Windows 2000 server as Network Router

Hi All,

I have a server with 2 NICs, I already configured RRAS to make my server as
network router. Below the configuration has been done.

Ethernet 1 (connect to Subnet A)
IP Address : 192.168.128.3
Subnet Mask : 255.255.255.0
Gateway : 192.168.128.254

Ethernet 2 (connect to Subnet B)
IP Address : 192.168.8.2
Subnet Mask : 255.255.255.0

Now from subnet A I can ping the computer at Subnet B. But I can't ping the
computer in Subnet A from Subnet B. The following my Static IP Route Table:

Interface List
0x1 ........................... MS TCP Loopback interface
0x1000003 ...00 00 4c 9f 03 3c ...... Intel(R) PRO/1000 Adapter
0x1000004 ...00 00 4c 9f 03 3b ...... Intel 8255x-based Integrated Fast Ether

=====================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.128.254 192.168.128.3 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.8.0 255.255.255.0 192.168.8.2 192.168.8.2 1
192.168.8.2 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.8.255 255.255.255.255 192.168.8.2 192.168.8.2 1
192.168.128.0 255.255.255.0 192.168.128.3 192.168.128.3 1
192.168.128.3 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.128.255 255.255.255.255 192.168.128.3 192.168.128.3 1
224.0.0.0 224.0.0.0 192.168.8.2 192.168.8.2 1
224.0.0.0 224.0.0.0 192.168.128.3 192.168.128.3 1
255.255.255.255 255.255.255.255 192.168.128.3 192.168.128.3 1
Default Gateway: 192.168.128.254
=====================================================
Persistent Routes:
None

Thanks,
Jai

 

There are no "static routes" and the routing table should never be touched o
altered. this is an extremely simplified situation with two networks with a
LAN Router between them. The Router is already "aware" of both networks
because both are directly connected to it, so there are no static routes to
add..

All machines on the LAN must use the LAN Router as their Default Gateway,
however they must use the Inerface that faces them (is in their own subnet).

If the Internet is invloved and you have a typical NAT Device on the network
Edge, then the LAN Router must use this NAT Device as its Default
Gateway,...while all Client use the LAN Router as their Default Gateway.

Now if A can ping B, than the Router is fine both in directions because
"ping" from any direction requires that things work both ways (the reply has
to get back to the sender). If B cannot ping A you may have a personal
firewall running on the machine in A that stops it from recieving the ping.

 

This is a common question and I would add this to Phillip's expanation.
It really just says the same things in a different way.

When you enable IP routing it will forward traffic between the
interfaces. But it can only forward traffic which actually gets to the
router! Making changes at the router itself cannot fix this. You need to
make changes elsewhere in the network to get the traffic to the router.

In the simplest case of one router, it works fine. One each client you
set the default gateway to be the local router NIC. Traffic in the local
subnet is delivered directly (ie "on the wire" using hardware addressing).
Traffic for the "other" subnet is sent to the router. It can deliver the
traffic directly because it has an interface in the other subnet. The setup
for this is simple.

clients
192.168.11.x dg 192.168.11.1
|
192.168.11.1 dg blank
router
192.168.21.1 dg blank
|
192.168.21.x dg 192.168.21.1

If one of these subnets has another router, this usually fails. It fails
because the clients are set to use the "other" router as their default
gateway (to contact another site or the Internet). Traffic for the second
local subnet now goes to the external router and is lost. To solve the
problem you need extra routing to get the local traffic to the internal
router.

You can do this by adding a static route to every client to send traffic
for the other local subnet to the internal router. This will override the
default route, and get the local routing working. A simpler approach is to
add the extra route to the external router. The traffic for the local subnet
will then be redirected (or "bounced") to the internal router. A typical
setup for this would look like

External network
|
external router
192.168.11.254
|
clients
192.168.11.x dg 192.168.11.254
|
192.168.11.1 dg 192.168.11.254
internal router
192.168.21.1 dg blank
|
clients
192.168.21.x dg 192.168.21.1

If you add the extra routing to the external router eg

192.168.21.0 255.255.255.0 192.168.11.1

the local subnets will be able to route correctly. In addition, the
clients on the internal subnet (192.168.21.0) will also be able to see the
external network. Traffic will go out by default routing and get back
because of the route you added to the external router (to forward traffic
for 192.168.21.0 to the internal router).

 

Thanks for the answer, Now after I checked the personal firewall I can ping
to windows XP but I still cannot ping windows NT or windows 98, from what I
know either of this OS don't have personal firewall. So is there any setting
I need to check again.

Thanks,

 

Thank Phillips and Bill, I already solved the problem.

Thank You.

 

Hi,

Now both network can ping each other and access each other, but one subnet
that not same which subnet which email & proxy server reside have a problem
browse an internet and access to email server. Below my network structure

External router(192.168.128.254)
|
Email & Proxy server (192.168.128.253) dg 192.168.128.254
|
Client (192.168.128.xxx) dg 192.168.128.3
| Subnet A
192.168.128.3 dg blank
internal router
192.168.8.2 dg blank
| Suhnet B
Client(192.168.8.xxx) dg 192.168.8.2 -> can't access internet and email


What I need to set for Subent B can access to the internet and Email

Thanks,
Jai

 

First up, you need a static route on the email/proxy server to forward
traffic for 192.168.8.0 machines to 192.168.128.3. At the moment this
traffic will be going to the default router at 192.168.128.254 and getting
lost.

As Phillip said earlier, you also need to define the 192.168.8.0 subnet
as being part of your internal network (ie included in the LAT) in the proxy
server settings.

 

I wouldn't add static routes to the clients. I would add the routes to the
Router they are already using as the DG. This way the routing is
centralized. Then future changes would be made on a single device instead of
repeated changes on every client. Both methods work, but centralizing it is
more managable, especially if he system becomes large. In the diagram
below, the furthest network opposite of router#2 is a Stub network
(192.168.200.x), so no Static Route is need on router#2,..the DG on route#2
covers it.

Internet NAT Device = 192.168.11.254
All Clients in 192.168.11.x use DG-192.168.11.1
All Clients in 192.168.21.x use DG-192.168.21.1
All Clients in 192.168.200.x use DG-192.168.200.1
No Statics Routes on clients

Internal router #1
int#1 192.168.11.1
int#2 192.168.21.1
dg 192.168.11.254
<statics routes added here>
[net] [mask] [gateway] [int]
[metric]
192.168.200.0 mask-255.255.255.0 192.168.21.2 int#2 metric 1

Internal router#2
int#1 192.168.21.2
int#2 192.168.200.1
dg 192.168.21.1

 

Forgot the Static route on the NAT Device. It will need that to see the
other two LAN segments. It can be done with a single route using a 16bit
mask.

Internet NAT Device = 192.168.11.254
[net] [mask] [gtwy] [metric]
192.168.0.0 mask-255.255.0.0 192.168.11.1 metric 1

 

Hi,

My external router is physical router which is connected to leased line.
Then my email server and proxy server is Linux server which reside in Subnet
A and my physical router also reside in subnet A. The computer in Subnet A
dont have any problem at all. The problem only happened to Subnet B they can
access another pc and printer in Subnet A but cannot access and email & proxy
server in Subnet A.

Thank for help,
Jai

 

Since you are using a proxy server to access the Internet, the clients
in subnet A don't need to know about the Internet router. So your setup with
the clients having their default gateway set to the internal router should
give you routing between clients.

You can't use this method for the proxy/mail server because it does need
to know about the Internet router. So it has to use the Internet router as
its default gateway. For this machine to route to the machines in subnet B,
it must have a static route to send traffic for subnet B to the internal
router.

 

Bill's got you covered, just follow what he is saying. There's no point in
me reapting what he is saying. I only wanted to add a little different
routing method that I prefer,...other than that it is the same thing.


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com