Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
DeadElk2016-06-30 11:41:31
Network administration
DeadElk, 2016-06-30 11:41:31

Routing two networks on a windows server, two options, how to do it right?

I’ll make a reservation right away, the task is childish and elementary and technically solved, but I’m wondering how it should have been done correctly.
Given: local network 192.168.0.x, there are 15 machines in it, external network 10.x.x.x (it enters the building in a separate cabinet with its own equipment, one cable comes out of it), Internet via an ADSL modem without routing functions. Available only Win Server on a desktop machine. There is nothing else to buy.
It was: everything was plugged into one unmanaged switch, addresses were manually registered everywhere, dns and gateway (modem ones) were specified, second addresses 10.x were assigned to separate machines to go there.
It is necessary: ​​so that all machines can go to 10.x without dedicated addresses, through NAT.
As I did: two extra. maps to the "server", it has DHCP, DNS, routing, for all machines it is specified by the gateway. Those. one card is plugged into the switch, in which only local equipment remains, a 10.x network cable is plugged into the second card from the switch, a modem is plugged into the third card and connected to another subnet (192.168.1.x). I configured two NATs, for the Internet and for the external network, respectively. Everything worked, no problems. Those. imitated a regular router with lan and van ports, as it seems to me.
It happened in a small branch. The main admin looked at all this and lowered my decision, saying to redo it like this: return the modem to the switch and 192.168.0.x subnet, and in the network card that looks into the switch / lan, specify this modem as the gateway. His argument: getting rid of the extra network card in the server and the second address translation. Since I myself am not a real welder, I redid it.
Bottom line: it works this way and that, I'm not going to prove anything, but how exactly is it ideologically and logically and why? My personal opinion is that it is not necessary to mix like this, and one piece of iron should manage everything, through which all traffic goes. Or is it not important?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
Dmitry Shitskov, 2016-06-30
@DeadElk

Provided that nothing else can be used and we cannot influence external networks, your decision seems to me ideologically more correct.
I like the "large admin" option less because of the extra traffic through the switch. The request sent to the Internet goes along the path Computer-> Switch-> Router-> Switch-> Modem-> Internet. A whole extra hop and double traffic on the Router-Switch channel :)
Of course, I would like to get rid of the second NAT by setting up routing to the 10.x.x.x network, but it will require configuration from the 10.x.x.x side, which condition of the problem of non-interference in the operation of other networks.

Similar questions
B
BiRd992018-09-05 09:14:13
Mikrotik GRE/IPsec tunnel doesn't come up automatically? 0Reply
V
vetash2014-01-28 15:10:28
OpenVPN and port forwarding 1Reply
E
elisey4742016-04-10 18:57:36
What is lxcbr0 in ubuntu 16.04? 1Reply
F
Festelo2016-04-10 22:24:30
How to install OpenVPN server on DIR-620 D1? 1Reply
V
Vladimir Kiselyov2016-04-11 15:12:04
Port forwarding (http, 80) to another server, while maintaining the client's IP address? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question