please advise - problem with routing

Discussion in 'Server Networking' started by andrew, Oct 17, 2004.

  1. andrew

    andrew Guest

    hi,
    I have 2 network 192.168.1.1 and 192.168.26.1 connected together by router.
    On first server 192.168.1.1 I have additional NIC 192.168.2.1 which is used
    by some
    device. From 192.168.1.1 I can access that device since I checked IP routing
    on that sever
    and use 192.168.1.1 as a gateway, but I cannot access that device from the
    second 192.168.26.1 network. Can somebody help? I cannot use the same
    gateway since this is different network.
     
    andrew, Oct 17, 2004
    #1
    1. Advertisements

  2. andrew

    Miha Pihler Guest

    Hi Andrew,

    You haven't told us the subnet mask that you use (in this case, this would
    be very important information).

    If you decided to use default subnet mask for 192.168.x.x network that would
    be 255.255.255.0 (or 24 bit subnet mask). If we look at an example one
    subnet would be:
    192.168.1.1 - 192.168.1.255 with 24 bit subnet mask. Second subnet would in
    this case be
    192.168.2.1 - 192.168.2.255 with 24 bit subnet mask Third subnet would in
    this case be
    192.168.3.1 - 192.168.3.255 with 24 bit subnet mask ....
    ..
    ..
    ..
    192.168.26.1 - 192.168.26.255 with 24 bit subnet mask
    ..
    ..
    ..
    192.168.255.1 - 192.168.255.255 with 24 bit subnet mask.

    In this case computers and devices in 192.168.1.x network will need a
    gateway on 192.168.1.x subnet. Computers and devices in 192.168.2.x network
    will need their gateway on 192.168.2.x subnet or will not be able to connect
    to 192.168.1.x network (or anything outside 192.168.2.x network). And
    computers and devices in 192.168.26.x network will need their gateway on
    192.168.26.x subnet...

    Gateway _must_ always be on same subnet as computers/devices are...

    If you have a server with 3 NIC with IPs 192.168.1.1 and 192.168.2.1 and
    192.168.26.1 this server will be able to connect to all three networks (but
    only this server/device). It will use information from the NIC to build a
    routing table.

    Such servers (and Windows computer) can have only one default gateway. This
    would be the NIC that leads e.g. to the internet. E.g. if your NIC
    192.168.1.1 would be connected to the router that lead to the internet this
    NIC would have a gateway.

    Mike
     
    Miha Pihler, Oct 17, 2004
    #2
    1. Advertisements

  3. andrew

    andrew Guest

     
    andrew, Oct 18, 2004
    #3
  4. andrew

    andrew Guest

    Hi Mike,
    I use gateway 255.255.255.0 in both. The 192.168.26.1 is not on the server,
    this is separated remote network with router( GW 192.168.26.1) The problem
    is what gateway use to get to 192.168.2.1 network. I use 192.168.26.1 GW to
    get to 192.168.1.1 and this work.
    The NIC 192.168.2.1 is on the server 192.168.1.1 (second NIC)
    thanks, Andrew
     
    andrew, Oct 18, 2004
    #4
  5. andrew

    Miha Pihler Guest

    Andrew,
    You mean you use subnet mask 255.255.255.0?
    with router( GW 192.168.26.1) The problem
    to get to 192.168.1.1 and this work.
    Andrew

    It is quite hard to give you any solid advice. When accessing 192.168.2.0
    network from 192.168.26.0 network you will use same gateway as you already
    do.

    How is your router configured? What are IP numbers assigned to your router?
    One is 192.168.26.1. What is the other? Is it 192.168.1.x?

    If so, you will need to add another network card to your router and
    configure it with 192.168.2.x IP. Then you will need to connect this NIC in
    router with second NIC in your server. After you do this, you may need to
    add a static route to 192.168.2.0 network...

    Mike
     
    Miha Pihler, Oct 18, 2004
    #5
  6. andrew

    Dana Brash Guest

    Hi Andrew,

    Actually, these are HOST addresses, not NETWORK addresses.
    But working with the concept that we've got two subnets 192.168.1.x/24 and
    192.168.26.x/24, you could accomplish this a couple different ways. The
    first diagram below shows a literal interpretation of this statement. The
    second diagram shows a different way that you could accomplish this. These
    are by no means the only ways to do it....
    If your config is different, please point out where.

    What is that device? a printer? Wireless AP? Another comptuer? What is it's
    purpose?
    Not terribly important, but may be helpful to know...

    Again, I will assume that this means from the 192.168.1.x/24 subnet you can
    access the 192.168.2.x/24 subnet
    How have you enabled routing on this device? Are you using RRAS? Static
    Routes?
    As far as I can tell, this HOST IP address should be the private side of
    your Internet Router, and not related to routing between the two internal
    subnets
    Right, you need to add the routes.


    Below are some example setups, but again, I'm not too sure how you've got
    your topology configured.
    Again, there are many ways to accomplish what you're trying to do. Please
    help us understand what you've actually done. Feel free to modify the
    diagrams to draw us a picture.

    HTH,
    =d=

    --
    Dana Brash
    MCSE, MCDBA, MCSA




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    In this diagram for packets from 192.168.26.x to reach 192.168.2.x, the
    router needs to have a route entry that directs traffic to the
    192.168.2.x/24 network via the 192.168.1.11 Gateway using ETH0
    ("/24" = "24 bit" = "255.255.255.0" subnet mask)

    ********************************************************
    _____________
    | Some Device |
    |____________|
    |
    192.168.2.??/24
    |
    |
    NIC2
    192.168.2.x/24
    _|_
    | |
    | | first server (Actually a router also)
    |__|
    |
    NIC1
    192.168.1.11/24
    |
    |
    192.168.1.1/24 (let's say ETH0)
    ____|______
    | ROUTER |----/\/\/---(ETH2)---/\/\/---->> INTERNET
    |__________|
    192.168.26.1/24 (let's say ETH1)
    |
    |
    192.168.26.x/24
    ********************************************************



    In this diagram for packets from 192.168.26.x to reach 192.168.2.x, ROUTER-2
    will have a Route from 192.168.26.x/24 -> 192.168.2.x/24 via 192.168.1.11
    Gateway using Interface 192.168.1.12 (RT2_ETH0).
    There will also be a default route on Router2 that uses ROUTER1 ETH0 as the
    default gateway.
    ===========================================================================
    ON ROUTER2:
    Network Destination Netmask Gateway Interface
    Metric
    . .
    192.168.2.0 255.255.255.0 192.168.1.11 192.168.1.12
    ??
    . .
    Default Gateway: 192.168.1.1
    ===========================================================================

    ********************************************************
    _____________
    | Some Device |
    |____________|
    |
    192.168.2.??/24
    |
    |
    Server_NIC2
    192.168.2.x/24
    _|_
    | |
    | | first server (Actually a router also)
    |__|
    |
    Server_NIC1
    192.168.1.11/24
    |
    |
    ____\/____ __________
    | Switch |--(RT1_ETH0)-->| ROUTER1 | --(RT1_ETH1)----->> INTERNET
    |________| 192.168.1.1/24 |__________| PUBLIC IP
    ^
    |
    |
    192.168.1.12/24(let's say RT2_ETH0)
    |
    ____\/______
    | ROUTER 2 |
    |__________|
    |
    192.168.26.1/24 (let's say RT2_ETH1)
    |
    |
    192.168.26.x/24
    ********************************************************
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
    Dana Brash, Oct 18, 2004
    #6
  7. andrew

    andrew Guest

    Hi Dana,
    here is like it looks:
    _____________
    | video recording dev|
    |____________|
    |
    192.168.2.2 (static)
    |
    |
    NIC2
    192.168.2.1
    _|_
    | |
    | | first server (Actually a router also)
    |____| WinNT4.0 IP routing enable (checkbox)
    |
    NIC1
    192.168.1.1
    |
    192.168.1.1/24 (in this network I added using route command:)
    ____|______ route add 192.168.2.0 mask 255.255.255.0 192.168.1.1 and
    works
    | ROUTER |
    |__________|
    192.168.26.1/24
    |
    |
    192.168.26.x/24 (no dhcp)
    (from this network main server is accessed through GW 192.168.26.1)
    in that network I cannot of course add gatway 192.168.1.1 directly, and
    thats my problem.
    so how to routr this. without adding additional NIC (not possible)
    thanks, Andrew
     
    andrew, Oct 19, 2004
    #7
  8. andrew

    Dana Brash Guest

    Hi Andrew,

    Thanks for the map.

    One thing that I would like to make very sure you understand is that when
    you add a route, you are not adding it to a network, you are adding it to
    the routing table on a host. I realize this may be a language issue, and I
    certainly don't mean to criticize at all, but the difference between a host
    and a network is a very important distinction in IP address configuration.

    On your diagram, you show that the 192.168.1.0/24 subnet has two devices
    using the same IP address. You show the NT server as using 192.168.1.1 and
    the Router as using 192.168.1.1. This will create terrible conflicts and
    nothing should work on that subnet. Each device needs to have a unique IP.

    For further troubleshooting, please post back here the results from:

    1. ROUTE PRINT on NT4
    Please open a command window on the NT4 machine and copy the results of a
    ROUTE PRINT and post it back here.

    2. ROUTE PRINT on router (or otherwise grab the route table)
    What kind of machine is the other Router? Is it also a Windows machine, or
    Linux, or hardware appliance, or?
    Please post the route table from this device also.

    3. tracert -d 192.168.2.2 from host on 192.168.26.0/24 subnet
    Finally, from a device on the 192.168.26.0/24 subnet please run a tracert -d
    192.168.2.2 command and post the results from that up here as well.

    You do not need any additional NIC in this environment, it's all
    configuration, not hardware.

    I am curious, however, why there is no Internet access shown in the diagram?
    Are there possibly some WAN connections in here that are VPN'd or something?

    --
    HTH,
    =d=


    Dana Brash
    MCSE, MCDBA, MCSA

     
    Dana Brash, Oct 19, 2004
    #8
  9. andrew

    Bill Grant Guest

    I have to disagree with you on that point. If one subnet is connected to
    the Internet, it does make a considerable difference to the internal
    routing. When more than one router is involved, normal default routing fails
    to cover all possibilities. You need to configure your network so that
    default routing covers the most common paths (which usually means out to the
    Internet) and then configure static routes to cover the other possibilities.
     
    Bill Grant, Oct 21, 2004
    #9
  10. andrew

    andrew Guest

    No, no, there is no conflict. 192.168.1.1 is a server on which IP routing
    is enabled.(no eextra router ) I cannot run anything on the device , IP is
    static configurable.
    Ofcourse we have internet access through firewall but this is not relevant
    since I have problem inside the local network. I runn tracer commands and
    post tomorrow,
    thanks,Andrew
     
    andrew, Oct 21, 2004
    #10
  11. andrew

    Dana Brash Guest

    No additional router? But your diagram shows a router.... Do you mean that
    you have two subnets on that side of the NT4 machine?
    Like so:

    __________
    | video rec |
    |_ device___|
    |
    192.168.2.2 (static)
    |
    |
    NIC2
    192.168.2.1
    _|_
    | |
    | | first server (Actually a router also)
    |____| WinNT4.0 IP routing enable (checkbox)
    |
    NIC1
    192.168.1.1/24
    | \

    | \

    | \

    | \
    | \
    | \
    192.168.1.1/24 192.168.26.1/24


    This configuration can be accomplished by changing the subnet mask on NIC1
    to 19 bit, but I'd probably change the 26 to a 3 or 4 and use a 22 bit
    subnet mask. This will make the two address ranges be on the same subnet
    192.168.0.0/19 or 192.168.0.0/22 and all traffic will pass between them for
    all hosts. Actually, that would put all three subnets on the same subnet.
    If you want the subnets separated, then you must use a router. If you are
    using NT4 to route to these two subnets off the same NIC, then NIC1 needs to
    have an IP address in both subnets in order to act as that router, or you
    need to add an additional NIC to the NT4 machine.



    Example 1: Add IP Address to NIC1 on NT4 Machine

    __________
    | video rec |
    |_ device___|
    |
    192.168.2.2 (static)
    |
    |
    NIC2
    192.168.2.1
    _|_
    | |
    | | first server (Actually a router also)
    |____| WinNT4.0 IP routing enable (checkbox)
    |
    NIC1
    192.168.1.1/24
    192.168.26.1/24

    | \

    | \

    | \

    | \
    | \
    | \
    192.168.1.x/24 192.168.26.x/24




    OR:

    Example 2: Add additional NIC to NT4 machine

    __________
    | video rec |
    |_ device___|
    |
    192.168.2.2 (static)
    |
    |
    NIC2
    192.168.2.1
    _|_
    | |
    | | first server (Actually a router also)
    |____| WinNT4.0 IP routing enable (checkbox)
    | \
    | \
    | \
    | \
    | \
    NIC1 NIC3
    192.168.1.1/24 192.168.26.1/24
    | |

    | |

    | |

    | |

    192.168.1.x/24 192.168.26.x/24





    For that matter, perhaps you can accomplish everything you need by NOT
    routing anything and just using a different subnet mask, or otherwise
    eliminating your use of subnets.

    Which brings up the point: How many systems are you actually working with
    that you need to subnet like this, or otherwise what is the purpose.



    Finally, I agree with Bill, it IS important to know where your internet
    connection is, particularly in terms of the default route.

    If we're going to help you get your routing table right, we need to know the
    default route.



    Please post the Routing table from the NT4 system.


    --
    HTH,
    =d=



    Dana Brash
    MCSE, MCDBA, MCSA

     
    Dana Brash, Oct 21, 2004
    #11
  12. andrew

    andrew Guest

    Hi Dana,
    Sorry for the confusion, again, ther is cisco router which connects seconds
    remote network:
    _____________
    | video recording dev|
    |____________|
    |
    192.168.2.2 (static)
    |
    |
    NIC2
    192.168.2.1
    _|_
    | | main server
    |____| WinNT4.0 IP routing enable (checkbox)
    | Internet comes here through soniwall firewall
    |
    NIC1
    192.168.1.1
    |
    point to point connection here
    | (in this network I added
    using route command:)
    ____|______ route add 192.168.2.0 mask
    255.255.255.0 192.168.1.1 and
    | | works
    | ROUTER |
    |__________|
    192.168.26.1 (router)
    |
    |
    192.168.26.x/24 (no dhcp)

    Andrew
     
    andrew, Oct 22, 2004
    #12
  13. andrew

    Dana Brash Guest

    Hi Andrew,

    Please post the routing table from the NT 4 machine, the Second Router, and
    a tracert illustrating the problems.

    --
    HTH,
    =d=


    Dana Brash
    MCSE, MCDBA, MCSA

     
    Dana Brash, Oct 22, 2004
    #13
  14. andrew

    Bill Grant Guest

    Hi Andrew,

    You say that you have added extra routing to the 192.168.1 subnet so
    that it can reach the 192.168.2 subnet via the NT4 server.

    Did you add this route to the router or to individual machines in the
    subnet? To reach the 192.168.2 subnet from the 192.168.26 subnet, this route
    must be on the router.

    When traffic for 192.168.1.x reaches the router from 192.168.26.x , it
    can be delivered directly (because the router has an interface in that
    segment/subnet). Traffic for 192.168.2.x still has one hop to go. Unless the
    router has a route so that it knows to forward it to the NT machine, the
    packet will follow the default path (to the firewall) and be lost.
     
    Bill Grant, Oct 23, 2004
    #14
  15. andrew

    Dana Brash Guest

    Recap of the end goal:
    route packets from 192.168.26.0/24 subnet to 192.168.2.0/24 subnet, hopping
    192.168.1.0/24 subnet

    Yes, the routes should be put on the router. If you are not familiar with
    adding a route to the router, then perhaps you can find somone in your
    organization who can help you with this, and perhaps with this
    troubleshooting this problem in general. If it falls to you, find the
    manual for your router.

    run the tracert from a client machine on the 192.168.26.0/24 subnet. This
    will tell us which router is blocking the packets and therfore which router
    needs to have the added route.


    --
    HTH,
    =d=


    Dana Brash
    MCSE, MCDBA, MCSA

     
    Dana Brash, Oct 23, 2004
    #15
  16. andrew

    andrew Guest

    Hi Bill,
    No I didn't add anything to router, only to individual machine on
    192.168.1. subnet.
    So you're saying that I should add the 192.168.1.1 route to 192.168.2.0 to
    the router which separates these 2 networks, directly...I'm not sure how I
    can add anything to router but I try.

    Dana, how to run tracert on the router?
    thanks, Andrew
     
    andrew, Oct 23, 2004
    #16
  17. andrew

    andrew Guest

    but if I cannot add a route in 192.168.26.x/24 network, (route add
    192.168.2.0 mask
    255.255.255.0 192.168.1.1) will I be able to add this on the router which
    is also in 192.168.26. ?
     
    andrew, Oct 23, 2004
    #17
  18. andrew

    Dana Brash Guest

    Hi Andrew,

    Routes should be added at the router. You need to add the route to the
    router separting the 192.168.26.0/24 subnet from the 192.168.1.0/24 subnet.

    The router is actually in BOTH subnets because it has an IP address in both.
    This is why, from your diagram, it appears that you have an IP conflict
    because you do not show the second router's IP address in the 192.168.1.0/24
    subnet.

    Please post the Route tables, and IP config information for your networks.

    --
    HTH,
    =d=


    Dana Brash
    MCSE, MCDBA, MCSA

     
    Dana Brash, Oct 23, 2004
    #18
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.