Server 2012, two nics, two separate networks

[Guest]

I have a server 2012 box that is getting internet from a router, 192.168.1.1. The server has a static IP of 192.168.1.2/24, and the gateway is 192.168.1.1. I also want to set up the DHCP role on this server, but first I am trying to get internet to work on my second adapter, which I set a static IP of 172.16.0.1/24, preferred DNS server 172.16.0.1 (Server 2012 is also running DNS role) and the gateway is blank - I read to do that somewhere, but I have read so many links that I forget which. I think I am just missing something simple, but any help is much appreciated.

tl;dr I have NIC1 with IP 192.168.1.2 and NIC2 with IP 172.16.0.1, I want to be able to give a 172.16.X network internet through the second NIC.

 

[Alec Mowat]

What are these adapters connected too?

A home router, or a Cisco or Sonicwall Switch?

 

[Guest]

What are these adapters connected too?

A home router, or a Cisco or Sonicwall Switch?

the 192.168.1.2 adapter is connected to a pfsense firewall and the second adapter is currently not connected to anything. It will connect to a switch that will distribute internet to the network.

 

[Alec Mowat]

Sounds like you are using a virtual setup, and not a physical box?

The NIC2 adapter is on a separate network, it might be configured incorrectly.
You can usually check the firewall (pfsense has a management web portal) and see what ports are used by which MAC addresses.

 

[Guest]

No, they are both physical boxes. The pfsense box can be ignored as it is just the gateway for my 192.168.1.2 NIC on the server to get internet, which I can. I want to be able to get internet on NIC2 through NIC1 so I can connect NIC2 to the switch. The NIC2 adapter IS configured incorrectly, which is why I posted the configuration. I don't know how to configure it correctly.

Sounds like you are using a virtual setup, and not a physical box?

The NIC2 adapter is on a separate network, it might be configured incorrectly.
You can usually check the firewall (pfsense has a management web portal) and see what ports are used by which MAC addresses.

 

[bill001g]

You want the default gateway run on the interface leading to the internet and all others blank. You then if you have networks on the other nics you use the ROUTE command to cause any data to go that way. You do not need route commands for any machine that is contain within the subnet.

 

[Guest]

Hi Bill, I already have the gateway blank and issued the command "route ADD 172.16.0.0 MASK 255.255.255.0 192.168.1.2" (as well as 192.168.1.1 for the last address) and neither worked - NIC2 is still showing as "Limited connection" (no internet)

It's quite possible I messed up the route command, but I'm not sure. I can get an IP address using ping from clients of the DHCP server, but I cannot visit a web page.

You want the default gateway run on the interface leading to the internet and all others blank. You then if you have networks on the other nics you use the ROUTE command to cause any data to go that way. You do not need route commands for any machine that is contain within the subnet.

 

[Alec Mowat]

So you have two NICs

Both NICs are connected to the Pfsense Firewall.

Is the PFsense your firewall, your router and your switch?

Pfsense is a open source operating system, what hardware is pfsense running on? This seems like a switch issue, not a settings issue.

 

[Guest]

One NIC is connected to the pfsense box. That NIC is getting internet with its 192.168.1.2 address, which goes into the DHCP server. The DHCP server has a second NIC with a 172.16.0.1 address. The 172.16.0.1 address is not getting internet. It should be funneled through the 192.168.1.1 address. pfsense is a firewall. It is functioning correctly, at least the hardware is, else the 192.168.1.2 address would not be working.

So you have two NICs

Both NICs are connected to the Pfsense Firewall.

Is the PFsense your firewall, your router and your switch?

Pfsense is a open source operating system, what hardware is pfsense running on? This seems like a switch issue, not a settings issue.

 

[Alec Mowat]

What is your "gateway" though, another router? What router is the pfsense box connected too, or are you just connecting the modem directory to it?

We are missing information.

 

[Alec Mowat]

You should have a modem that connects to the internet.
The modem should connect to a router, which by default is the DHCP server.
The router should connect to a switch.
Both NICS should be connected to the switch.

Generally, if you have a firewall that does not function as a router, or a switch, you would put that between the router and the internet. Nothing should connect to the firewall except the router. You don't need to manage port traffic internally.

I know pfsense can be used as a router, a switch and a firewall. It servers all three purposes.

 

[Guest]

The pfsense box has a WAN NIC (that's the place the internet is coming from) with a static IP of 10.0.40.81/24 with gateway of 10.0.40.1. The LAN interface is running on 192.168.1.1/24 and connected to a switch. The LAN interface is not handing out DHCP addresses. The only other 192.168.1.X is the static 192.168.1.2 on my DHCP server's NIC1.

I assume it is the route ADD command as I cannot access 192.168.1.1 from my 172.16.0.X computers. I do not know the correct syntax for that command.

You should have a modem that connects to the internet.
The modem should connect to a router, which by default is the DHCP server.
The router should connect to a switch.
Both NICS should be connected to the switch.

Generally, if you have a firewall that does not function as a router, or a switch, you would put that between the router and the internet. Nothing should connect to the firewall except the router. You don't need to manage port traffic internally.

I know pfsense can be used as a router, a switch and a firewall. It servers all three purposes.

 

[Alec Mowat]

172.16.0.1/24 and 92.168.1.2/24, are both on the same subnet though. You should change one /12.
http://social.technet.microsoft.com/Forums/windowsserver/en-US/aef7394f-d341-497e-bee5-3728d88e9273/server-2008-dhcp-server-2-scopes-2-nics-1-scope-per-nic?forum=windowsserver2008r2networking

Might be helpful

Try changing the NIC2 DNS over to google (8.8.8.8) and see if that works, that would eliminate any issue not being able to use DNS.

 

[bill001g]

Are you trying to use your server as a router. Ie you want devices on the 172.16.0.x network to be able to get to the internet.

You have to run ICS or something on the server to accomplish this.

From what I read you want the default route going to 192.1681.1 since that is where your internet is.

You would only use a route command if say you have network 172.18.100.x behind some device on the 172.16.0.x network. you would put a route pointing to that router. If you do not have any other subents on the nic you do not need a route

 

[Guest]

As I said earlier, I resolved an IP address, so it is not DNS. The server is handing out DHCP leases, yes, like I said, the 182.16.0.X network is supposed to be getting internet. I do not believe the default route is supposed to be going to 192.168.1.1 as I cannot ping that address, I also do not think it is supposed to be using ICS if the server is configured properly.

 

[bill001g]

I am so confused now your first post said you had the gateway to 192.168.1.1

What is the lan IP of the router that provides internet service. That is where you want the default gateway.

If we ignore the internet say you have a machine on 192.168.1.100 and another on 172.16.0.100 Both these machine can access the server BUT they cannot talk to each other. The server is not a router. You would have to find software to make your server act as a route to make this work.

 

[Alec Mowat]

It sounds like 192.168.1.2 is NIC1 on the server, and 192.168.1.1 is the gateway that goes to the WAN

172.16.0.1 is a second network on a second NIC, using the same DHCP, which connects to a switch.

The 172.16.0.1/24 network cannot access the internet.

He needs NIC2 to connect NIC1 as the default gateway in order to access the internet.
Since it's done through a server with 1 DHCP, it's not working correctly.
That's my understanding.

It sounds like NIC1 needs a second IP address of 172.16.0.1 and NIC2 should be 172.16.0.2

 

[Guest]

You are correct about all of the info, I am not sure why you are suggesting two IPs of 172.16.0.1 and 172.16.0.2, though. If I were to do that I would not be able to get internet from the pfsense box running 192.168.1.1.

It sounds like 192.168.1.2 is NIC1 on the server, and 192.168.1.1 is the gateway that goes to the WAN

172.16.0.1 is a second network on a second NIC, using the same DHCP, which connects to a switch.

The 172.16.0.1/24 network cannot access the internet.

He needs NIC2 to connect NIC1 as the default gateway in order to access the internet.
Since it's done through a server with 1 DHCP, it's not working correctly.
That's my understanding.

It sounds like NIC1 needs a second IP address of 172.16.0.1 and NIC2 should be 172.16.0.2

 

[bill001g]

If you want the single ip 172.16.0.1 to access the internet that might be possible. You need to put a static route in the pfsense device for the 172.16.0.x and point it to 192.168.1.2. You will also need to configure the pfsense device to accept a source address of 172.16.0.x as option to NAT as it goes to the internet.

This will allow the single 172.16.0.1 address to be used as a source ip. Now how exactly you are going to force the server to use that nic as the source rather than the 192.168.1.2 address I don't know. And nothing that is connected to the nic will be able to pass because the server does not have the ability to pass the traffic between nics that is s function of a router.

 

[Alec Mowat]

If you set 172.16.0.1 as a second IP on NIC1 that in theory could access 192.168.2.1, and that might bypass but be convoluted.

I think Bill is correct though. The Pfsense router needs to forward traffic from the 172.x.x.x address to the WAN via Firewall configuration. Can a workstation on 172 ping the 192 domains, or the Pfsense box (assuming it's configured to accept pings)?



http://www.ni.com/white-paper/12558/en/#toc2

 

[choucove]

The only reason why I could see your server being connected this way is if you are actually using it for routing. If you are planning to just use it for DNS/DHCP then this is not connected or configured properly. I think why everyone has been confused on this is because it makes no sense to have two separate networks like this with your server in between them. It doesn't work like this normally unless as stated before your primary goal is routing. Your server should just be connected to your switch, with your switch also connected to your default gateway (in this case, pfSense 192.168.1.1) If you want to use multiple networks (such as for a separate internal LAN network, or VLAN) then you need a switch that is capable of multiple VLANs, or two completely separate physical switches. You will also need two separate default gateways, or a router/firewall capable of multiple LANs or VLANs.

 

[Alec Mowat]

It seems more like a lab environment, because the pfsense router is connected to an entirely different network as well. Pfsense is also just an open source OS, it must be running on some type of system with regular PCIe network cards, unless you flashed a router.

 

[josekihara]

#Alec Mowat...
Please let us get the answer from those who understand the question, plain as it is.....

 

[Sadiq hashemee]

Just go to your NIC2 and type its default gateway the NIC1 and then go to NIC1 and share its internet and select from drop down the NIC2 and press ok. this one will work.

 

[Alec Mowat]

#Alec Mowat...
Please let us get the answer from those who understand the question, plain as it is.....

You have to create a path between the two NICs from the Network Connections to allow passthrough
It's not simple, or plain to understand.

And I do understand the situation, and deal with similar issues all the time. It's simply not best practice.

The actual solution would be to create Routing rules on the interfaces on the Router itself, not the server, allow the 2 subnets to communicate.