question then is; is it possible to set up the server so that any requests that come in on Card A are replied to using Card A and any requests that come in on Card B are replied to using Card B,
|
Answer : Problem: Configuring 2 nics with different gateways for different networks
|
|
Card A Internal - No Gateway - Let's say ip is 192.168.1.5 Card B External - Has gateway for ISP - Public IP address
The Default Gateway is where ALL traffic is going to go that isn't on the subnet that is connected to your internal nic. So if you had multiple subnets in your private network, then you would have to create static routes giving direction for all internal subnets.
Card A was in Network 192.168.1.x and you had multiple private subnets in your envionment like 192.168.2.x and 192.168.3.x :
You would be forced to create static routes to tell the server how to get to subnet 2.x and 3.x since they are in a different network than the nic itself and would require a gateway to reach them, but the default gateway is being used by your ISP connection. (Might be easier for you to have a hardware VPN in place so you don't need 2 NIC's in this server by the way)
Say you had an internal router at 192.168.1.100 to correspond to your server's subnet of 192.168.1.5
You would have to had routes like this:
Route Add 192.168.2.0 mask 255.255.255.0 192.168.1.100 metric 2 Route Add 192.168.3.0 mask 255.255.255.0 192.168.1.100 metric 2
This would create routes to those other internal subnets and point them to the internal gateway for other private subnets in your enterprise while still allowing you to keep a default gateway for all Internet traffic on the public NIC. This will force all internal traffic to travel over the internal nic and all public traffic to go over the Internet attached NIC
This is all in the article I provided in my first reply.
|
|
|