Multiple Networks

Associate
Joined
21 May 2011
Posts
150
Location
Addlestone, Surrey
Im looking to create a second completely isolated network at home. Id like to setup a virtual office environment with a few pc's some VM machines and Windows 2008 Server. The reason for this is i want to get better aquainted with Active Directory, Domain Controllers and DNS etc. I'd rather create a completely virtual and isolated environment so i dont ruin anything on my main network and starting dragging my PC into AD.

Just want to check that using a switch and then plugging two routers into that would work? Then i can keep them apart, but have the possibility to bridge connections later if i change the subnet?
 
I'd rather create a completely virtual and isolated environment so i dont ruin anything on my main network


So create a completely virtual and isolated environment - then you wont mess up your physical network.

Not sure what you are hoping to achieve plugging 2 routers into a switch, but isolated it probably wont be!
 
I still want it connected to the internet and running AD. I wont be able to configure all of this while its running on my PC without my PC being part of that network. Of this i am sure.

Well i am assuming that it will split the internet connection and send it to two separate routers. Then each network is behind its own firewall and not wired into the other network.
 
I'm struggling to understand - I'm more of a picture person :-/

So you have a PC currently and and it's connected to your main network.
You want a virtual AD setup that separate from what you have currently, but it needs to be able to connect to the internet? Am I right so far?

You mentioned 2 routers - do you have 2 internet connections??
 
Im the same dude, ive drawn it all out on a notepad!

I think il try and come up with a visual of what im doing otherwise il confuse myself as well!
 
So do you just want 2 separate networks?

I had a router attached to another router which was connected to the Internet.

The first router was just on the default network setting so 192.168.1. ...

The second on a different subnet 10.0.0. ...

Is this what you're aiming for?
 
OK so this is how its running at the moment. Excuse the crude MSPaint diagram :)

Blue lines represent the VM side of things, black are physical connections (laptop wireless)

CurrentNetwork.png



And this is what im proposing to do. The VM PC will run a somewhere around 15-20 VMs so i can experiment with AD properly. If needed i can always add another physical machine to the D-Link network for a variety of reasons.

This way anything i do on the D-Link network with DHCP, DNS etc wont touch my main Virgin Superhub network. I could be going completely arse about face in this but this is how i imagine it could work.

ProposedNetwork.png
 
Should work. But you won't even need the switch at all. Will need to tinker with the router settings though to keep the networks isolated.
 
Well actually since that setup i now have my router setup with DHCP.

Turned off the DHCP Server on Server 2008 and statically assigned IP's to the VM Clients. So Server is running the DNS. Cant provide the server with a default gateway because the IP of the server is in a different subnet from my router to keep them apart, so no internet but i can still utilize it for my needs.

Im sure as you say Orcvader, it is possible but its beyond my abilities at the moment.
 
With your servers being behind a firewall how do you see managing each of the servers over the network, port forwarding would be a chore?

Personally, I'd put a second nic in my desktop and bridge the networks and have the desktop / management machine in both networks but default route via superhub. This way you have full IP connectivity to each machine on the server subnet, they all have internet access for windows updates / publishing etc... and you can double nat as you need to.
 
I know, its what i was trying to do but for the sake of learning the basics in GP and OU's in AD then i dont really need to set that up yet.

I haven't got the knowledge to figure that out for myself, and id rather spend the time getting familiar with the systems im using on a daily basis than spending hours on google trying to figure this out! Unless someone is willing to take me through it, but i think there are way too many ifs and buts to setting it up on someone elses network it would be a right pain to do over forums.

It is annoying though *frown*
 
With your servers being behind a firewall how do you see managing each of the servers over the network, port forwarding would be a chore?

Personally, I'd put a second nic in my desktop and bridge the networks and have the desktop / management machine in both networks but default route via superhub. This way you have full IP connectivity to each machine on the server subnet, they all have internet access for windows updates / publishing etc... and you can double nat as you need to.

I get the logic and principles of what your saying, i just don't posses the skills to carry it out unfortunately. Last friday was the first time ive ever logged onto a Windows Server OS, and what ive learnt since then is from google, a copy of Microsoft Active Directory R2 and trial and error. Pleased that i have a DC and AD setup and a few VM's connected to my domain now.
 
I'll rephrase - currently you have some sort of virtulisation on a desktop. You can access each machine using a console view. If you separate the network and introduce physical machines then you will not be able to easily manage the servers from the desktop machine like you did with vmware workstation.

Windows Server has RDP - this allows remote control of the server over the network, if you wanted to manage the servers from your desktop (this for me, is how I would want it) then you would need to forward ports from the desktop subnet into the server subnet but you wouldn't be able to forward TCP 3389 (RDP port) more than once. This then becomes difficult as you then need to start changing the RDP listening port within windows or something else.

If you put a second network card in the desktop, so that it is physically in both networks you then have full ip connectivity into both networks, no messy port forwarding and a simple clean approach. You could even still run VMs on your desktop by biding the vmnetworks to the server network.

You can install lots of MMCs windows 7 that allows you to manage servers remotely, this is brilliant and fast - again, more difficult through a firewall but not impossible.
 
This can be done but cheap consumer routers are hardly ideal.

Something like pfSense/m0n0wall/etc would allow you to run totally separate networks on different interfaces and have individual DHCP etc for each.
 
Setup the second router as a virtual machine.

Grab PFSense as Sin Chase suggested, install it as a VM and connect incoming feed to it via one network port and outgoing to a different network port on the Virtulization server (obviously need two network ports).

Incoming eth port connects to a vswitch which connects to PFSense which connects to vSwitch2 which connects to eth2. Anything VM connects to vSwitch2, anything 'non-virtual' you want on the virtual network connects to eth2 (via a real switch possibly).

Obviously eth and eth2 are setup as being on different networks.

I did this with ESXi to simulate two datacenters in the virtual environment for failover testing and it worked fine. PFSense was great as a router but I would not bother trying to get Linux (CentOS in my case) to do the routing as I tried for days without success.

RB
 
Back
Top Bottom