Server has two gateways and three NICs

[Biggs]

I have a server with 3 NICs,

1st is connected to a VPN router, uses a public IP (VPN server) from ISP 1
2nd is connected to a switch and uses a a public IP (FTP server) from ISP 2
3rd is connected to a switch and uses a private IP (LAN) from ISP 2

The VPN server's public IP is mapped to a private IP (different subnet from the LAN) to another VPN router. Therefore, I have two gateways in my server. Would there be any foreseeable problems with this setup?

 

[spidey07]

hopefully you'll fire the guy who set that up.

What are you trying to accomplish?

 

[Biggs]

The W2K server is currently an FTP server that is only accessible via VPN (through the 1st NIC). To provide an alternative access to the FTP server (from the outside, without connecting to the VPN network), a second NIC with a public IP is set-up for this. The 3rd NIC is used to connect to a private network run by a second server running Winproxy.

What would be the best network configuration for this setup?

 

[Nothinman]

How is it only accessible via the VPN if there's also a second NIC with it's own plublic IP on it? Doesn't that defeat the whole purpose of the VPN?

IMO a box (especially a Windows box) should almost never have a public IP on it, there should always be a router or a pix between it and the Internet. Also if a box is connected to a client/partner network via VPN it should have no Internet access and extremely limited local network access, otherwise it's way too easy for a break-in, worm, etc to spread everywhere and people aren't generally too happy when you let an uninvited guest onto their network.

 

[Garion]

Repeat the mantra.. You only get ONE default gateway. You only get ONE default gateway. Ooommmm....

When entering the network information for each NIC, you get the opportunity to enter a default gateway for each NIC. Don't do it. Pick one NIC, preferrably one that faces the Internet to set as the default. If you have other networks behind routers that you need to get to on the other interfaces, use persistent routes (route add -p) to set it up.

When a windows box has two default gateways, I'm pretty sure it will alternate between them. Definitely not a good situation, especially in this case.

When you think about it, this makes sense. A default gateway is also called the path of last resort - If the computer doesn't have an entry in it's local routing tables for the destination IP, it sends it to the default gateway. If you have three of them listed it has NO idea which one to send it to - The path that the request came FROM has absolutely nothing to do with the path that it takes back.

- G

 

[Nothinman]

When you think about it, this makes sense

In a way it does, but the fact that Windows will round-robin them does not, it's the 'default' gateway not a list of preferred gateways.

 

[spidey07]

default gateway is nothing more than a default route, a route that says "if not in your routing table, send here"

When a router (a host with more than one network card) has two routes to the same destination of equal cost it will "round-robin" the outbound pakets to each of the next hop routers for that route. In this case that route just so happens to be the default.

If you look at a "route print" output on a windows host with two default gateways you'll see two (or three, or four, however many gateways are in the TCP/IP properties) default routes to 0.0.0.0.

So windows is only doing what it is supposed to, and hence why IMHO you should never have more than one NIC in a host - there isn't any real reason to do so and only causes undue complications.

Let routers route, let hosts be hosts.