Home Networking Question: Bridging/IP Forwarding between 2 LAN segments

  • Thread starter Thread starter W2K Programmer
  • Start date Start date
W

W2K Programmer

Need help from experienced MS networking pros for step by step config
of network segment A and B.


1. Server 4, 5, and 6 make a LAN segment A using a router R (subnet
192.168.15.x/Gateway 192.168.15.1)

2. Server 6 is multihomed (dual LAN card). External Card is directly
connected to DSL modem/WAN forming segment B (subnet
192.168.1.x/gateway 192.168.1.254). Internal card is connected to
router R described in step 1.

Segement A and B by themselves are fine.

But I can't seem to succesfully bridge/IP forward between the two cards
in order for segment A to access the *internet/WAN* via segment B.
Please give *step by step intructions* for this required configuration.
Server 4,5 run windows 2000 Pro, server 6 runs XP Pro.

Help is appreciated. TIA.
 
If subnet A machines have a default gateway of 192.168.15.1, they will not
be able to access the Internet via subnet B. You would have to give subnet
A machines the 192.168.15.x address of server 6 as a gateway; Delete the
192.168.15.1 gateway from server 6; Enable routing on server 6; And create
a static route back to 192.168.15.x on whatever is at 192.168.1.254.

Doug Sherman
MCSE, MCSA, MCP+I, MVP
 
To quote from your reply: "Enable routing on server 6; And create
a static route back to 192.168.15.x on whatever is at 192.168.1.254."

Could you please show me how to do accomplish these 2 steps on Windows
2000 Pro OS?

TIA.
 
1. To enable routing on a Windows machine:

a. Click Start/Run regedit ENTER

b. Navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

c. Double click on IPEnableRouter and set its value to 1.

2. Per your discription Server 6's 192.168.1.x card is connected to a DSL
modem. However, the 'modem' is actually a router. How you configure a
static route on a router is s product specific and you will have to consult
your manual.

Doug Sherman
MCSE, MCSA, MCP+I, MVP
 
For step 2: The modem is a Bellsouth provided Westell Wirespeed
(A90-210030-04) modem. I don't see a section in the configuration (web
interface) for routes. Any suggestions? Can a different modem be used
if thsi modem does support the route tabel updates?

TIA.
 
Not familiar with this product and although most routers support static
routes, not all do. Replacing a modem/router combo unit is comparatively
difficult because these devices are not nearly as common as separate modems
and separate routers. Before replacing your unit with a modem and a router,
check with your ISP and make sure that the modem you choose is compatible
with their service. However, this is becoming kind of expensive, AND:

it may not be necessary depending on what you are ultimately trying to do
and why your network is configured this way. Why do you have two routers?
Do they both connect to the Internet? Do you really need/want two subnets?
If so, why? etc.

Doug Sherman
MCSE, MCSA, MCP+I, MVP
 
RE NEW CONFIG: I am letting in a VNC client from a remote location into
my home office via the modem to the Server 6 on LAN segment B. Server 6
runs a VNC server. This is for work-colloboration. I do not want the
VNC client to see my whole network or go beyond server 6. Another
reason is if a hacker gets in he must not be able to go beyond segment
A. The reason is obvious: because I have to give out my WAN (ISP
assigned modem IP) address for the other party to connect to my VNC
server using his VNC client. This configuration I am discussing is a
new one I am attempting. Any momemt I give out an IP address, I have
been attacked. Let me explain the old configuration.

RE OLD CONFIG: In the old configuration, everything is simple: the DSL
modem is connected to LINKSYS BROADBAND router (also called as
residential gateway) with 3 ports and 2 VoIP ports (vonage). I connect
3 servers directly to this router. The problem with this config is VNC
does not work even if I am willing to risk security. I open the VNC
ports on the modem and the router, (DMZ for the modem, open the port
for VNC and forward to Server 6 for the router) -- then the remote VNC
client is able to ping the WAN IP I give out (assigend by ISP - dynamic
IP) but the vNC client is not able to connect to server 6. Because of
this I have to remove the router, and open VNC on the modem (as against
the DMZ when modem is connected to router). NOw the VNC client is able
to connect. So in order to protect the network I decided to move the
other 2 server behind the internal NIC of server 6 and make 2 segments.
(New config we are discussing). But the problem is Segment A is not
able to browse the internet (access the WAN aka outside world)

For specific reasons I do not want to go for static IP.

*** BACK TO DISCUSSION THREAD ***:

Now it appears to me only step 1 is required. The step 2 may not be
required since I am not using a router with the modem. *** Q *** BUT,
are you sure I dont have to run any proxy server etc on the XP pro on
segment B (acting as server) and 2000 clients on segement A acting as
clients to access the WAN/internet as opposed to just setting the IP
route ON in the registry???? ***
The router is used as a switch for segment A since it offers 3 LAN
ports. I will try this and post results. Meanwhile please post comments
of yours if any, suggestions etc.

TIA
 
OK - you definitely do not want the routing solution - turn off routing on
server 6.

Don't know how many ports the Westell device has - you may have to add a
switch. But try this:

1. Connect server 6 to the Westell and configure as necessary to allow VNC.

2. Connect the WAN port on the Linksys router to the Westell device (or to
a switch connected to it). and connect the remaining computers to the
Linksys LAN ports.

3. This segregates the other servers and protects them with NAT and a
firewall. These machines will still be able to access server 6 (although
they would probably have to use \\IPaddress instead of browsing), but
server6 cannot access the other machines. If you wanted to allow server 6
to access the others, you could connect its second NIC to the Linksys
router.

Doug Sherman
MCSE, MCSA, MCP+I, MVP
 
Re the latest step 1 and 2 in your reply:
The problem is westell modem has ONLY ONE ethernet port.

What kind of switch can I buy and add between the modem and network? I
understand the switch on which you can turn firewall off or better yet
one with no firewall , just plain old switch -- but what model and
where can I get it?


TIA
 
W2K said:
Need help from experienced MS networking pros for step by step config
of network segment A and B.


1. Server 4, 5, and 6 make a LAN segment A using a router R (subnet
192.168.15.x/Gateway 192.168.15.1)

2. Server 6 is multihomed (dual LAN card). External Card is directly
connected to DSL modem/WAN forming segment B (subnet
192.168.1.x/gateway 192.168.1.254). Internal card is connected to
router R described in step 1.

Segement A and B by themselves are fine.

But I can't seem to succesfully bridge/IP forward between the two cards
in order for segment A to access the *internet/WAN* via segment B.
Please give *step by step intructions* for this required configuration.
Server 4,5 run windows 2000 Pro, server 6 runs XP Pro.

Help is appreciated. TIA.
Click to expand...



I dont know why r u using server 6 as a router to connect to the
internet where u have the router to connect to internet. server 4,5,6
doesnt need a router to communicate eachother , u can use a switch
here.
my suggested hierarchy is : Connect router WAN port to WAN/Internt then
connect the server 6 to LAN port. so now server 6 is behind the router.


One LAN card with the server 6 will connect to router while the other
will connect to a switch. server 4,5 will now connected with the server
6 via switch. Now u can connect to internet via server 6. Now u can
connect to router through server 6.

All the IP addresses u mentioned are class C IP addresess and falls in
the same subnet. So there should be no problem of IP forwarding in my
suggested hierarchy.

If u dont want to keep ur own hierarchy. Find out if there is
ACL(Access List) or Firewall configured in the Router or Server6 which
is preventing IP forwarding between the LAN segments u mentioned.

U have to configure NAT or Internet connection sharing in the server 6
in ur own hierarchy. In my suggested hierarchy u have to install NAT in
the router.

Thats all... hope my suggestion hepl u.

Quasar
 
Well you sure ain't gonna do both. They are two opposite things. IP
Forwarding is normal Layer3 Routing,...Bridging is normal Layer2 Switching.
Continued.....

2. Server 6 is multihomed (dual LAN card). External Card is directly
connected to DSL modem/WAN forming segment B (subnet
192.168.1.x/gateway 192.168.1.254). Internal card is connected to
router R described in step 1.
Click to expand...

You don't want IP Forwarding, you don't want Bridging. What you want is NAT
and RRAS is what you use to do it. I'm not going to explain it
step-by-step, I don't enjoy typing that much. The built in Help in RRAS has
everything you need to configure RRAS to be a "NAT Server" (aka a NAT-based
Firewall). Once you know the correct thing to look for the information is
easy to find.

Just make sure the DSL Modem is really that, just a Modem,...and not a
"router".

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed are my own (as annoying as they are), and not those of
my employer or anyone else associated with me.
-----------------------------------------------------
 
Back
Top