Solved

IP routing with 2 NICs

Posted on 1998-10-12
22
1,988 Views
Last Modified: 2013-12-23
I have a WindowsNT server that I am trying to set up as an internet router.  It has two NICs, one is connected to an internet router, address 192.168.4.128 mask 255.255.255.0 and the router's address (gateway) is 192.168.4.254.  From the server, I can browse the web successfully and ping whatever I like.

The second NIC is set up with IP address 10.0.4.1 and connects to 30 clients with addresses in the range 10.0.4.2-250, supplied via DHCP from the server.  The DHCP config supplies router address 10.0.4.1 as a gateway.  I have also manually configured a client with IP address 10.0.4.2 and gateway address 10.0.4.1 mask 255.255.255.0.

RIP for Internet protocol is installed on the server, and SP3 is installed.

When I do a "route print" from the server, there is a line:
Network address  netmask         gateway   interface   metric
10.0.4.0           255.255.255.0     10.0.4.1  10.0.4.1       1
which from what I have read should allow the clients to access the rest of the world.

The problem I have is: I cannot ping the internet router (192.168.4.254) from any client on the 10.0.4.0 subnet, but I can ping the other NIC, ie:192.168.4.128, so none of the clients can access he web.

Each client and the server has NetBEUI and TCP/IP installed, and all the clients can see the server in network neighborhood

Please read this question carefully before giving any one-line stupid answers
0
Comment
Question by:jewel_9
  • 8
  • 4
  • 4
  • +5
22 Comments
 

Author Comment

by:jewel_9
ID: 1563818
Edited text of question
0
 
LVL 2

Expert Comment

by:ViperOne
ID: 1563819
Just to make sure, did you enable IP forwarding?
0
 

Author Comment

by:jewel_9
ID: 1563820
Yes
0
 
LVL 5

Expert Comment

by:bchew
ID: 1563821
Which address is the address of your 2nd nic and which is the address of the external router?  I am a little confused by your first paragraph.

You may get it to work by having your DHCP assign a second gateway (the second nic card of the server) to your clients.
0
 
LVL 9

Expert Comment

by:schmiegu
ID: 1563822
When you do "route print", is there a line
192.168.4.0   255.255.255.0  192.168.4.1   192.168.4.1   1 ?
If not, add this line, else, check the Internet router's routing table.
0
 

Expert Comment

by:Akanwar
ID: 1563823
Here jewel I find 192.168.4.128 as invalid ip address.It is being treated as subnet address.You give your host address from range 192.168.4.129 to 192.168.4.254.I hope this works.
0
 
LVL 9

Expert Comment

by:schmiegu
ID: 1563824
Akanwar, I see a subnet mask 255.255.255.0 and so the network address is 192.168.4.0 with a valid range from 1 to 254
0
 

Author Comment

by:jewel_9
ID: 1563825
bchew,  Sorry it's confusing.  It's hard to paint a picture with just text.  It looks like this:
1st NIC address 192.168.4.128 mask 255.255.255.0 gateway 192.168.4.254
2nd NIC address 10.0.4.1 mask 255.255.255.0

schmiegu,  The internet router has been working fine for months with clients on the 192.168.4.X subnet, and it's a Cisco router installed by an ISP, so I don't know how to check it's route table anyway.  If I did, what would I be looking for?

I shall try your suggestion in a couple of hours.  But I don't understand why you suggested 192.168.4.1 as that's not a valid gateway anywhere on the system, it's actually a client (in the boss's office) directly connected to the router.

Akanwar,  I know 192.168.4.128 looks invalid as it's a private IP address, but we're all connected in an "intranet" style with a gateway/firewall at the ISPs premises. So it's valid in that sense
0
 

Author Comment

by:jewel_9
ID: 1563826
Tried schmiegu's answer, just got "route: bad gateway address gateway"
0
 
LVL 9

Expert Comment

by:schmiegu
ID: 1563827
Sorry, I've made a mistake: I thought, the NIC was 192.168.4.1, but it is 128. The correct sysntax is:
route -p add 192.168.4.0 mask 255.255.255.0 192.168.4.128

On the router is to check if it knows the way to the net 10.0.4.0 via 192.168.4.128. Maybe, the router is trying to answer the ping to the internet or (since 10.0.0.0 is a private net and routing isn't enabled by default) ignores it.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 1563828
PLease post result of   netstat -rn  from the server.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:jewel_9
ID: 1563829
Below is the result of netstat -r and -n.  This is now on a different subnet so 192.168.4.128 is now 192.168.5.130

c:\>netstat -r
 Network Address          Netmask  Gateway Address        Interface  Metric
          0.0.0.0          0.0.0.0    192.168.5.254    192.168.5.130       1
         10.0.4.0    255.255.255.0         10.0.4.1         10.0.4.1       1
         10.0.4.1  255.255.255.255        127.0.0.1        127.0.0.1       1
   10.255.255.255  255.255.255.255         10.0.4.1         10.0.4.1       1
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1       1
      192.168.5.0    255.255.255.0    192.168.5.130    192.168.5.130       1
    192.168.5.130  255.255.255.255        127.0.0.1        127.0.0.1       1
    192.168.5.255  255.255.255.255    192.168.5.130    192.168.5.130       1
        224.0.0.0        224.0.0.0    192.168.5.130    192.168.5.130       1
        224.0.0.0        224.0.0.0         10.0.4.1         10.0.4.1       1
  255.255.255.255  255.255.255.255         10.0.4.1         10.0.4.1       1

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    server:1025            PC1:nbsession          ESTABLISHED
  TCP    server:1034            SERVER:nbsession       ESTABLISHED
  TCP    server:1026            localhost:1027         ESTABLISHED
  TCP    server:1027            localhost:1026         ESTABLISHED
  TCP    server:1030            SERVER:135             TIME_WAIT
  TCP    server:1036            SERVER:135             TIME_WAIT
  TCP    server:nbsession       SERVER:1034            ESTABLISHED


C:\>netstat -n

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    10.0.4.1:1025          10.0.4.201:139         ESTABLISHED
  TCP    10.0.4.1:1034          192.168.5.130:139      ESTABLISHED
  TCP    127.0.0.1:1026         127.0.0.1:1027         ESTABLISHED
  TCP    127.0.0.1:1027         127.0.0.1:1026         ESTABLISHED
  TCP    192.168.5.130:1030     192.168.5.130:135      TIME_WAIT
  TCP    192.168.5.130:1036     192.168.5.130:135      TIME_WAIT
  TCP    192.168.5.130:139      10.0.4.1:1034          ESTABLISHED

C:\>
0
 

Author Comment

by:jewel_9
ID: 1563830
The following is the tail end of a netstat -rn after I had pinged the only live client.  10.0.4.201

      192.168.5.0    255.255.255.0    192.168.5.130    192.168.5.130       1
    192.168.5.130  255.255.255.255        127.0.0.1        127.0.0.1       1
    192.168.5.255  255.255.255.255    192.168.5.130    192.168.5.130       1
        224.0.0.0        224.0.0.0    192.168.5.130    192.168.5.130       1
        224.0.0.0        224.0.0.0         10.0.4.1         10.0.4.1       1
  255.255.255.255  255.255.255.255         10.0.4.1         10.0.4.1       1

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    10.0.4.1:1025          10.0.4.201:139         ESTABLISHED
  TCP    10.0.4.1:1034          192.168.5.130:139      ESTABLISHED
  TCP    127.0.0.1:1026         127.0.0.1:1027         ESTABLISHED
  TCP    127.0.0.1:1027         127.0.0.1:1026         ESTABLISHED
  TCP    192.168.5.130:1083     207.114.128.129:80     TIME_WAIT
  TCP    192.168.5.130:1084     207.114.128.129:80     TIME_WAIT
  TCP    192.168.5.130:1086     204.71.191.220:80      TIME_WAIT
  TCP    192.168.5.130:1087     207.114.128.129:80     TIME_WAIT
  TCP    192.168.5.130:1088     207.114.128.129:80     TIME_WAIT
  TCP    192.168.5.130:1089     204.71.191.220:80      TIME_WAIT
  TCP    192.168.5.130:1090     204.71.191.243:80      TIME_WAIT
  TCP    192.168.5.130:1091     204.71.191.243:80      TIME_WAIT
  TCP    192.168.5.130:139      10.0.4.1:1034          ESTABLISHED

C:\>
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 1563831
Looks ok.
What did
  tracert 192.168.5.254
on the client report?
0
 

Expert Comment

by:test98
ID: 1563832
I thought it is not possible to use RIP together with dhcp. I tried this once and I got a system-message that RIP only works if both NIC use static IP-addresses.

0
 

Expert Comment

by:geewhiz100798
ID: 1563833
I have done this with a modem, it is not very different, but there are a few things.  First of all the addresses 10.0.x.x is NOT routed thru the Cisco router, it HAS to be before this will work.  The IPs are coming from your clients to the router server and when they are sent to the Router the router has no route for them, they are not valid internet IPs (They are reserved for LANs)  There is a program called Sygate (www.sygate.com) that will work to do what you are trying to do, NT itself won't do it.  What you are trying to do requires a proxy server, or a firewall in order to do and it is not built in to Windows NT.  I know this because I have tried all of this and found out the hard way.  If you wish to get more information please e-mail me at jeremyh@austinmn.com I would be happy to help you out and get you going.
0
 

Author Comment

by:jewel_9
ID: 1563834
The following were done on a Windows 98 client with IP address
10.0.4.201 gateway 10.0.4.1 (1st NIC in NT Server)
************* Ping and Tracert to Internet router **************

C:\WINDOWS>tracert 192.168.5.254
Tracing route to 192.168.5.254 over a maximum of 30 hops

  1   <10 ms     1 ms   <10 ms  SERVER [10.0.5.1]
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8
C:\WINDOWS>ping 192.168.254

Pinging 192.168.0.254 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.0.254:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum =  0ms, Average =  0ms

*********** ping and tracert to NT's 2nd NiC ****************

C:\WINDOWS>ping    192.168.5.130

Pinging 192.168.5.130 with 32 bytes of data:

Reply from 192.168.5.130: bytes=32 time=1ms TTL=128
Reply from 192.168.5.130: bytes=32 time<10ms TTL=128
Reply from 192.168.5.130: bytes=32 time<10ms TTL=128
Reply from 192.168.5.130: bytes=32 time<10ms TTL=128

Ping statistics for 192.168.5.130:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum =  1ms, Average =  0ms

C:\WINDOWS>tracert 192.168.5.130

Tracing route to SERVER [192.168.5.130]
over a maximum of 30 hops:

  1     1 ms   <10 ms   <10 ms  SERVER [192.168.5.130]

Trace complete.
0
 
LVL 9

Expert Comment

by:schmiegu
ID: 1563835
As i told you before, there is no way known back to the 10.0.4.0 subnet from 192.168.4.0. Every request for this subnet is sent to the router an it doesn't know the way via 192.168.4.128. So it sends all requests to the internet.
Change back the address of the server's NIC. Change the default gateway on the 192..... subnet to the address of the server (except for the server itself). Then add two static routes:
route -p add 10.0.4.0 mask 255.255.255.0 10.0.4.1
route -p add 192.168.5.0 mask 255.255.255.0 192.168.5.130
you might also add
route -p add 0.0.0.0 mask 0.0.0.0 192.168.5.254
so you are sure, that requests for your local subnets are routed via your server and requests for the internet are sent to the router.
I see you are making things more complicate as necessary by adding a third subnet (or did you change all clients?).
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 1563836
tracert tells you that the problem is either the server (with 2 NICs) or the destination address.
First check the server as schmiegu suggested, then try tracert again.
0
 

Accepted Solution

by:
geewhiz100798 earned 200 total points
ID: 1563837
I will try to explain this a little more indepth.  I have been routing networks on the internet for over 1 year, I will try to be as basic as possible.

Given your results of a traceroute, it further proves my point.  When a packet leaves one of your client machines with an IP of 10.0.4.201 it hits the NT server, which has an IP of 10.0.4.1, the NT server routes that packet to the second NIC, 192.168.0.254, the second nic sends the packet to the router, but a packet with an address of 10.0.x.x isn't routed over the internet, it is reserved for private LANs.  Thus the packet goes no where.  You CAN ping the NT's second NIC because the NT is routing your request, the Cisco IS NOT.  The ONLY way to do this is with a Proxy server.  The Proxy server will recieve your request from the 10.0.4.x subnet and then send out a request FROM it's INTERNET IP out, when it gets a response back it will send that response back to the 10.0.4.x machine that originated it.  

NT Routing is JUST routing, just acts like a router, it won't attatch it's own IP address to the packet unless there is a proxy server doing that.

You are really making this harder than it is.  There is also a registry entry that needs to be changed in order for NT to route correctly, it is a little known bug in IP Forwarding.  

Make sure that IP Forwarding is turned ON, and then go into your registry and do this:

    By default, the header of each packet sent by the NT server computer over the Internet link uses the IP address of
    the NT Server computer as the source. Since the packets that come from LAN clients are not originating from the
    NT Server computer, you must set DisableOtherSrcPackets to 0 so that the packets will be forwarded over
    the Internet link.
    \HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RasArp\Parameters
    DisableOtherSrcPackets                     REG_DWORD          Range: 0-1
    Default: 1 (not in Registry)

You MUST Add this entry to the registry, and set it to 0, it defaults to 1 so it will not be there you will need to add it.  Once you do this you will be able to ping the router, but your requests will still be lost once on the internet, they will follow a loop around all the routers default routes.

Please let me know how you are doing on this, it is interesting to see everyone's answers to this problem. :)
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 1563838
Very good info about IP-Forwarding, thanks geewhiz.
jewel_9, are we talking about connections to the internet, or is just an intranet problem as your RFC IP addresses suggest?
If you want to reach hosts via nets routed through the internet,
you can't without a proxy if you're using RFC addresses (as geewhiz explained).
0
 

Author Comment

by:jewel_9
ID: 1563839
Thanks geewhiz, I've now got a lot clearer insight into IP routing and proxies etc.  I installed Netscape proxy server, pointed the clients there - and magic, it worked.  It really was quite simple in the end, as you say.  I didn't have to add static routes or anything.  I still can't ping the router, as I'm fairly new to NT, I'll leave registry hacking until a little later.  But I'm sure it'll work.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now