Solved

Access Blackholed Network from live IP on the same physical network structure

Posted on 2004-08-17
9
342 Views
Last Modified: 2010-03-18
I might be trying to do something that I can’t, but here goes.

My workstation normally has a black hole IP and everything is happy; however now I need a live IP.  I know the best way to do this would be to dual home my workstation, but my boss doesn’t want me to add 'stuff' to my workstation unless I /have/ to.

Here’s the network break down:

Internet comes in from our wireless T1 with the following information:
IP’s:              xxx.144.209.242 – 254
Gateway:              xxx.144.209.241
Subnet Mask:    255.255.255.240

From there it goes to a 5 port switch.
      One port goes to our 3Com Router / Firewall / DHCP Server
      All other ports go outside servers – WWW / FTP / POP3 / etc.

The 3Com router feeds all the workstations in the office by other hubs and switches.

I have simply switched my wall line at the patch panel to hook my workstation to a switch connected to the outside instead of being hooked up to a switch on the inside black holed network.

Now what I need to do is use of the live IP; but still have access to everything on the 192.168.10.xxx network.

I have full access to the entire domain, but I’m hoping to be able to do this with only having to use my engineering server (Dual Homed) and have that bridge (if that’s even the correct term I mean route, not sure) my network connection so that if I need something on the black hole it takes my request and "routes" it onto its 192.168.10.127 connection to the private network; or if I need something on the internet it just routes my connection to the T1 like a hub or switch.  Any sort of IP forwarding would most likely be a pain, as I have to have a few large ranges of ports that need live access, and they change every now and then.

Any extra information needed?  Don’t hesitate to ask.
If you need a quick network map or other diagram I can put one up and give a URL to our server with the image.

~Derek Brunt
Project Engineer / IT IIS Manager
Brunt Associates
0
Comment
Question by:Evil_RSA
  • 2
  • 2
  • 2
  • +2
9 Comments
 
LVL 11

Expert Comment

by:NetoMeter Screencasts
ID: 11824397
Hi!
Does this look like a diagram of your network configuration:

                                 5-Port switch                                         Internal Switch
                                   |  |  |  |  |                                              |  |  |  |   |
Internet -------------------      |  |    ----- 3Com Router----------------          |   |
                                          |  |                                                            |   |
                                          |    --------------------------Workstation--------     |
                                           ------------------------------EngineeringServer ----            

Netometer
<<link removed>>
                                                                                                                                                                                                                               
0
 

Author Comment

by:Evil_RSA
ID: 11824530
Pretty close:


                                 5-Port switch                                                     Internal Switches & hubs  
                                   |  |  |  |  |                                                        |  |      |
Internet -------------------      |  |    ----- 3Com Router------------------------   |      |  
                                          |  |                                                               |      |  
                                          |    ----My WorkStation                                   |      |
                                           -----------------------EngineeringServer ----------       ------>   All other blackhole systems


Also, if needed the engineering server has an extra nic (total of 3) that isn't being used for anything.  If routing or something would be easier if I was hooked up to that, that is an option.

~Derek Brunt
Project Engineer / IT IIS Manager
Brunt Associates
0
 
LVL 11

Accepted Solution

by:
NetoMeter Screencasts earned 375 total points
ID: 11824943
Here is what I am thinking about:


                                 5-Port switch                                                     Internal Switches & hubs  
                                   |  |  |  |  |                                                        |  |      |
Internet -------------------      |       ----- 3Com Router------------------------   |      |  
                                          |                                                                  |      |  
                                          |                        Nic1                         Nic2
                                           -----------------------EngineeringServer ----------       ------>   All other blackhole systems
                                                                                   |Nic3
                                                                                     ----My WorkStation

You can configure NAT on the Engineering Server. Nic1 should be the Public Interface in the NAT configuration. Nic3 - the private interface. You should not include Nic2 interface in the NAT configuration. You have to enable RRAS (Routing and remote Access server if it is not already enabled and if NAT protocol is not present under IP Routing Right Click General, choose new routing protocol and select NAT. After that you have to right click NAT and add interface - Nic1 and NIC3 )

Good Luck!

NetoMeter
<<link removed>>


PS:1. Still I think it poses a security risk to have a Server short connect the outside and inside interfaces of your firewall. Usually I need an external not filtered Public IP when I have to create a VPN connection or use blocked ports onth firewall. I have two cards on my desktop - external and internal and I never have them both enabled.
      2. In the suggested configuration above you are not going to change the security settings of your server. When you need to connect to the internal network RRAS is going to route to it through Nic2. When you need to access internet RRAS is going to NAT to the Public IP of the RRAS server (Nic1).
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Author Comment

by:Evil_RSA
ID: 11825145
Isn't using NAT going to take me off my live IP and want to put me on a 192.168 IP?

For incoming connections - Would they still be able to directly connect to the IP on my system or would I need to use the IP of the server on NIC 1?

~Derek Brunt
Project Engineer / IT IIS Manager
Brunt Associates

P.S.  On a quick side note, I know this is nowhere near how systems should be done in practice, but for a band-aid fix, untill we get another two servers, this is going to have to work.  This is just another reason I didn't want to release my full IP address to this sad network
0
 
LVL 18

Expert Comment

by:crissand
ID: 11828550
Why don't you use the router as the first equipment connected to the Internet? The Engineering server must have a public address?
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11829115
Agreed.  Just setup NAT on your router, so that everything behind it is hidden by something in the xxx.144.209.242 – 254 range.
I don't understand what you mean by blackholing in this sense - this is upstream router terminology and has no place on a local LAN ??

~Tim Holman
Astronaut
National Aeronautics and Space Administration
0
 
LVL 11

Expert Comment

by:kabaam
ID: 11829601
Tim,
How's the weather on the moon?  :-)
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11831078
Well actually, the moon doesn't have a weather system as its gravity is too light to hold down an atmosphere, but I'm sure you already knew that ?  ;)
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Routing between two networks? 10 56
internet access from windows servers 4 71
What are the Scan to network folder ports? 7 85
How To Allow IIS 10 Anonymous Permissions 3 44
FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question