Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

External (Real ISP Static) IP and Internal (Private local) IP setup


  • Please log in to reply
12 replies to this topic

#1 ChillyTwoface

ChillyTwoface

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 29 September 2017 - 02:32 AM

Hello everyone,

 

At work, the network is currently set up as follows:

Router 1: ISP provided us with a static IP and it is set up on that router. 

 

Router 2: a different line providing internet access but has no static IP.

 

Load Balancer: Takes router 1 and router 2 and merges them into one network

 

Router 3: takes the above-mentioned network and creates a wireless network that we all mainly use and our server computers are connected to it with LAN cables for internal office use. 

 

--------------------------------------------------------------------------------------------------------------------------------------------

 

We are trying to make a Windows Server 2012 Datacenter virtual machine (hosting an enterprise application) on one of the servers have both the REAL STATIC IP (so that it's accessible for us to work from home and also for customers to access the application with the real IP), and also the PRIVATE local LAN IP to be working simultaneously.

 

The Server Computer is running ESXi and has virtual machines on it (one of which mentioned above). This server has 4 Ethernet ports (NICs).

 

--------------------------------------------------------------------------------------------------------------------------------------------

 

What I tried: 

Going into VMware Vcenter to manage my virtual machine, adding a new (2nd) network adapter, and giving this 2nd adapter the REAL STATIC IP. 

 

It doesn't work. 

Either the private local IP works (if set up on the first NIC) or the REAL STATIC IP works (if set up on the first NIC) But not both at the same time.

 

I'm not a networking expert so I'm coming to you guys for input. 

Please let me know. 

Thank you :) 

 

 



BC AdBot (Login to Remove)

 


#2 arlattimor

arlattimor

  • Members
  • 591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Beaufort, SC.
  • Local time:05:00 PM

Posted 29 September 2017 - 03:21 AM

Let me ask this, the first router with the static IP Address. Did your ISP give you a block of IP Addresses? Also, can you draw a Network Diagram of your layout, please?


Edited by arlattimor, 29 September 2017 - 03:21 AM.

A. Lattimore

CCNA, CWNA, MCITP, MCSA, MCT, MCP, Security+, Server+, Linux+, Network+, A+, CNST

Network Security Engineer

 


#3 ChillyTwoface

ChillyTwoface
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 29 September 2017 - 04:12 AM

I assume the ISP didn't give me a block of IP addresses as I only received the ONE static IP configuration. Short answer would be a no.

 

As for the diagram, I have attempted to explain it to my best capabilities, let me know if anything is unclear.

 

o71zx2.jpg



#4 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 29 September 2017 - 10:35 AM

It would appear to me that all you need to do is forward in the router the ports needed for the esxi application.  You would use the static ip one for remote access.  You forward from router1 to router3.  Which in turn you forward the same ports to the lan ip of the esxi app server.

 

Personally I would be setting up a terminal server that you remote into which then has access to the esxi app.  This way you get better performance/bandwidth utilization which you won't get running a fat client remotely.



#5 arlattimor

arlattimor

  • Members
  • 591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Beaufort, SC.
  • Local time:05:00 PM

Posted 29 September 2017 - 11:01 AM

Do you have your nic labels configured?  For example we have VM_Inside, VM_Backup , VM_DMZ that you select when you add a nic.  Then you configure it with the corresponding subnet?


A. Lattimore

CCNA, CWNA, MCITP, MCSA, MCT, MCP, Security+, Server+, Linux+, Network+, A+, CNST

Network Security Engineer

 


#6 ChillyTwoface

ChillyTwoface
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 29 September 2017 - 11:06 AM

Do you have your nic labels configured?  For example we have VM_Inside, VM_Backup , VM_DMZ that you select when you add a nic.  Then you configure it with the corresponding subnet?

 

Well when adding a "new ethernet adapter" in my vsphere client. It just asks me for a type.. something like E1000E if I remember correctly. That just makes me pick the type of adapter I want to virtualize. 

 

Once I add a 2nd NIC to my virtual machine running windows server 2012, I remote desktop into the machine and go into network settings, adapters, and renamed the 2nd one to "New NIC for REAL IP" That way I can know which one was the old configured local IP and stay away from it, and which adapter to set up the REAL IP configuration on. 

I am not sure if that's what you meant by NIC Labelling. If not then my answer is no.



#7 ChillyTwoface

ChillyTwoface
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 29 September 2017 - 11:08 AM

It would appear to me that all you need to do is forward in the router the ports needed for the esxi application.  You would use the static ip one for remote access.  You forward from router1 to router3.  Which in turn you forward the same ports to the lan ip of the esxi app server.

 

Personally I would be setting up a terminal server that you remote into which then has access to the esxi app.  This way you get better performance/bandwidth utilization which you won't get running a fat client remotely.

 

The ESXi is the OS running on the server we have at work, inside that server we have plenty of virtual machines, one of those machines is Windows Server 2012 and has an IBM web-based application which is what we want to have publicly accessible. 

It would also be needed to remote desktop by us from home to the abovementioned virtual machine. 



#8 arlattimor

arlattimor

  • Members
  • 591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Beaufort, SC.
  • Local time:05:00 PM

Posted 29 September 2017 - 01:15 PM

Ok, big guy, do you have the virtual switching configured for the host?


A. Lattimore

CCNA, CWNA, MCITP, MCSA, MCT, MCP, Security+, Server+, Linux+, Network+, A+, CNST

Network Security Engineer

 


#9 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 29 September 2017 - 03:02 PM

That situation would call for a internet facing web server in the dmz as a front end to the virtual server app.  That means there is a firewall between it and your business servers.  Without this config your risk is greatly increased.



#10 ChillyTwoface

ChillyTwoface
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 30 September 2017 - 01:55 AM

Ok, big guy, do you have the virtual switching configured for the host?

 

I don't think so. I didn't even know what that was I had to google it. It's basically a switch but in a virtual form. If it's something that had to be done when initially setting up the host, then I assume it was done (not by me). If it's not then no I don't have it set up. 

 

Sorry if I am all over the place.. I'm a beginner. I've only been working for 6 months. Recent graduate here haha. Networking is not my strongest suite. 

 

 

That situation would call for a internet facing web server in the dmz as a front end to the virtual server app.  That means there is a firewall between it and your business servers.  Without this config your risk is greatly increased.

 

Yeah someone elsewhere recommended I set up a firewall so that it's not vulnerable. I'll be sure to do that. I don't however know what you're talking about. Absolute newbie here. :) hehe. 
Edit: After some searching, it mentions how to set up a DMZ, but it says it's a device (a computer for example) that I set up to be the DMZ. Between my actual internal server and the internet external facing app. Would that mean I have to dedicate a computer to do this job? Or how would you do it?


Edited by ChillyTwoface, 30 September 2017 - 03:45 AM.


#11 ginzycomputers

ginzycomputers

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 30 September 2017 - 02:56 PM

hese are the steps to add the second IP address to your existing network adapter.

  1. Use the Start menu to open Control Panel.
  2. On Windows XP, you may need to open Network and Internet Connections.
  3. Open Network (and Dial-up) Connections.
  4. Open your network adapter.
  5. Click Properties.
  6. Click Internet Protocol (TCP/IP) then click Properties.
  7. Click Advanced.
  8. On the IP Settings tab, click Add...
  9. Type in the new IP address then click Add.
  10. Click OK to close the Advanced TCP/IP settings window.
  11. Click OK to close the Internet Protocol (TCP/IP) Properties window.
  12. Click OK to close your network adapter properties window.

If you are using IIS, you must perform an additional step to information IIS that it needs to share access to port 8



#12 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 30 September 2017 - 03:42 PM

as someone new to networking this is not a configuration you are able to implement

highly recommend you bring in a network consultant/local computer company to get a network design and implementation costs.

not doing so will result in the business being vulnerable to being hacked.  great way to lose the business as per statistics.



#13 toofarnorth

toofarnorth

  • Members
  • 379 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:00 AM

Posted 01 October 2017 - 04:15 PM

as someone new to networking this is not a configuration you are able to implement

highly recommend you bring in a network consultant/local computer company to get a network design and implementation costs.

not doing so will result in the business being vulnerable to being hacked.  great way to lose the business as per statistics.

+1

Find someone who knows the load balancer you use and have them set it up.
If they can handle that they will have no problems helping you with the rest of the network either.

Hth!

tfn






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users