Server 2003 configuration with multiple NIC's, etc.

to use one 2003 Server computer with 8 nic's too route 4 different networks traffic to 4 different IP's through my 4 port cable modem gateway? I have 5 IP's even though the gateway my ISP provides me only has 4 ports. That's OK for now...I'll just see if I can make this work using just 4 of my 5 addresses.

The NIC's are in and configured for each network (2 NIC's per network, 1WAN, 1 LAN) and DHCP pools are working correctly to each of the 4 LAN networks, handing out the appropiate address range on each seperate network. I have 1 network up at the moment using RRAS and all is fine. As soon as I turn on another network's WAN nic I can't get out to the Internet from that different LAN's computers and the NAT/firewall subtree of RRAS will not allow me to set any of the 3 remaining WAN NIC's as proxy's . I don't want the remaining 3 LAN networks to run their traffic through the one WAN IP but utilize their own IP from my remaing 4.

I'm no Windows network genious. I've taught myself what I know so far and all I'm looking for is a YES/NO answer if this setup is possible or a pointer to a HOWTO if it is.

Thank you.

 

The simple reply is that I wouldn't use a Win2003 server to do this. What you are looking for is router power, and the best device for doing this is a router. With this level of complication, I think you have good reason to look at something along the lines of a decent Cisco router. Cisco's IOS software (underlying router operating system / firmware) will allow you to set up the level of rules you are looking for.

It might be possible to set up a Win2003 server to do what you want. You may have to add ISA. But it won't be easy. However, this sort of thing is bread and butter for a medium size Cisco router.

I'd recommend that you contact Cisco to find a local Cisco agent, and use them to specify the Cisco router to use and give you help/support configuring it.

 

ReggieB,

So it is possible with some major reading?

The reason I'm trying to do this is I'd like to have one PC that can run multiple instances of ethereal in order to capture from each WAN NIC in realtime. That's all it would do except for DNS serveing and that could even be dropped if need be. (or moved to another box) 2003 is currently running on a 3Ghz/4G RAM system with 2 - 80 Gig's in RAID 0

Cisco huh? Sheesh. I know nothing about Cisco, though alot of their hardware floats though our shop on it's way to recycle. Can their routers (model specific obviously) allow me to monitor on screen & log in realtime for each route?

I have a addiction to monitoring the traffic into/out of my small networks. There are IIS, Apache, Vsftp, SSH and Flight Sim game servers running on each IP mixed on *NIX" and Windows OS's. So far the NAT/Basic Firewall within RRAS on the one route is doing just what I'm after. Unless I allow it from outside.....it die's on the doorstep. Ethereal logs off to another machine.

Thank you so much for your experienced insight about my little notion.

 

You've got quite a complicated set up network wise, and I don't think we can sort all your problems via a message board like this. However, I hope some advise will be useful.

Ethereal
To run Ethereal, you don't have to be at the gateway. The PC running Ethereal just needs to be on the network. However, the question then is how do you make sure it sees all the traffic! I think a better solution to your need to monitor is to use a managed switch at the core of your network. Such switches allow you to set up a monitoring port that gets sent all the traffic that goes over the switch. If you connect your PC running Ethereal to a port set up this way, it will see all the traffic without have to deal with how to pass it on, or slowing that traffic. Cisco make suitable switches as do other network hardware manufacturers. Personally I like HP ProCurve switches. The ProCurve 2524 is a twenty four port managed switch with the Monitor port function. You'd need to ensure that the router is connected directly to this switch.

Router
As I said in my original e-mail, the best device to manage routes is a router. For many networks the level of configuration available from a Cisco router is over the top. Other routers do the job more simply, cheaper and just as effectively. However, in a complicated set up like yours, the range of options a Cisco router can give you is worth the extra cost and effort. There are other manufactures that provide equivalent managed routers of the complexity of the Cisco units, but you'll find it easiest to get advice and help setting up a Cisco router than with any other, I believe.

Firewall
Looking at what you are trying to achieve, I wonder whether another avenue to investigate is a hardware firewall. Such devices are in effect glorified routers. What they add to the router functionality is detailed blocking and monitoring systems. A decent hardware firewall will both help you secure and monitor you internet connection. I'd suggest you have a look at the following firewall manufacturers:

• Watchguard
• SonicWall
• Cisco PIX
• Netasq

Trade
You say you've Cisco kit passing through your shop. I presume that means you are in the trade. It would be worth talking to some of these companies as a trader. You may well find they are keen to help you to use their kit, as if you can use it, you may well be able to sell it.

 

I never expected you folks to set this up for me. I am just after some possible/not possible, look here, read there answers regarding the senario. Which you have done for me with much thanks too you.


Come to think of it, I remember going to a 3Com SuperStack II 3300 for awhile a few months ago because I beleive the 4 ports on the Cable modem/gateway are just a hub. If that's correct I should be able to place the Ethereal rig on 1 of the gateway ports, connect the rest of my existing Netgear routers to the 3Com switch and the switch to the modem/gateway and see all the traffic would'nt you think? I can just give the Ethereal rig a non-threating IP with no gateway and watch to my hearts content?

re: Trade

We don't deal in Cisco but our shop houses 2 business. One is us with computer repair/new builds and Network IT support for a number of small to medium sized businesses in town. The other is a computer recycle business that receives all the used equipment from the DOD, Intel, Philips Labs, Sandia Labs and home users so ALOT of Sun, Cisco, 3Com, Silicon Graphics, etc equipment floats through here.

I grabbed ISA2K2004 lastnight on a 120 day eval. Interesting app! (EXPENSIVE though). Quite the configurability within it!

Thanks again.

 

If it really is a hub in the router then yes, you could use one of the ports on the hub. However, very few current routers actually have a hub in them. It is usually a switch nowadays - it is getting quite hard to buy hubs.

To be honest, if the price of ISA is putting you off, you may not like the price of a decent Cisco router or hardware firewall.

 

Bummer.....it's a switch in the gateway. Threw a lappy on one of the ports lastnight and sniffed. Just got done with a HT session of this 3Com SS 3300 and there's no ability to set any of the 24 port's to monitor the switch's traffic. Plan B killed, plan C killed, plan D requires $$$ unless I wait till some Cisco gear comes in for recycle.

Back to plan A:

[SIZE= "1"]smigen reaches for reading glasses[/SIZE]

What particular area of 2003 RRAS/ISA manpages would you suggest diveing into? I'm unable to set any of the other 3 WAN NIC's as "externals" in ISA and RRAS only allows me 1 "proxy" when I enable any of the remaining 3 WAN NIC's.

Thanks for all info so far!

<edit>

This might not make much difference but I'm not sure so I'll ask a silly question! In case we end up getting this to work, and the multiple instances of Ethereal running, do you think a 3Ghz HT/2G ram or Dell PowerEdge 6350 quad PIII Zeon 550 Katami with 2G ram would handle the demands better?

 

Can we step back a little and get back to what you are trying to achieve. If all the NICs are connection to the same device, why don't you just use one connect to it?

Can you describe you "4 port cable modem gateway" and how you are using it.

 

Hey hey! Plan D may be available again. Some HP 224T's just came in for recycle and it appears to have Monitoring capabilities.

I like your idea of monitoring all traffic from the switch ReggieB.

 

That would do it. OK - that's a 10Mb/s switch, but that's going to be a lot faster than your internet connection, so not a problem if its between your network and the router.

 

After further switch configuration options I've discovered that it can only monitor 1 port at a time. (not what I'm after)

Some Bay Networks 10/100 switchs also came in on friday but after scowering the units pdf it can only monitor 2 ports in realtime. (Hey! At least were heading up in the right direction)

Anyway, stepping back to the original idea.