General discussion

Locked

IP routing

By paul ·
We have two NT servers runing IIS and being used as web servers. One is a test box the other is the production box. Both have two network cards. The test box has a connection to the private network via NIC 1 and a link to the production box prod NIC2 via test NIC 2. The production box is connected to the internet via NIC 1 . We use the test box to update the prod box, test NIC 2 to prod NIC 2, but want to restrict access from the prod box via prod NIC 2 to test NIC 2.
can I use routing on theProd box to restrict this and will it cause probles if the updates cannot acknowledge completion.

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

IP routing

by rappenp In reply to IP routing

I assume that routing is turned on on both boxes, I'm guessing that more than one protocol is loaded on the cards, and that both machine are the same subnet connected to the web? The deal here is ..Are both or the cards on the inside in the same subnet? if they arn't then you would have to setup static routes to get around and you would just delete a route if you didn't want traffic going there. problem with this picture is getting the workstation on the inside to see every thing.

So is thatclear as mud..

Pete R

Collapse -

IP routing

by paul In reply to IP routing

Poster rated this answer

Collapse -

IP routing

by McKayTech In reply to IP routing

I don't think routing is the answer you want.
A firewall between the two would be the best answer and with hardware devices available for less than $200, it can be done inexpensively as well.

But if not...

This is just an idea, but I think what you might want to do is disable routing entirely on the Production server.

Then set up a different subnet for the connection between Prod and Test. For example, NIC1 on the Prod box would be your real Internet address. Prod NIC2 would be set to 192.168.1.1 and Test NIC2 would be set to 192.168.1.2, both with a subnet mask of 255.255.255.252. Test NIC1 would have an IP address on your internal network.

If you needed to directly access the Production server from your internal network, you would set up routing on the Test server only.

However, without a firewall, if someone were to gain control of your production server, they could wreak havoc on both your Test machine and your internal network. But unless they could get control of the server itself, they would not have a route to your internal network.

paul

Collapse -

IP routing

by paul In reply to IP routing

Poster rated this answer

Collapse -

IP routing

by NetTek In reply to IP routing

I second the recommendation for a firewall. I have another piece of advice, but it may involve reinstalling the NT operating system: I recommend making the Prod server that is connected to the Internet a PDC of its own domain. You then set up a one-way trust between the Test domain and the Prod domain (Prod is trusting, Test is trusted). This way, Test can have full access to Prod, but anyone who might hack into Prod has no access to Test.

Collapse -

IP routing

by paul In reply to IP routing

Poster rated this answer

Collapse -

IP routing

by Dennis@l In reply to IP routing

You have 3 options, Install a fire wall, a proxy server or Place the users and test NIC 1 in a different subnet than the production NIC's. Or you should just be able to change the subnet mask for Test NIC 2 and Prod NIC 2 and accomplish the same thing.

Collapse -

IP routing

by paul In reply to IP routing

Poster rated this answer

Collapse -

IP routing

by paul In reply to IP routing

This question was closed by the author

Back to Windows Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums