Networking query with wireless router

Discussion in 'Server Networking' started by Andrew Hodgson, Aug 21, 2004.

  1. Hi all,

    Have SBS box and wireless ISDN router.

    I want to enable the wireless router in the following configuration:

    1. Wireless ISDN router living at 192.168.1.0 network with a few
    servers in the same network including the SBS server. Firewall also
    present on network on the wireless router.
    2. LAN clients connected to SBS computer via second switch connected
    to second NIC of the SBS computer on 192.168.2.0 network.

    Currently:

    Traffic goes from 192.168.2.0 to 192.168.1.0 network fine, using
    192.168.2.1 (the SBS computer) as the gateway.

    However, I can't get traffic to go from 192.168.1.0 to 192.168.2.0,
    which is what I want, and I also want the wireless clients (connecting
    via the wireless router on the other side of the switch) to be able to
    connect. I think I need to do this in two steps:

    1. Enable the DHCP server (there is currently no DHCP server
    listening on 192.168.1.0 network) so that it dishes out 192.168.2.x
    addresses to wireless clients.
    2. Enable 192.168.1.4 to be a gateway for 192.168.1.0/255.255.255.0
    so that machines on the first subnet can talk to the second.
    192.168.1.4 is the SBS box also.

    Any help with where to go to get this working?

    The original idea why I split the networks up was due to different
    services needing to listen on 192.168.1.4 for server requirements.

    Thanks,
    Andrew.
     
    Andrew Hodgson, Aug 21, 2004
    #1
    1. Advertisements

  2. Andrew Hodgson

    Miha Pihler Guest

    Hi Andrew,

    My guess would be that you need to create a route for 192.168.2.0/24 on your
    router.

    When your clients e.g. web server in subnet 192.168.1.0 wants to talk to
    your services on 192.168.2.0 network they know that that address is out of
    their subnet so they forward request to router (default gateway). Now
    default gateway (your router) needs to know where to forward requests for
    192.168.2.0. If it doesn't know where to forward them, it will forward them
    to it's gateway which is probably router on your ISP side where it will get
    discarded...

    Check your routers documentation how to add routes. You don't have to add
    one in Windows since it has two network cards. One in 192.168.1.0 and one in
    192.168.2.0 network. It will build its routes based on this information.

    For your wireless client, yes you can provide DHCP service or you will have
    to configure them manually. Make sure you have your wireless network
    secured. Note that WEP is not very secure because of its design. If you will
    use WEP use highest possible encryption (e.g. 256 bit) Also SSID hiding is
    not very efficient.

    I hope this helps,

    Mike
     
    Miha Pihler, Aug 21, 2004
    #2
    1. Advertisements

  3. Andrew Hodgson

    Bill Grant Guest

    You can do this, but it is not a good idea. SBS server is your domain
    controller, and it is not a good idea to use your DC as a router. There are
    lots of possible problems which can arise with both DNS and Netbios names
    (and browsing). They can be overcome, but it is best to avoid them if you
    can.

    Here is how the routing needs to be set up. I would use some other
    device (a hardware router or a server/workstation) for the router. I admit
    it complicates the DHCP setup, but that could be minor compared to the other
    problems you might come across with a DC as router. If the router is a
    server it can run DHCP for the 192.168.2.0 subnet.

    Internet
    |
    ISDN router
    192.168.1.1
    |
    servers and workstations
    192.168.1.x dg 192.168.1.1
    |
    192.168.1.253 dg 192.168.1.1
    router
    192.168.2.1 dg blank
    |
    workstations
    192.168.2.x dg 192.168.2.1

    To make it work, you need to add a route to the ISDN router so that it
    knows how to reach the extra internal subnet. eg

    192.168.2.0 255.255.255.0 192.168.1.253

    This forwards traffic for the second private segment to the internal
    router, which can deliver it (because it has an interface in that IP
    subnet).
     
    Bill Grant, Aug 22, 2004
    #3
  4. I added the following root to the table on the main router (default
    gateway for 192.168.1.0 clients):

    192.168.2.0/255.255.255.0 via 192.168.1.4.

    However, this still doesn't work, probably because 192.168.1.4 (the
    first NIC on the server) is not set up to be a gateway for the
    192.168.2.0 subnet? Another issue is I discovered yesterday that
    anything coming from the 192.168.2.0 subnet is using NAT, so all
    requests in logs etc show traffic as coming from 192.168.1.4. This is
    not necessary.

    Andrew.
     
    Andrew Hodgson, Aug 22, 2004
    #4
  5. I realise this. The reason for doing this was because I was trying to
    run two DNS servers on two NICs, one for external queries (public DNS)
    and the other the private DNS server for AD etc. This worked very
    well on just the one subnet, with the only issue being that the server
    kept listing two of its ip addresses in the DNS, causing clients to
    sometimes connect to the wrong server.

    As I am new to AD and W2k3 server (have been administering Linux
    machines for some time), someone on the SBS group said to create the
    two subnet situation, had I realised what would happen re the SBS box
    becoming a router I would not have done it. The issue now is that
    when I set it back to how it was, via the SBS control panels, I can't
    get into the system using the NetBios name (i.e, \\servername), and DC
    functions are not available on the ip address (192.168.1.4). I am
    trying to investigate this issue with the SBS group, as the SBS wizard
    is not changing a setting which it needs to (I have replicated it on
    another test system).

    Any general suggestions?

    Thanks,
    Andrew.
     
    Andrew Hodgson, Aug 22, 2004
    #5
  6. Andrew Hodgson

    Miha Pihler Guest

    I added the following root to the table on the main router (default
    If you added route for this but you use NAT, this won't work.

    What are other functionality of this SBS? Is it also ISA firewall? Did you
    configure it as RRAS? There is probably a filter that won't allow access
    from 192.168.1.0 to 192.168.2.0 network. We have to figure out where this
    filter is set. In ISA or RRAS or...?

    Can you do another test? In your network e.g. web server that is in
    192.168.1.0 network ping 192.168.1.4. Does this work?

    Mike
     
    Miha Pihler, Aug 22, 2004
    #6
  7. I would change the "servers and workstations" of 192.168.1.x to use
    192.168.1.253 as the dg. This would point everybody to the LAN Router, then
    the LAN Router uses the ISDN Router (192.168.1.1) as its dg as you
    indicated. If you don't do this, the machines on 192.168.1.x will not be
    able to get to the machines on 192.168.2.x

    I imagine that is what you meant anyway and that is just a typo.

    --

    Phillip Windell [MCP, MVP, CCNA]
    www.wandtv.com

     
    Phillip Windell, Aug 23, 2004
    #7
  8. ISO and RAS is not set, it is just using the inbuilt functionality of
    the Windows SBS firewall (not sure whether this is included in w2k3
    server also).
    Yes this works.

    Andrew.
     
    Andrew Hodgson, Aug 23, 2004
    #8
  9. Andrew Hodgson

    Miha Pihler Guest

    You probably have to enable routing on your server. Make sure that this is
    really something that you want (consider security in your decision)...

    To enable routing open registry editor (Regedit)

    HKEY_LOCAL_MACHINE\SYSTEM\CurentControlSet\Services\Tcpip\Parameters\

    Change REG_DWORD IPEnableRouter from 0 to 1.

    Since you don't have any filters (RRAS or ISA) all traffic from 192.168.1.0
    will be able to pass to 192.168.2.0

    Mike
     
    Miha Pihler, Aug 23, 2004
    #9
  10. Andrew Hodgson

    Bill Grant Guest

    No, that isn't necessary. The original subnet uses the ISDN router
    directly. If the traffic is for the second private subnet, the static route
    added to the ISDN router will bounce it to the internal router, so that the
    two private subnets can route.

     
    Bill Grant, Aug 24, 2004
    #10
  11. Thanks, this is what I wanted. I will let you know if it works when I
    try this out this evening/tomorrow.

    Andrew.
     
    Andrew Hodgson, Aug 24, 2004
    #11
  12. That is how it was going to work, except for the fact that the
    192.168.1.4 box (which is the only box which is capable of getting to
    192.168.2.0 subnet) was not configured to act as a router to that
    subnet.

    Andrew.
     
    Andrew Hodgson, Aug 24, 2004
    #12
  13. Yea that will work too. I just don't like using an "edge" device for the
    main routing device. I'd rather use the acutal LAN router as the main
    routing device, and then let it handle sending to the edge device whatever
    is required to.
     
    Phillip Windell, Aug 25, 2004
    #13
  14. Andrew Hodgson

    Bill Grant Guest

    As you say, it is a matter of personal preference. With the static route
    on the edge router, the local machines soon "learn" the direct route to the
    private subnet. As soon as they access a target machine in the private
    subnet, the router sends back an ICMP redirect. From then on they have a
    host route to the target machine through the internal router and don't need
    to use default routing.

     
    Bill Grant, Aug 26, 2004
    #14
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.