Hi, I've searched for topics similar to this and I havent found precise answer. Problem is, I have WS 2008 with two Nics, the first nic, connected to a backend network (192.168...), in order to reach a linked SQL Server located somewhere on that network, default gatway is set and no problem so far, my server can reach the linked SQL Server. The second nic, conected to Internet, static ip address set along with its default gateway (201.145...). I know this configuration isn't by far a best practice and that there must be only one default gateway. The server can only reach the machines located on the first nic, for being more precise, all those on the 192.168... segment. However, the server can be reached through Internet on its static ip address on the second nic, but it cant access a single web page. Obviously the server sends all the traffic through default gateway 1 (192.168...) and this keeps it from accessing any resource located on the Internet. How can I tell the server to take default gateway 2 (ISP) to reach content on the port 80? Is port-based routing possible? I just need the server figure out port usage to decide which default gateway to use, for instance, if some request is for some address on port 80, use gateway 2, if an app wants to reach an SMTP server (port 25) use gateway 2, if the antivirus needs to download new definitions from certain ftp site (port 23) use gatway 2, if SQL Server needs to connect to a linked server (port 1433) use gatway 1. Is there a way to get through this or a walk-around? I'm not a network expert, just know the basics. Thank you guys. Luis LuevanoLuis Luevano

Luis, I assume that the other nodes on your intranet have internet connectivity, so why do you use the same pathway to get this server to go out on the internet. This server does NOT have to have an public facing interface so that it can be accessed by the internet. You can use NAT on your internet router/firewall to allow traffic from the internet to access any internal host on your network.Therefore, my recommendation is to disable the internet facing NIC from the server and use the intranet NIC for all network traffic. Then go to your router/firewall and create a NAT translation for this server. If this server that is connected directly to the internet is used as a web server (I assume so because you mentioned that its talking back to a SQL server), then create a NAT that is publicly avaiable (201.145.x.x) that points back to this server's internal address (192.168.x.x) on port 80/443 or whatever port you have it listening on. The advantage here is that only traffic on the port that you specify will be allowed through. In your current configuration, your server is directly exposed to the internet, not such a good idea.On a another note, it would be ideal if you create a DMZ zone and a Secure Access zone (using firewalls and vlans) so that you can layer you network hosts to better protect them. In the current configuraiton, if you internet connected server is comprimised, the rest of you network is exposed from this server.ALTERNATIVE: (I dont recommend this option, but it will work)If you prefer to keep this server with two NICs, you can make it work, by setting the default gateway only on the public NIC (remove the default gateway from the intranet NIC) and just create ROUTES using the ROUTE command so that the server knows where to send the packets to when accessing internal resources. use route /? at the command prompt for more assistance. Make sure the routes are persistent so they are not lost when you restart the server. Visit my blog: anITKB.com, an IT Knowledge Base.

Thank you very much Jorge. I'll go with the alternative you mentioned by now, however I'll contact an expert to help me correct the whole situation, having the server exposed ain't a good idea. I'll let you know how I did, I'll try tomorrow morning. If you don't mind I'll keep the post open. Regards, Luis LuevanoLuis Luevano

Jorge Command ROUTE worked perfectly, I can now browse the Internet and connect to the backend SQL Server. It'll give me time to correct this with a proper infrastructure. Regards, Luis LuevanoLuis Luevano