Dual network help...

[EvanK]

At my workplace, we have two seperate networks, one for our web servers running on a T1 (with static IPs assigned to each through a firewalled router), and the other for our workstations running on DSL (with DHCP through a different firewalled router). Pictures are worth a thousand words:

http://img409.imageshack.us/my.php?image=bridgednetworks7hy.gif

One of the issues we have, however, is that any communication between our workstations and servers involves going out onto the open internet, even though these machines are basically in the next room.

What I'm wondering is, can we somehow create a shortcut from our workstation network to our server network, perhaps by running a cable directly between the two routers (in the diagram as a bold green line), from LAN port on router A to LAN port on router B?

Wouldn't this route any requests to these servers (whether IP-based or DNS-based) through the local connection, rather than through the internet?

Would it cause any issues?

If this won't work, is there any other way to achieve what we need?

 

[pansophic]

What you are asking can definitely work. You will probably need to define some static routes (one on each router).

You may also need to host your own caching DNS server depending on how the routing is accomplished, but it is really not very difficult.

But I suspect that you are talking about wiring the LAN side of the two routers together, which essentially means that you are merging the two security domains (that means that you have the least protection of both routers for your entire network). It is called a "transitive trust" model. This is probably an unacceptable risk (would be to me) so you would want to firewall the connection between the two networks so that you could define exactly what services and IP addresses could transit that link.

You could use a Linux firewall (just a PC with two network cards) between the two networks to provide that protection.


pansophic