Configuring an internal lan with no gateway
Hi
I have a dozen or so production machines available via public ips that sit behind a firewall. Each of these machine has spare nics on them. I wanted to enable these nics with a local non public ip and connect them via a seperate switch.
The idea is that internal traffic (backups and database connections) can be diverted locally leaving the public nics for remote access and serving web pages etc.
I am not sure how the configuration of the internal lan would work as essentially there is no gateway. Is it actually possible to do what I want to do? Is it needed? If anyone can point my the right directions it would be most helpful.
Cheers
February 9th, 2011 10:26am
Hi Tim
i think it should be possible and you do not need a gateway for this sort of LAN setup because this is going to be internal only no need to go out to the nternet since you say this is for internal traffic (backups and database conections) although i would
be carefull with DNS, i dont know how i'm just cautious ;) but yea u can configure your servers (the spare NICS) to a simple 192.168.10.x/24 network connect them to a switch no gateway needed.. connect other machines onto that same network e.g the machine
where thats doin backup for you and make sure firewall settings are on point on each servers NIC and u should be finetech-nique
Free Windows Admin Tool Kit Click here and download it now
February 9th, 2011 1:33pm
Hello
create a separate V-LAN and then manually assign IPs tot he secondary NICs, and no gateway is needed. Point your backup server to look for those IPsIsaac Oben MCITP:EA, MCSE Microsoft Community Contributor 2011 Award (MCC-2011)
February 9th, 2011 1:48pm
Just to add a few notes... if the additional NIC will be placed on a subnet that the backups and database servers reside, that NIC requires no default gateway as the traffic will be local. If there are other internal networks beyond this subnet (past
the router), then you would have to install RRAS on this server and either exchange routing information with the router on this internal subnet or manually add routing information so that the server would know where to send packets.
Keep in mind that this should be cleared with your Security Policies as this may not be such a great idea. If these publically accessible servers are comprimised, you would provide the attacker with an easy way into your internal network. I wouldn't
want to be the person responsible for the design you are proposing.
Visit: anITKB.com, an IT Knowledge Base.
Free Windows Admin Tool Kit Click here and download it now
February 9th, 2011 1:48pm
Many thanks for all of your replies on this. In particular the note on security from [JM]. All food for thought. I will be have a greater look at the traffic on the public nic first to see if this is going to make a big difference to
traffic on the network before I take the plunge.
February 10th, 2011 3:37am