Difficult network configuration question on WinXP for you experts

  • Thread starter Thread starter Marcin Romaszewicz
  • Start date Start date
M

Marcin Romaszewicz

Hello All,

I've hit a network configuration problem that I can't quite figure out
in Windows XP.

I have two machines and two static IP addresses from my ISP. One machine
acts like a server/firewall for the other, so the network topology is as
such.

|Windows Machine|--->|Firewall Machine|--->Internet

I have two static IP addresses from my ISP. I have assigned one IP
address to the windows machine and the second the firewall machine.

In this configuration, SMB (File Sharing) does not work since the
firewall machine does not act like a bridge for security reasons and so
the broadcast adderess does not work. So, I've added secondary, private
IP addresses to both machines on a common subnet so that file sharing
works.

|Windows Machine|--->|Firewall Machine|--->Internet
64.81.246.210 64.81.246.219
192.168.1.2 192.168.1.1

The firewall machine is running an SMB server on its internal interface.

So now, here is the crux of my problem:
How do I configure the windows XP box for the following behavior,
1) For all file sharing SMB traffic, use the 192.168.1.2 address
2) For all other traffic, use 64.81.246.210

These two IP addresses cause problems depending on the order that they
are specified.

If I put the private adderess first, SMB works fine and people can
connect to my machine via the public address. The problem is that some
programs (eg, BitTorrent) break, since they get the local IP address and
report it to some server, which in this case is the private one and
invalid on the net.

If I put the routable address first, all this software works fine, but
SMB breaks since it now does a NetBios lookup over a broadcast address
which is not bridged, so it gets no answer!

The "route" command line tool seems to have the options that I want, but
I can;t make the settings persist across a reboot. Is there some gui
wrapper for this? I can't find one.
 
Hi,
I have two machines and two static IP addresses from my ISP. One machine
acts like a server/firewall for the other, so the network topology is as
such.

|Windows Machine|--->|Firewall Machine|--->Internet

I have two static IP addresses from my ISP. I have assigned one IP
address to the windows machine and the second the firewall machine.

In this configuration, SMB (File Sharing) does not work since the
firewall machine does not act like a bridge for security reasons and so
the broadcast adderess does not work. So, I've added secondary, private
IP addresses to both machines on a common subnet so that file sharing
works.

|Windows Machine|--->|Firewall Machine|--->Internet
64.81.246.210 64.81.246.219
192.168.1.2 192.168.1.1

The firewall machine is running an SMB server on its internal interface.

So now, here is the crux of my problem:
How do I configure the windows XP box for the following behavior,
1) For all file sharing SMB traffic, use the 192.168.1.2 address
2) For all other traffic, use 64.81.246.210

Your setup looks a bit weird to me, for the following reasons:

You have 2 static IPs, but only one machine is connected direktly to the
internet. As long as your Firewall server does not act as a bridge for the IP
of your windows box, there seems to be no use in giving the XP box a public IP
at all.

Besides this and indiependend from wheter the machines are online or
not, i think if both boxes are in the same subnet, bcast should work at least
between both boxes so the XP biox should see the smb shares on the server box.
But i never had to deal with such a situation, so i may be wrong at this point.

Ok, unless you consider getting the XP box directly into the internet (which
should solve all problems, since the static fully IPs apply, but which will
expose the XP box to th eworld, too) i would advice you to switch to the defualt
scenario of a LAN:

The server box has 2 interfaces, one on the internet side and this one
has a static IP. The other interface is a private one, only.
With an IP like 192.168.1.1/24.

The XP box only has 1 interface, it has only a private IP on the same subnet,
e.g. 192.168.1.2/24.

You can use masquerading on the server box, so it can act as a default
gateway for your XP box (providing internet access).
Your server box may provide other services, too.

Samba(smb) should work fine, since broadcast at the private side
is no problem. Just make sure, your smb server daemon does not
listen at the public interface with it's static IP (to keep
the samba service private). Or you might use your firewall to block
samba ports for the world interface.....

Ok, now the 2nd static IP seems without any use, but unless you get a 2nd
machine (or NIC on the same machine) directly to the internet, i think
there is no real need.

HTH

Ralf
 
Unless you have some specific need for 2 IP's, why not just use a router and
connect both machines to the router. Or you could even use a simple hub and
connect each machine directly to the ISP, each with its own IP address. But
the router is better - built in firewall etc.
 
Back
Top