Back-end networking

Discussion in 'OT Technology' started by deusexaethera, Dec 15, 2005.

  1. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    The following MUST be done entirely in Windows 2000/XP/2003:

    I'm trying to set up a backend network to allow certain computers in the office to have high-speed access - separate from the regular LAN - to files on a file server. All other computers have front-end access through the "normal" LAN, but I want to make sure that the chosen few can ONLY access the file server across their "special" backend LAN.

    To put it differently, here's a set of rules:

    Normal workstations:
    - Access to file server via NIC #1.
    - Access to other servers via NIC #1.
    - Access to normal workstations via NIC #1.
    - Access to special workstations via NIC #1.
    - Access to internet gateway via NIC #1.
    - All other permissions are denied.

    Special workstations:
    - Access to file server via NIC #2.
    - Access to other servers via NIC #1.
    - Access to normal workstations via NIC #1.
    - Access to special workstations via NIC #2.
    - Access to internet gateway via NIC #1.
    - All other permissions are denied.

    How do I set this up?
     
  2. Scoob_13

    Scoob_13 Anything is possible, but the odds are astronomica

    Joined:
    Oct 5, 2001
    Messages:
    73,781
    Likes Received:
    38
    Location:
    Fort Worth. Hooray cowgirls.
    I suppose the answer "Build a seperate high speed network" is out of the possible choices?
     
  3. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    The whole idea is that these computers will be connected to two separate networks at the same time, one being much faster than the other, and each network will serve its own distinct purpose.

    The fast one will allow for high-speed large file transfers between the chosen few computers, and the regular one will provide internet connectivity to the chosen few AND all the normal computers.

    What I need to know how to do is to prevent the chosen few from using the regular network to transfer these large files I spoke of, while allowing them to use the regular network for everything else.
     
  4. chips

    chips ...

    Joined:
    May 2, 2004
    Messages:
    3,755
    Likes Received:
    0
    Location:
    Phoenix, AZ
    the router I have has it built in...
     
  5. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    Could you elaborate?
     
  6. chips

    chips ...

    Joined:
    May 2, 2004
    Messages:
    3,755
    Likes Received:
    0
    Location:
    Phoenix, AZ
    It allows me to stop the WAN bandwidth to what ever IP address i want to.
     
  7. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    You don't need two different NIC's - you set up the high speed LAN separately on one switch with the servers, you set up everyone else on the slower speed LAN. Tie the two switches together. Everyone shares the same subnet and settings.
     
  8. EvilSS

    EvilSS New Member

    Joined:
    Jun 11, 2003
    Messages:
    5,104
    Likes Received:
    0
    Location:
    STL
    Ok, this is just a thought and all, but did you consider assigning a different subnet to the "special" network? That would pretty much do it.
     
  9. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    I didn't consider anything of the sort, or of any other sort - I have no idea at all how to do the software configuration. I've only gotten as far as considering installing a set of GB/s ethernet cards in the chosen few computers and connecting them together with a separate switch than the one that feeds the Internet into all the workstations.
     
  10. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    Nifty. What router do you have and how complicated was it to set up in this fashion?
     
  11. EvilSS

    EvilSS New Member

    Joined:
    Jun 11, 2003
    Messages:
    5,104
    Likes Received:
    0
    Location:
    STL
    Well there you go. That is all you need. As long as the two networks are on different subnets, problem solved.
     
  12. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    Not really, if he puts two network cards in the computer and the servers have two IP addresses that are both accessible without going through a router, you must set the routing table to choose which NIC to use. So you can either do what I suggested, or take the time to setup routing tables.
     
  13. chips

    chips ...

    Joined:
    May 2, 2004
    Messages:
    3,755
    Likes Received:
    0
    Location:
    Phoenix, AZ
    its a linksys RV016

    I dont use that, i just know it has it built in.
     
  14. EvilSS

    EvilSS New Member

    Joined:
    Jun 11, 2003
    Messages:
    5,104
    Likes Received:
    0
    Location:
    STL
    Uh, no. If he puts the network cards on different physical networks with different subnets (10.0.0.x and 192.168.1.x, for example) windows will know how to route to each without having to manually edit the routing tables. I do this at home and I've seen it a several customers that do it for management interfaces or to keep backup data off the main network. Window will treat any subnet bound to the adaptors as local and route accordingly.

    To prevent routing to outside subnets through the wrong interface (i.e to the internet) he can not set a default gateway on the "special" network.
     
  15. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    No, you're not getting it. The server would have two IP addresses, as would the workstation. He wants to ensure that the workstation uses the high speed network and not the low speed network.

    He could map the network drives according to the IP address rather than the NetBIOS name - that would ensure the correct subnet is being used.
     
  16. EvilSS

    EvilSS New Member

    Joined:
    Jun 11, 2003
    Messages:
    5,104
    Likes Received:
    0
    Location:
    STL
    Yes, exactly. He could also create a hosts entry or DNS alias for it.
     
  17. EagerZeroedThick

    EagerZeroedThick New Member

    Joined:
    May 16, 2002
    Messages:
    5,971
    Likes Received:
    0
    Location:
    In a blade enclosure near you
    my answers:

    1. two different subnets

    2. private & public IPs, using two different NICs in each machine.
     
  18. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    (sigh)

    Thanks for the help guys. My boss just relegated the idea to "pipe-dream" status, so who knows when or if it will ever happen. Probably sometime after we buy a new backup battery for the servers, since one of the ones we have caught fire from being plugged into a 125V outlet that was connected to 240V power.
     

Share This Page