Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Peter Gutbrod
Peter Gutbrod Author
User level: Level 1
30 points

Using separate ethernet ports for LAN and internet

Following scenario:


A couple of Lion clients and a Lion server connected to a switch. Switch connected to router for internet access. All devices, clients, server and router are in the same C-Class net.


I'd like to connect the Lion server with 2 ethernet ports to the switch, so that one port is solely used for connections to the Lion clients (aka LAN) and the other port is solely used for connections to the internet. That way heavy LAN traffic to/from the server cannot bog down internet access to the server. Any ideas how to acomplish that?


Usually you would configure the Lion server as a router and connect the Lion clients (via a switch) to one port and the cable modem to the other, so both ports are in different subnets. But I don't want all internet traffic from the clients going through the Lion server.


The best I've come up so far was to configure both ethernet ports with static IP addresses. The one connecting to the clients with a 255.255.255.0 netmask but no router IP given. The one for internet with a 255.255.255.255 netmask and the router IP set to my physical router IP. It seems to work, but I'm not sure, whether this is the suggested way to do such a setup.


Maybe some manual editing of the routing table is are more solid solution?


Any tips appreciated.


Pete

Posted on Jan 26, 2012 12:08 PM

Reply
1 reply
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,685 points

Jan 28, 2012 6:46 AM in response to Peter Gutbrod

What you want to do can be done but maybe not the way you are trying.


First yes, you would use two Etherner ports on the Mac, if it is a Mac Pro or XServe it has two built-in, other Mac models can do this using a USB Ethernet interface.


Next, the way I would normally do this is to have a separate switch for the WAN router, this would make the setup look like the following



LAN Switch ----- Server ------------ Router --- Internet
       | |                             |
       | |                            NAT     
       | +-----------------------------+
       |
       +------ Client Devices

The router could be doing NAT via one interface, or a separate Firewall box could do the NAT.


Another possible way would involve segmenting the lan switch by setting up a VLAN and putting one port for the Servers second Ethernet connection on to that VLAN (using public IP addresses and the a connection to the router on that VLAN, the LAN switch could then route between the two VLANs. Cheaper LAN switches do not have this ability.

Reply

Using separate ethernet ports for LAN and internet

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up