A usual problem is that if you have a farm which is in internal network for itself and the storage has two interfaces where it accepts connections on external network for WAN transfers and in theory should accept connections on internal network as well for local transfers, then it comes out that it's not quite gonna work with dCache 1.7 as it will only start on the external interface.
To remedy this you need two things:
To accomplish the first task just set up BIND on Linux on any host capable of internal network access and create two zones. One for the name to ip matching and other for ip to name matching. More detailed instructions you can find on any of the multitude of DNS HowTo-s. For example here
To accomplish the second you can in general follow the dCache book under "Complex network configurations" -> "GridFTP Connections via two or more Network Interfaces" which at the time of writing for dCache 1.7 was chapter 20.2. The page itself can be found here.
What one has to change in regard to the instructions in the book if one wants to run with just one certificate is that you just forget the service-cert and service-key options from the door creation config. The file you have to modify there is not actually listed, but a quick search in dCache tree reveals that it's config/gridftpdoor.batch that needs the slight changes. Just copy the create statement, change listen address and service name (add -int for example or anything you like) as well as remove -loginBroker=LoginBroker from the internal interface description, this removes it from SRM negotiations and that way you don't spit out TURL-s with internal IP-s. Restart dcache-core service in bin directory and you should have now dCache running on two interfaces.
For the worker nodes you just need to add that the local bogus DNS server is the first nameserver and your default nameserver is the second one. This way all of local transfers get resolved to local IP-s and vice versa while unaffecting the global scale.