-
July 25th, 2008, 03:03 AM
#1
Registered User
Windows 2003 linking 2 networks - security
Hi folks,
I have 2 networks. One is our test network, the other is the corporate live network. The 2 networks are seperate.
I have a windows 2003 server that has 2 NIC's installed, and I would like this to have 1 NIC connected to the test network, and the other NIC connected to the live network. This is all above board and the company wants this.
My problem is this, I require all test network pc's to access the internet through the 2003 server and live network, but ONLY have port 80 available, so no other traffic can leave the test network. I also require no traffic whatsoever from the live network to come into the test network.
It would appear I need something running between the NIC cards on the 2003 server. I'm thinking NAT, but does anyone have experience with this? Is there a better solution?
There's no panic like the panic you momentarily feel when you've got
your hand or head stuck in something
-
July 25th, 2008, 12:03 PM
#2
Driver Terrier
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
July 25th, 2008, 03:03 PM
#3
Registered User
Originally Posted by NooNoo
ISA server....
Really? Never looked into that!
Basically been stuck in front of the server all day with test machines littered all around playing with the NAT stuff. When I walked out at 7pm it was working as I wanted it to be, and my knowledge of NAT and routing has risen considerably.
I don't recommend it!!!
When I get back off leave I'll take a peek at ISA server, or get a seperate linux box as the unix boys have kept on saying all ****y day.
There's no panic like the panic you momentarily feel when you've got
your hand or head stuck in something
-
July 25th, 2008, 03:52 PM
#4
Driver Terrier
smoothwall would probably be the choice.... but if you wanted to go Windows then ISA server would be the one.
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
July 26th, 2008, 06:27 AM
#5
Registered User
Originally Posted by NooNoo
smoothwall would probably be the choice.... but if you wanted to go Windows then ISA server would be the one.
We've got quite a few spare boxes kicking around and the more I think about it the better off we'd be with Linux and smoothwall. Thanks NooNoo.
There's no panic like the panic you momentarily feel when you've got
your hand or head stuck in something
-
August 10th, 2008, 01:33 PM
#6
Just another thought
A more expensive hardware solution but easier to implement would be to purchase a layer 3 switch $$$$ and a decent VLAN capable router $$$. Setup trunk between the router and the layer 3 managed switch. Configure two VLAN Interfaces on the Router (VLAN1 and VLAN2) one for "Testing Network" and one for "Live Network". Have each VLAN on their own unmanaged switch to cut costs. Configure one "Access port" for each VLAN ID on the Managed switch for each unmanaged switch VLAN and control the traffic between the two VLAN's using the firewall policies on the router. No NAT or static route entries are required as the router will automatically determine the best route for you. You can use the firewall policies to control traffic flow and have uni-directional access so that the "Live Network" can access the "Testing Network" but "Testing Network" cannot access "Live Network" and you can also specify the services that are passed through to each VLAN by means of the firewall policies. As well, you can also specify access by device IP.
So lets say you want a certain worksations on the "Live Network" to be accessible by the "Testing Network" you can define this so only specific computers are accessible through the VLAN. It works really good on my end with way less complication as software solutions can be confusing and difficult to troubleshoot in the event there are problems.
At this point having two network cards in your server is great because you can have each NIC configured and wired directly to each VLAN so it can manage both physically separated networks without having to create a separate firewall policy and your server can still manage the Internet Access through the server DHCP service.
Last edited by pbolduc; August 10th, 2008 at 02:04 PM.
Reason: Changes Required
-
August 11th, 2008, 12:08 PM
#7
Registered User
Thanks for the long reply PB. However...
...back to work today and once I'd sorted the emails out I found a disused box, downloaded and installed smoothwall, configured, tested, configured some more and it's absolutley perfect for our needs. Everything I wanted in the first post is now happening. Highly recommended for smaller networks or home use.
Thanks all.
There's no panic like the panic you momentarily feel when you've got
your hand or head stuck in something
Similar Threads
-
By Talonboy in forum Windows 95/98/98SE/ME
Replies: 11
Last Post: August 19th, 2008, 06:04 PM
-
By cvj in forum Windows Server 2003 & Windows Home Server
Replies: 1
Last Post: November 16th, 2005, 08:12 AM
-
By Rock316 in forum Windows Server 2003 & Windows Home Server
Replies: 10
Last Post: October 27th, 2004, 01:32 PM
-
By TechZ in forum Windows Server 2003 & Windows Home Server
Replies: 0
Last Post: September 24th, 2004, 04:23 PM
-
By PeLiGrOsO in forum Tech-To-Tech
Replies: 6
Last Post: June 2nd, 2003, 07:51 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks