Do I really need 2 NICS if I have a NAT'd gateway?

S

saxguy

I want to setup a new win2003 server with Active Directory and make
it part of a small network. The network already has an Actiontec
gateway (all in one router, DHCP, firewall, gateway, NAT, port
forwarding).

Since it handles NAT, can't I just use the one NIC in the server and
still give my clients secure access to files and the internet? I could
use DHCP on the server and turn it off on the ActionTec but as far as
setting up a domain with Active Directory, and getting these clients
on a private address scheme, that shouldn't be too difficult right?

all other things being equal?

thanks for any tips
 
O

Oli Restorick [MVP]

One NIC would be the best here (unless you were using Small Business Server
with its built-in ISA Server).

As far as DHCP, you will need to run DNS somewhere on your network (domain
controller would be the most obvious and best machine for this). Therefore,
whatever is handing out DHCP leases will need to hand out your DNS server
only rather than the ISPs (this is a classic mistake many people make). So,
your NAT box may or may not have the flexibility to let you do this.

Since so many people mess up with DNS, here's a very brief description of
how to do it. Install DNS on your DC. Point the server to itself in the
DNS section of TCP/IP. Set up a forwarder within the DNS server to allow
resolution of DNS for external addresses. Do not place the ISP's DNS or the
address of the NAT box in the TCP/IP settings dialogue on the server.

When you've installed AD, switch the DNS to AD-integrated (especially if you
plan to add a further DC).

Also, you say that it would provide "secure" Internet access. "Secure" is a
big word. It's only secure until someone accidently downloads something bad
or unpatched versions of Internet Explorer allow malware to be picked up.
So, going through a NAT box is better than nothing, but I wouldn't go round
declaring that your setup is "secure".

Hope this helps

Oli
 
O

Oli Restorick [MVP]

Also, I would not advise that you use port forwarding to publish services to
the outside world. Get a real firewall if you plan to do that, or if you
are thinking of running a web site, pay someone to host it externally. It's
not worth the hassle or risk to host internally, in my opinion.

Regards

Oli
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Browser Routing Failure: single machine with 2 physical NICs and 3 logical NICs 1
Windows 2000 server DHCP to lease out 2 different default gateway 6
NAT in Windows 2000 Server 2
Gateway issues 1
VPN connects but cannot browse network 10
DHCP - 2 NICs 2
RAS - do I really need 2 NICs ? 4
HELPPPP!! I Am At The End Of My Rope 4

Top