|
Home > Archive > alt.certification.mcse > January 2003 > Routing question
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| Have an office with two lans. The upstairs lan is on a 10.0.0.0
class A. Just installed a firewall for security and NAT with a cable modem.
An employee on the downstairs lan needs internet but that lan is on a
routable class C for connectivity to a wan at the other office building
across town.. If I install a separate nic in that employees comp and set it
up with a 10.0.0.X will that allow that employee to use the NAT on the
firewall?
| |
| Martin 2003-01-06, 8:24 pm |
| Yes. in a word, I have this config at home. The config you mentioned is not
actually routing though. It is simply a multihomed PC (has more than one
network directly connected).
Is 10.0.0.0 non-routable I can't remember? If not... Are the 2 LANs
connected by router? Could connect by placing a server inbetween to act as
router, set that server as default gateway for PCs on class C LAN, and
configure IP forwarding if NT4 server, or Routing and remote access service
if w2k server, then you could provide same for all people on that LAN.
Use DHCP to allocate addresses.
Martin
"Paul" <tjenkins1@yahoo.com> wrote in message
news:004S9.45937$VA5.9757857@news1.news.adelphia.net...
> Have an office with two lans. The upstairs lan is on a 10.0.0.0
> class A. Just installed a firewall for security and NAT with a cable
modem.
> An employee on the downstairs lan needs internet but that lan is on a
> routable class C for connectivity to a wan at the other office building
> across town.. If I install a separate nic in that employees comp and set
it
> up with a 10.0.0.X will that allow that employee to use the NAT on the
> firewall?
>
>
>
| |
| freak 2003-01-06, 10:26 pm |
| the 10.x.x.x/8 network is not routable on the internet, but you should be able to route it internally. | |
| Steven L Umbach 2003-01-07, 12:24 pm |
| I have not actually tried what you want to do, but I believe it
should work. You would have to configure the "second" nic to have the
default gateway for the computer, being the address of the nat router. A W2K
machine can only use one default gateway at a time (a second one would be
for "dead gateway" detection) , so you would need to remove any default
gateway on the first nic and configure the routing table with static routes
if needed for commumications on the class c network. Also you would need to
configure the "first" nic as the primary nic for participation in the class
c network, it probably will be anyhow since it was installed first. On the
"second" nic you will probably want to disable file and print sharing and
client for Microsoft networks. Make sure the computer is not configured to
function as a router (ip forwarding) after the two nics are installed.
Networks are usually segmented for a reason - usually performance and
security. Keep in mind that what you are considering doing would expose each
network to virus/trojan/hacking risks since that machine would now be sort
of a "connection" betwen the two networks even if it was not functioning as
a router. Good luck. --- Steve
">
> "Paul" <tjenkins1@yahoo.com> wrote in message
> news:004S9.45937$VA5.9757857@news1.news.adelphia.net...
> > Have an office with two lans. The upstairs lan is on a 10.0.0.0
> > class A. Just installed a firewall for security and NAT with a cable
> modem.
> > An employee on the downstairs lan needs internet but that lan is on a
> > routable class C for connectivity to a wan at the other office building
> > across town.. If I install a separate nic in that employees comp and set
> it
> > up with a 10.0.0.X will that allow that employee to use the NAT on the
> > firewall?
> >
> >
> >
>
>
| |
|
| Since this would be done on a win98 machine, would the static route addition
be persistent with reboots? I read once that it would not be. If that is the
case than would there have to be some sort of script utilized to maintain
the 1st nic's gateway? If so, how could I accomplish this, having never used
a logon script before?
"Steven L Umbach" <n9rou@attbi.com> wrote in message
news:V5ES9.671227$NH2.46291@sccrnsc01...
> I have not actually tried what you want to do, but I believe it
> should work. You would have to configure the "second" nic to have the
> default gateway for the computer, being the address of the nat router. A
W2K
> machine can only use one default gateway at a time (a second one would be
> for "dead gateway" detection) , so you would need to remove any default
> gateway on the first nic and configure the routing table with static
routes
> if needed for commumications on the class c network. Also you would need
to
> configure the "first" nic as the primary nic for participation in the
class
> c network, it probably will be anyhow since it was installed first. On the
> "second" nic you will probably want to disable file and print sharing and
> client for Microsoft networks. Make sure the computer is not configured to
> function as a router (ip forwarding) after the two nics are installed.
> Networks are usually segmented for a reason - usually performance and
> security. Keep in mind that what you are considering doing would expose
each
> network to virus/trojan/hacking risks since that machine would now be sort
> of a "connection" betwen the two networks even if it was not functioning
as
> a router. Good luck. --- Steve
>
> ">
> > "Paul" <tjenkins1@yahoo.com> wrote in message
> > news:004S9.45937$VA5.9757857@news1.news.adelphia.net...
> > > Have an office with two lans. The upstairs lan is on a 10.0.0.0
> > > class A. Just installed a firewall for security and NAT with a cable
> > modem.
> > > An employee on the downstairs lan needs internet but that lan is on a
> > > routable class C for connectivity to a wan at the other office
building
> > > across town.. If I install a separate nic in that employees comp and
set
> > it
> > > up with a 10.0.0.X will that allow that employee to use the NAT on the
> > > firewall?
> > >
> > >
> > >
> >
> >
>
>
| |
| Steven L Umbach 2003-01-09, 7:24 am |
| I think it should be using the -p with the route add command, but I
have not used W98 in quite a while. Give it a try and let us know. ---
Steve
"Paul" <tjenkins1@yahoo.com> wrote in message
news:lD8T9.68303$VA5.10791544@news1.news.adelphia.net...
> Since this would be done on a win98 machine, would the static route
addition
> be persistent with reboots? I read once that it would not be. If that is
the
> case than would there have to be some sort of script utilized to maintain
> the 1st nic's gateway? If so, how could I accomplish this, having never
used
> a logon script before?
>
> "Steven L Umbach" <n9rou@attbi.com> wrote in message
> news:V5ES9.671227$NH2.46291@sccrnsc01...
> > I have not actually tried what you want to do, but I believe
it
> > should work. You would have to configure the "second" nic to have the
> > default gateway for the computer, being the address of the nat router. A
> W2K
> > machine can only use one default gateway at a time (a second one would
be
> > for "dead gateway" detection) , so you would need to remove any default
> > gateway on the first nic and configure the routing table with static
> routes
> > if needed for commumications on the class c network. Also you would need
> to
> > configure the "first" nic as the primary nic for participation in the
> class
> > c network, it probably will be anyhow since it was installed first. On
the
> > "second" nic you will probably want to disable file and print sharing
and
> > client for Microsoft networks. Make sure the computer is not configured
to
> > function as a router (ip forwarding) after the two nics are installed.
> > Networks are usually segmented for a reason - usually performance and
> > security. Keep in mind that what you are considering doing would expose
> each
> > network to virus/trojan/hacking risks since that machine would now be
sort
> > of a "connection" betwen the two networks even if it was not functioning
> as
> > a router. Good luck. --- Steve
> >
> > ">
> > > "Paul" <tjenkins1@yahoo.com> wrote in message
> > > news:004S9.45937$VA5.9757857@news1.news.adelphia.net...
> > > > Have an office with two lans. The upstairs lan is on a 10.0.0.0
> > > > class A. Just installed a firewall for security and NAT with a cable
> > > modem.
> > > > An employee on the downstairs lan needs internet but that lan is on
a[col
or=darkred]
> > > > routable class C for connectivity to a wan at the other office
> building
> > > > across town.. If I install a separate nic in that employees comp and
> set
> > > it
> > > > up with a 10.0.0.X will that allow that employee to use the NAT on[/color]
the[c
olor=darkred]
> > > > firewall?
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>[/color]
| |
|
| ok, here's how it went. Pretty much just like discussed in the thread but I
put a add route command into a batch file an put that into the startup
folder to add the route to the firewall gateway since windows 98 doesn't
support persistent routes after rebooting in the routing table. Had to use
the proxy settings in IE to get it to work which I thought was strange since
the other comps upstairs just route through the gateway ip (green interface
on the firewall) and don't need to use any proxy settings. Works great
though. Thanks for all the advice.
Paul
PS. any idea as to why it needs the proxy settings and cant just route
through the gateway on the firewall straight? Just wondering.
"Steven L Umbach" <n9rou@attbi.com> wrote in message
news:ZDeT9.623265$P31.238762@rwcrnsc53...
> I think it should be using the -p with the route add command, but I
> have not used W98 in quite a while. Give it a try and let us know. ---
> Steve
>
>
> "Paul" <tjenkins1@yahoo.com> wrote in message
> news:lD8T9.68303$VA5.10791544@news1.news.adelphia.net...
> > Since this would be done on a win98 machine, would the static route
> addition
> > be persistent with reboots? I read once that it would not be. If that is
> the
> > case than would there have to be some sort of script utilized to
maintain
> > the 1st nic's gateway? If so, how could I accomplish this, having never
> used
> > a logon script before?
> >
> > "Steven L Umbach" <n9rou@attbi.com> wrote in message
> > news:V5ES9.671227$NH2.46291@sccrnsc01...
> > > I have not actually tried what you want to do, but I believe
> it
> > > should work. You would have to configure the "second" nic to have the
> > > default gateway for the computer, being the address of the nat router.
A
> > W2K
> > > machine can only use one default gateway at a time (a second one would
> be
> > > for "dead gateway" detection) , so you would need to remove any
default
> > > gateway on the first nic and configure the routing table with static
> > routes
> > > if needed for commumications on the class c network. Also you would
need
> > to
> > > configure the "first" nic as the primary nic for participation in the
> > class
> > > c network, it probably will be anyhow since it was installed first. On
> the
> > > "second" nic you will probably want to disable file and print sharing
> and
> > > client for Microsoft networks. Make sure the computer is not
configured
> to
> > > function as a router (ip forwarding) after the two nics are installed.
> > > Networks are usually segmented for a reason - usually performance and
> > > security. Keep in mind that what you are considering doing would
expose
> > each
> > > network to virus/trojan/hacking risks since that machine would now be
> sort
> > > of a "connection" betwen the two networks even if it was not
functioning
> > as
> > > a router. Good luck. --- Steve
> > >
> > > ">
> > > > "Paul" <tjenkins1@yahoo.com> wrote in message
> > > > news:004S9.45937$VA5.9757857@news1.news.adelphia.net...
> > > > > Have an office with two lans. The upstairs lan is on a 10.0.0.0
> > > > > class A. Just installed a firewall for security and NAT with a
cable
> > > > modem.
> > > > > An employee on the downstairs lan needs internet but that lan is
on
> a
> > > > > routable class C for connectivity to a wan at the other office
> > building
> > > > > across town.. If I install a separate nic in that employees comp
and
> > set
> > > > it
> > > > > up with a 10.0.0.X will that allow that employee to use the NAT on
> the
> > > > > firewall?
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
| |
| Steven L Umbach 2003-01-28, 9:24 pm |
| Hi Paul. Glad you got it to work and thanks for the details. Not sure why
you need to use proxy settings - I suppose you are using "auto". Anyhow it
works which is the main thing. -- Steve
"Paul" <tjenkins1@yahoo.com> wrote in message
news:SkGZ9.13674$ni5.2070087@news1.news.adelphia.net...
> ok, here's how it went. Pretty much just like discussed in the thread but
I
> put a add route command into a batch file an put that into the startup
> folder to add the route to the firewall gateway since windows 98 doesn't
> support persistent routes after rebooting in the routing table. Had to use
> the proxy settings in IE to get it to work which I thought was strange
since
> the other comps upstairs just route through the gateway ip (green
interface
> on the firewall) and don't need to use any proxy settings. Works great
> though. Thanks for all the advice.
>
> Paul
>
> PS. any idea as to why it needs the proxy settings and cant just route
> through the gateway on the firewall straight? Just wondering.
>
> "Steven L Umbach" <n9rou@attbi.com> wrote in message
> news:ZDeT9.623265$P31.238762@rwcrnsc53...
> > I think it should be using the -p with the route add command, but I
> > have not used W98 in quite a while. Give it a try and let us know. ---
> > Steve
> >
> >
> > "Paul" <tjenkins1@yahoo.com> wrote in message
> > news:lD8T9.68303$VA5.10791544@news1.news.adelphia.net...
> > > Since this would be done on a win98 machine, would the static route
> > addition
> > > be persistent with reboots? I read once that it would not be. If that
is
> > the
> > > case than would there have to be some sort of script utilized to
> maintain
> > > the 1st nic's gateway? If so, how could I accomplish this, having
never
> > used
> > > a logon script before?
> > >
> > > "Steven L Umbach" <n9rou@attbi.com> wrote in message
> > > news:V5ES9.671227$NH2.46291@sccrnsc01...
> > > > I have not actually tried what you want to do, but I
believe
> > it
> > > > should work. You would have to configure the "second" nic to have
the[c
olor=darkred]
> > > > default gateway for the computer, being the address of the nat[/color]
router.
> A
> > > W2K
> > > > machine can only use one default gateway at a time (a second one
would
> > be
> > > > for "dead gateway" detection) , so you would need to remove any
> default
> > > > gateway on the first nic and configure the routing table with static
> > > routes
> > > > if needed for commumications on the class c network. Also you would
> need
> > > to
> > > > configure the "first" nic as the primary nic for participation in
the[c
olor=darkred]
> > > class
> > > > c network, it probably will be anyhow since it was installed first.[/color]
On
> > the
> > > > "second" nic you will probably want to disable file and print
sharing
> > and
> > > > client for Microsoft networks. Make sure the computer is not
> configured
> > to
> > > > function as a router (ip forwarding) after the two nics are
installed. [colo
r=darkred]
> > > > Networks are usually segmented for a reason - usually performance[/color]
and[c
olor=darkred]
> > > > security. Keep in mind that what you are considering doing would
> expose
> > > each
> > > > network to virus/trojan/hacking risks since that machine would now[/color]
be
> > sort
> > > > of a "connection" betwen the two networks even if it was not
> functioning[color
=darkred]
> > > as
> > > > a router. Good luck. --- Steve
> > > >
> > > > ">
> > > > > "Paul" <tjenkins1@yahoo.com> wrote in message
> > > > > news:004S9.45937$VA5.9757857@news1.news.adelphia.net...
> > > > > > Have an office with two lans. The upstairs lan is on a 10.0.0.0
> > > > > > class A. Just installed a firewall for security and NAT with a
> cable
> > > > > modem.
> > > > > > An employee on the downstairs lan needs internet but that lan is
> on
> > a
> > > > > > routable class C for connectivity to a wan at the other office
> > > building
> > > > > > across town.. If I install a separate nic in that employees comp
> and
> > > set
> > > > > it
> > > > > > up with a 10.0.0.X will that allow that employee to use the NAT[/color]
on
> > the
> > > > > > firewall?
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
|
|
|
|
|