TechSpot

Dual NIC Win 7 Machine - Can I Create 2 Diff. Networks?

By Savage1701
Feb 20, 2015
Post New Reply
  1. I have my house wired for 2 separate gigabit Ethernet networks. I want to create one network, let's call it "A" that everyone can get at for backups, AV files, etc. That network would have specific, physically separate hard drives in the Win 7 server. I want to then create a second network, let's call it "B" that is only for SOHO stuff. It too would have physically separate drives in the server. Can I do that?

    Also, do I need anything special with the dual NIC arrangement? I can use a x1 dual NIC? or get a board with dual NIC's ? And, of course, I have 2 different gigabit switches as well.

    I am guessing one network would need to be 192.168.1.X and the other 192.168.0.X, which is fine.

    The main thing I want to do is make sure that the hard drives assigned to network A can't be read or altered by network B, and vice-versa. As a matter of fact, I don't want A drives shares visible on the B network, or vice versa.

    What do I need to do in terms of IP range, static or DHCP, subnets, drive assigning, etc? I've never tried something like this before. I don't want to do something like give drive shares different passwords because all that does is create "forbidden fruit" and such. If the drives are never seen, they are never wondered about.

    Thanks for any thoughts.
     
  2. jobeard

    jobeard TS Ambassador Posts: 9,322   +621

    Yes, it's doable. The layout (wiring) can be two variation:
    Code:
    (A)
    modem == router----pc----NAS/hd's
                |
                 +------- other devices
    
    (B)
    modem == router1---- pc
                |
                +---- router2 --- other devices
    
    Whether wired or wifi connected, the controls are similar - - which layout to you favor?
     
  3. Savage1701

    Savage1701 TS Enthusiast Topic Starter Posts: 153

    Layout A, please.

    I have a dual internet setup so I also can hook each ISP up to a separate router from it's own cable modem to its own router. Right now both ISP's are on a dual-WAN router, but they can also be split.

    Thanks for any info.
     
  4. jobeard

    jobeard TS Ambassador Posts: 9,322   +621

    OK

    This is entirely different issue.

    For (A), First setup the access to your ISP/router w/o the second NIC connected.
    Use DHCP and DNS Auto for all systems and devices. Get whatever print/file sharing configured per your needs.
    Let's assume your router is at the address 192.168.0.1

    For the NAS/hd's, will you have a router for it too, eg PC --- router --- HDs +- other systems and devices ??
     
  5. jobeard

    jobeard TS Ambassador Posts: 9,322   +621

    Btw: the PC should have a constant IP address related to the router.
    There are two ways to do this:
    1. get the MAC address of the NIC attaching to the router and then use the router Address Reservation feature to force a known address. If the DHCP range is 2-50, then set the PC address o 0.100, leaving all 2-50 for other devices.
    2. attack the nic settings in the PC directly, but that can lead to issues in the future.
     
  6. Savage1701

    Savage1701 TS Enthusiast Topic Starter Posts: 153

    Yes, I would assume the B set would have it's own router, NAS, PC's that can access it, etc.

    I'm figuring it would need to in order to allow ISP access to get at clouds and such.

    Again, the important thing is that the "B" network is not accessible to guests who might sit down at the kitchen laptop to surf, or to other family members who might overwrite things like original disk images, etc. I'm trying not to have to build duplicate hardware; I want to use some of the drives/arrays in the server to only be visible/useable to the "A" network and some only visible/useable to the "B" network.

    Thanks again for any ideas.
     
    Last edited: Apr 22, 2015
  7. jobeard

    jobeard TS Ambassador Posts: 9,322   +621

    hmm; good statement of your objective and - - it contradicts all of the above. I thought you wanted the B group totally isolated from A.
    Consider this layout:
    Code:
    router ------------------------------------------* - - - - wifi connected users
                |           |          |           |
               pc-a      device-b    pc-c        NAS
    
    For all devices/systems attached, the 'access control' comes in two ways.
    1. accessible via tcp (ie same subnet)
    2. print/file sharing setup
    Having (1) does not imply access to anything other than the router and hence the internet. Multiple routers only add complexity and by virtue of the need for access to the NAS, do not contribute to the solution.

    Each device/system then controls access to its own resources using Sharing. If it's not shared then it's not accessible or even visible on the lan. Just to be clear on this point, if PC-C has folders
    C:\stuff\shared_stuff​
    and permits sharing on the sub-folder shared_stuff, then shared_stuff would be seen when attempting to map drives. A successful mapping of letter M: (providing the password) would be seen as M:\shared_stuff. The is no means to access the original C:\stuff nor its root dir C:\

    The problems come when only some users should have access to C:\stuff\shared_stuff.
    You can't manage that by changing the (1) layout. If the resources of concern are all on the NAS, then the NAS first must be accessible as in (1). Which users get access to WHAT resources is determine totally within the NAS - - usually by divide-and-conquer.
    Code:
    NAS --+
          |
          +- Group_A directory\
          |
          +- Group_B directory\
    
    Then set you can set unique NTFS groups and members for each. The NTFS settings then control Which users get access to WHAT resources.
     
    Last edited: Apr 23, 2015
  8. Savage1701

    Savage1701 TS Enthusiast Topic Starter Posts: 153

    Hmm...guess my ignorance showing here in knowing how to ask what I want to accomplish. Sorry to have wasted your good time. I'll figure it out at a later date. Appreciate your time.
     
  9. jobeard

    jobeard TS Ambassador Posts: 9,322   +621

    We don't get this stuff by osmosis - - understanding ALWAYS begins with questions. (y)

    May I suggest you first conquer NTFS permissions for multiple users in multiple groups.
    Adding additional network links can be taken as a separate 'experience'.
     
  10. Savage1701

    Savage1701 TS Enthusiast Topic Starter Posts: 153

    I didn't really want to get into the whole NTFS permissions thing. I wanted this so that I could run my network to access, say, 1 data drive on the CPU and others in the house could ONLY access, or even see, for that matter, a second data drive. I don't really want permissions and all of that because it just creates "forbidden fruit" and encourages shenanigans.

    All I wanted to know was if it was easy to assign one data drive to one IP address, let's just say it's 192.168.0.8, and assign another data drive to a second data drive. Let's just call that 192.168.1.8.

    Since I have 2 hard-wired gigabit networks at each wall box, and since they each go to separate patch panels and then on to separate 24-port switches, I just wanted to know if I could do it that way. That's all. I don't care about whether both NIC's present web access or not.
     
  11. jobeard

    jobeard TS Ambassador Posts: 9,322   +621

    OK, but you lack understanding of permissions vs access and the network will never solve the permission status you are trying to create. I guess I can only lead you to the water and can't make you take a drink :sigh:
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...