1

I have a Server (which needs DNS and Internet access) and a private network.

I'd like to have the devices that only need to connect to the server, stay on the private network and not be visible to the Public Internet.

The server still needs to talk to the devices on the private network and have Internet access through a router to process credit card transactions.

Question:

Is this the correct architecture and do I set my Router as the Gateway at my Server PC or only program in the DNS settings? Can I keep my Server on the private network 192.168.10.x and Gateway at 192.168.100.x? How will the server be able to reach the router on a different subnet? (I have only one NIC in the server)

   DSL

    /\
  Router/Firewall
     |
   Switch
     |    
   Server
  /  |  \
 PC  PC  PC
yeungling
  • 11
  • 1

3 Answers3

3

Plug everything into the switch. Give the server an fixed addess which has apporpriate access to the Internet and an address on the 192.168.100.0/24 subnet. Set the default route on server to the Firewall. Block access the 192.168.100.0/24 subnet access to and from the Internet on the firewall.

BillThor
  • 27,737
  • 3
  • 37
  • 69
  • So, everything goes to switch. Check. Then server IP is 192.168.10.2, router/firewall IP is 192.168.10.1. Router/firewall blocks access to any other part of subnet except 192.168.10.2. Other PCs are on 192.168.10.3, .10.4, 10.5, etc (for example) - correct? – yeungling Sep 08 '10 at 16:27
  • @yeungling That would work. You can provide a proxy on the server to allow the PCs to connect out to the Internet. – BillThor Apr 11 '14 at 11:51
1

The easiest way to do this is to add another NIC to the server. One side can point at the router, one can point at the PCs.

Another way would be to give the server two IP addresses (192.168.1.x and 192.168.2.x), put the PCs on 192.168.2.x and the router on 192.168.1.x, and make sure the 2.x machines don't have a route to 1.x. That's kind of horrible, but it will work.

The subnet numbers are, of course, just for examples; put whatever you want in there.

Bill Weiss
  • 10,979
  • 3
  • 38
  • 66
  • what if I put the router on the same subnet as all the devices? Would this alleviate the necessity for two NICs? – yeungling Sep 08 '10 at 16:13
  • I guess you could do that, and tell the router not to talk to the PCs... If you're really handling credit cards, you need to look into the PCI issues, I don't know if this design will work for you. A second NIC might be the least of your costs :) – Bill Weiss Sep 08 '10 at 18:12
  • Routers are dirt cheap these days. Walmart has them cheap. – yeungling Sep 08 '10 at 23:59
  • @yeungling: and your point is? – Bill Weiss Sep 09 '10 at 15:47
  • Also, the "routers" at Walmart aren't routers like we're talking about here. Don't run your credit card handling business through a Linksys home wifi router. – Bill Weiss Sep 14 '10 at 15:59
0

Without knowing what kind of hardware you have for your router, the easiest thing to do is put everything on the same subnet (server and PCs). You didn't say that anything on your private network needed to be accessible from the internet so even the most basic router would be set up to hand DHCP addresses (including setting the gateway IP to the router) to the private network and deny all inbound access to the private network from the internet. Since the PCs and server are on the same subnet, they will have access to each other without needing to route between networks.

August
  • 3,114
  • 16
  • 17
  • Right sorry... PC and Server are on same subnet. Private network does not need to be accessible from Internet, but server does (and it only has access to private network devices) – yeungling Sep 08 '10 at 16:18