Routing problem/question

[Paul Ponting]

Marc

I have a multi homed Win2k Server.
The two server interfaces are:
Net A - 192.168.0.240
Net B - 192.168.1.240

Net A - 192.168.0.x is the 'live' side of the network. This has a internet
router at 192.168.0.1 amongst other things.

Net B - 192.168.1.x is the secure side (or will be).
What I want to do is set up a static route initial so that clients on Net B
can ping Net A clients.
I set configured Routing with the Network Router option (without demand
dialing)

As soon as the service started, the client on the 192.168.1.x side could
ping the webcam on 192.168.0.2 but was unabel to ping any other clients on
the 192.168.0.x subnet. All the client on this subnet can ping each other
so it is not an issue with the clients.

My first thought was ICMP was filtered, but it cant be as I can ping the the
webcam and the Net A interface on the server.

I have not added any static routes to the configuration, I have tried adding
some but they do not seem to make any difference.

I tried the following static routes

Interface - Net A
Destination - 192.168.0.0
Mask - 255.255.255.0
Gateway - 192.168.1.240

Interface - Net B
Destination - 192.168.1.0
Mask - 255.255.255.0
Gateway - 192.168.0.240

But neither made any difference.


Ideally, what I want to set up with the static routing is any client trying
to access the internet, I want the router to forward this to the Internet
Router on 192.168.0.1 so they get internet access on the Net B side.

I am guessing the Net B clients would have to have 192.168.1.240 as there
gateway, then the router would have to forward these requests to the
Internet router (192.168.0.1) if they are not on the Net A or Net B subnet.

Am I thinking right here?

Thanks

 

[Bill Grant]

The first thing to realise is that you cannot do this by adding static
routes to the W2k server, or fiddling with its gateway settings.

The W2k router will transfer traffic from one subnet to the other, as
long as the traffic actually gets to it. The problem is that, in the
192.168.0 subnet, the clients have their default gateway set to the Internet
router, so traffic for the "other" subnet never reaches the W2k router. It
is either sent out to the Internet or discarded.

The best method is to set all traffic in the "new" subnet to use the W2k
router as their default gateway. Set the W2k router to use the Internet
router as its gateway. Now traffic from the "new" subnet can get to the
Internet router by default routing.

For the return traffic, the Internet router must know how to reach the
new subnet. You could add a static route to this router to forward the
traffic to the W2k router, which can deliver it directly. eg

192.168.1.0 255.255.255.0 192.168.0.240

This will also solve your local routing. Clients in 192.168.0 will send
all traffic to 192.168.0.1 . Traffic for the Internet will continue on,
but traffic for 192.168.1 will "bounce" to the W2k router.

So your network looks like this.

Internet
|
router { static route 192.168.1.0 255.255.255.0 192.168.0.240 }
192.168.0.1
|
workstations
192.168.0.x dg 192.168.0.1
|
192.168.0.240 dg 192.168.0.1
w2k router
192.168.1.240 dg blank
|
workstations
192.168.1.x dg 192.168.1.240

 

[Paul Ponting]

Bill

Much appreciated, this works a treat. Thank.
I don't suppose you know anything about ISA Server do you