Routing/Firewall conundrum with multiple NICs

Hi, Folks

I'm configuring a web server with 3 NICs (one on board plus a dual card in a
Dell Poweredge 2600). The server goes out onto a LAN which, being UK
education, uses public ip addresses. Gateways on each /24 subnet route
traffic around the University and to the Internet. All nics in this server
are in the same subnet.

As I understand it, setting 'multiple' gateways will result in outbound
traffic all going down the same NIC, although looking at the outbound traffic
on each port this may not be the case (can anyone confirm?).

So, I had the bright idea of removing the default gateway from one nic and
setting up static routing to that interface for each of our subnets. That
way, the other two nics could also have 'MS Client' and 'File and Printer
Sharing' removed, which may or may not make the whole thing a little more
secure as a bonus.

Doing this caused Pings (and other traffic) to halt on (variously) 1 or 2 of
the NICs and traffic out of the 'LAN' connection. Routing problem? No, the
Firewall was dropping packets of ports that were configured to be open on
SENDing. Curious, because I thought the firewall only dropped RECEIVEd
packets that it didn't like.

Can anyone spot the flaw in my bright idea? I've reverted to 3 NICs all
configured exactly the same except for IP address, but it would be good to
spread the load a bit and not have high web traffic causing problems with LAN
access.

I know, I know. NLB and clustering is the way to go, but it's too complex
and I don't have the time right now.

Many thanks

Ian Baldwin

"Ian Baldwin" <(E-Mail Removed)> wrote in message
news:90F9ECF0-4D59-4A42-910C-(E-Mail Removed)...
> I'm configuring a web server with 3 NICs (one on board plus a dual card in
> a
> Dell Poweredge 2600). The server goes out onto a LAN which, being UK
> education, uses public ip addresses. Gateways on each /24 subnet route
> traffic around the University and to the Internet. All nics in this server
> are in the same subnet.

It just doesn't work that way,...forget it.
That is the simplest, most straight-forward,..and *honest* answer you can
get.
Use only one Nic.
Disable (or just leave unpluged) the other two.

There are two main purposes for multiple Nics:
1. The machine is being used as a LAN Router or an Edge Firewall
2. "Nic Teaming" is being used

Neither of these fit your situation.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Thankyou, Phillip, honest but not what I'd hoped for! There is another reason
for multiple NICs, though - secure web sites (https). We are likely to have
at least two and each one needs a separate IP address and therefore NIC.

"Phillip Windell" wrote:

> "Ian Baldwin" <(E-Mail Removed)> wrote in message
> news:90F9ECF0-4D59-4A42-910C-(E-Mail Removed)...
> > I'm configuring a web server with 3 NICs (one on board plus a dual card in
> > a
> > Dell Poweredge 2600). The server goes out onto a LAN which, being UK
> > education, uses public ip addresses. Gateways on each /24 subnet route
> > traffic around the University and to the Internet. All nics in this server
> > are in the same subnet.
>
> It just doesn't work that way,...forget it.
> That is the simplest, most straight-forward,..and *honest* answer you can
> get.
> Use only one Nic.
> Disable (or just leave unpluged) the other two.
>
> There are two main purposes for multiple Nics:
> 1. The machine is being used as a LAN Router or an Edge Firewall
> 2. "Nic Teaming" is being used
>
> Neither of these fit your situation.
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
>

"Ian Baldwin" <(E-Mail Removed)> wrote in message
news:26A5DC87-5CFB-48D2-A5E8-(E-Mail Removed)...
> Thankyou, Phillip, honest but not what I'd hoped for! There is another
> reason
> for multiple NICs, though - secure web sites (https).

Nope, sorry.
Same nic,...multiple IP#s on the same nic,..all in the same subnet.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com