routing on Windows 2003 Standard

Discussion in 'Server Networking' started by Miha, Sep 21, 2004.

  1. Miha

    Miha Guest

    Hi

    Is it possible to configure routing on 3 network cards, like 1 in 'private
    network' and 2 are in 'public network'
    The situation is like: LAN - 'gateway server' - ClusterFirewall.(2 nodes)
    I want to do routing from LAN through first NIC on this 'gateway server' on
    IP adress 10.10.10.1 through 2,3 NIC on the same gateway server on IP adress
    10.10.10.2 and 10.10.10.3 (these two NIC are connected to ClusterFirewall,
    which is connected to internet).
    On 'gateway server' I need two card, becasue in case of working 'Firewall 1'
    all traffic from lan and back will go through NIC 1 and 2 on 'gateway
    server', but in case of working 'Firewall 2' traffic will go from lan and
    back through NIC 1 and NIC3.
    Is this possible?
    Regards
    Miha
     
    Miha, Sep 21, 2004
    #1
    1. Advertisements

  2. Miha

    Bill Grant Guest

    No, W2k/W2k3 RRAS cannot cope with that. It will send all traffic to the
    default gateway. If you configure two default gateways, it will select one
    and use that. It will only use the second gateway if the first fails.

    Surely this should be handled by the cluster firewall. A cluster is
    usually accessed by a single "cluster" address, and the clustering software
    looks after the load balancing.
     
    Bill Grant, Sep 22, 2004
    #2
    1. Advertisements

  3. Miha

    Jeff Cochran Guest

    It's confusing, but if I read this right you can do it. Though you
    really don't need three NIC's, just the right IP addressing and some
    routing.

    Jeff
     
    Jeff Cochran, Sep 22, 2004
    #3
  4. Alright...Bill and Jeff are saying opposite things <spank spank> let's get
    it together,..what'll it be guys ;-)

    Actually for me, the description was written too confusing, so I decided to
    just "lurk" and see what happened.
     
    Phillip Windell, Sep 22, 2004
    #4
  5. Miha

    Miha Guest

    Thank you all for help. So if I'm getting this right, I need to configure
    routing (RIP) from 'private' through 'public' card, and this can be done
    with RRAS. Any help how to achieve this?

    Regards
    Miha

     
    Miha, Sep 22, 2004
    #5
  6. If you are doing just "routing" there is no such thing as a private and
    public card,..those concepts are strictly a NAT thing. You need to clarify
    if you are wanting to NAT between a trusted and untrusted network or are you
    simply wanting to route between two normal subnets, that is two entirely
    different concepts. RRAS can do either one, but they are not the same thing
    at all.


    --

    Phillip Windell [MCP, MVP, CCNA]
    www.wandtv.com


     
    Phillip Windell, Sep 22, 2004
    #6
  7. Miha

    Jeff Cochran Guest

    We're not really, but I didn't put in much detail. :)
    It is confusing. As I read it, the OP had two firewalls in a cluster
    and wanted some traffic to go to one firewall, and other traffic to go
    to the other, using the system described as a gateway. He had three
    IP addresses on three NICs, all in the same logical network, which
    wouldn't ever route anyway.

    My response was that he should be able to do this, but he's going to
    need to change IP's, use proper routes, and likely configure his
    clustered firewall. As he described it he cannot do it, for the
    reasons Bill suggests as well as the fact that three NICs that are all
    in the same logical network will never send anything out another NIC.

    My suggestion is three logical networks, one for the LAN side and one
    for each firewall. He can use routes to direct what traffic he wants
    to go through which firewall, but the routes aren't going to be easy
    and depend on what he's wishing for the client side.

    It's still a pretty convoluted setup. Perhaps is the OP told us what
    they wanted to accomplish and didn't post any IP or routing info.

    Jeff
     
    Jeff Cochran, Sep 22, 2004
    #7
  8. Miha

    Bill Grant Guest

    And the reply from Miha himself certainly didn't throw any light on the
    situation!
     
    Bill Grant, Sep 23, 2004
    #8
  9. <snip>

    Yea, that sounds like the way to go to me.
    Yea, it usually better if they just give the "goal" and lets us come up with
    a good method, rather than try to explain some strange method and then have
    us try to come up with some strange off-the-wall way to get it to somehow
    "kinda-sorta" function.
     
    Phillip Windell, Sep 23, 2004
    #9
  10. Miha

    Miha Guest

    H

    Sorry to bother you, but finally we decided what to do_Only two network
    cards, and just route between them (like Philip said route between two
    normal subnets.)
    First one will be connected to our LAN switch (IP of first NIC:
    10.10.10.10/16) which will route through the second one that is connected to
    firewall (IP of second NIC: 10.10.10.11/16; gateway 10.10.10.1 - IP of NIC
    in firewall).
    How do I need to configure RRAS to work with that?
    Thank you again for all help
    Regards
    Miha



     
    Miha, Sep 23, 2004
    #10
  11. That's me :)
    Here are instructions for doing normal routing with RRAS on Server2000. It
    should be the same with Server2003. If it is NT40 you can do it easily with
    a "naked" OS and don't need RRAS.

    299810 - HOW TO: Configure Windows 2000 to Be a Router
    http://support.microsoft.com/default.aspx?scid=kb;en-us;299810
     
    Phillip Windell, Sep 23, 2004
    #11
  12. Miha

    Bill Grant Guest

    But it all seems pretty pointless. You cannot route between things which
    are in the same IP subnet. You would need to change your IP scheme. Why not
    just make the firewall the default gateway for the LAN? The"router" would
    not really be doing anything, even if you can get it to work.
     
    Bill Grant, Sep 24, 2004
    #12
  13. <snip>
    I think you can route through same subnet. Just why would you want to. Maybe
    if you want to tax your network cards and warm up your processors for some
    cheap heating.

    Best bet is to tell him what he wants.
    Enabe routing on the gateway.
    All LAN traffic will only exit here if it is destined for anywhere other
    than the LAN.
    Use 10.10..10.10/16 for you LANADAPTER and 10.11.10.10/16 for your
    WANADAPTER. Actually, the WANADAPTER will have to be configured with the
    actual address range of the network to which it is connecting unless it is
    NAT'd.
    Bugger I shouldn't have started typing this...
    <snip><snip>


    <snip>...
     
    Steve Ireland, Sep 24, 2004
    #13
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.