Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Monday, October 11, 2010

Two NICs (one static IP) to serve as DNS proxy

I have installed 2 NIC on Computer-1 running windows 7. First NIC [internet NIC] has a direct cable internet (no router/modem) and has static IP assigned by the Interent Service Provider.
The first NIC in Computer-1 has Static IP Address / Subnet Mask / Default Gateway / Preferred DNS and Alternate DNS.  
Set up the second "crossover" NIC in computer-1 with a static IP address (like
Set the default gateway of the "crossover" NIC in computer-1 to the IP address of the first "internet" NIC in computer-1. Set its subnet mask to
Since you have no router to do DHCP for your "crossover" network or to server as a DNS proxy, you will need to define the IP address, subnet mask, DNS servers, and default gateway for computer-2.
Give the NIC in computer-2 an IP address that is one number (or more) above the IP address of the "crossover" NIC in computer-1 (like
Set the subnet mask on the computer-2 NIC the same as the "cross-over" NIC subnet mask on computer-1 (we set this to
Set the DNS servers on computer-2 the same as the internet NIC on computer-1. You cannot use "automatic" here. You can use ipconfig on computer-1 to get these numbers if necessary (see below).
Set the default gateway on the computer-2 NIC to the IP address of the "crossover" NIC computer-1.
You can use "ipconfig" from the windows Start-Run-CMD command prompt to display the current settings of each NIC on each computer -- even the settings that do not appear in the network configuration dialog boxes.
 It would be easier to configure, maintain, and expand this network if you had a router or a cable modem/router. 
"A bit slow" implies problems finding the gateway or problems finding the DNS servers. Double-check both of those settings on computer-2 and double check the gateway setting on the "crossover" NIC of computer-1. With this ICS set-up, the gateway should always be the IP address of the "internet" NIC on computer-1, since that NIC is the "gateway to the internet."

If the LAN gateway or DNS settings are wrong, the networking drivers will effectively "search" for them, which is slow. Also, be sure that the crossover NIC on computer-1 and computer-2 are different as previously described, and that the LAN ("crossover") subnet is different from the WAN (internet) subnet.
USing a router
In general, though, tell the router to get its WAN address and DNS servers from your ISP, give it a non-routable LAN address of (example subnet consistent with previous post), and set all the other computers to use the router's LAN IP address as their gateway address, connect all computers to the router, disable ICS, and disable the second NIC on computer-1. If the router supports acting as a DNS proxy, you can set the router's LAN address as the DNS servers for both computers. If not, then just hard-code them to the value provided by your ISP.
You could also use the router's DHCP server to set the LAN IP addresses automatically, but for a small network, hard-coding them isn't any more difficult than using DHCP, and you'll always know which IP address you're on. This also makes using 'hosts' files to define domains for local-server testing possible, since you will always know your local server's fixed IP address.  
Linux: amahi as router 2 nics
We call each Amahi server a "Home Digital Assistant" or HDA — like a PDA, for the home.
The Amahi Home Server is designed for home and small office environments where the 'technical support' staff do not want the job!
It is easy to use and offers cross-platform compatibility — PCs, Macs, Linux, iPhones, iPads, Android, Playstation, Xbox, you name it.
The Amahi server is open source and GNU/Linux-based, which means it's rock-solid reliable and virus-free.

This can be done, and it has been done, however, it's not the supported configuration out of the box.
a small mistake can render your data open to the internet. keep that in mind!
- make sure eth0 is on the LAN side (your network). this is important for amahi to work
- hence eth1 is handling the WAN wide of things
- make sure you run a firewall in eth1!!!
we have a router/firewall control module now. so whatever firewall you chose, we can probably make a module in a relatively short time to get it controlled from the networking tab in your HDA
some people recommend shorewall, moonwall, or others.
The only real justification I can see for this is running Amahi as a HTTP proxy and/or PBX.
For the HTTP proxy, so you route in and out of Amahi's one interface. Not hard to do.
For the PBX, it makes sense to put the phones on their own network.
Again, my security background colors my opinion. Don't go this way, even if you are an expert.

Windows 7 - Routing two nics on win7

No comments: