Solved

Access Blackholed Network from live IP on the same physical network structure

Posted on 2004-08-17
9
350 Views
Last Modified: 2010-03-18
I might be trying to do something that I can’t, but here goes.

My workstation normally has a black hole IP and everything is happy; however now I need a live IP.  I know the best way to do this would be to dual home my workstation, but my boss doesn’t want me to add 'stuff' to my workstation unless I /have/ to.

Here’s the network break down:

Internet comes in from our wireless T1 with the following information:
IP’s:              xxx.144.209.242 – 254
Gateway:              xxx.144.209.241
Subnet Mask:    255.255.255.240

From there it goes to a 5 port switch.
      One port goes to our 3Com Router / Firewall / DHCP Server
      All other ports go outside servers – WWW / FTP / POP3 / etc.

The 3Com router feeds all the workstations in the office by other hubs and switches.

I have simply switched my wall line at the patch panel to hook my workstation to a switch connected to the outside instead of being hooked up to a switch on the inside black holed network.

Now what I need to do is use of the live IP; but still have access to everything on the 192.168.10.xxx network.

I have full access to the entire domain, but I’m hoping to be able to do this with only having to use my engineering server (Dual Homed) and have that bridge (if that’s even the correct term I mean route, not sure) my network connection so that if I need something on the black hole it takes my request and "routes" it onto its 192.168.10.127 connection to the private network; or if I need something on the internet it just routes my connection to the T1 like a hub or switch.  Any sort of IP forwarding would most likely be a pain, as I have to have a few large ranges of ports that need live access, and they change every now and then.

Any extra information needed?  Don’t hesitate to ask.
If you need a quick network map or other diagram I can put one up and give a URL to our server with the image.

~Derek Brunt
Project Engineer / IT IIS Manager
Brunt Associates
0
Comment
Question by:Evil_RSA
  • 2
  • 2
  • 2
  • +2
9 Comments
 
LVL 11

Expert Comment

by:NetoMeter Screencasts
ID: 11824397
Hi!
Does this look like a diagram of your network configuration:

                                 5-Port switch                                         Internal Switch
                                   |  |  |  |  |                                              |  |  |  |   |
Internet -------------------      |  |    ----- 3Com Router----------------          |   |
                                          |  |                                                            |   |
                                          |    --------------------------Workstation--------     |
                                           ------------------------------EngineeringServer ----            

Netometer
<<link removed>>
                                                                                                                                                                                                                               
0
 

Author Comment

by:Evil_RSA
ID: 11824530
Pretty close:


                                 5-Port switch                                                     Internal Switches & hubs  
                                   |  |  |  |  |                                                        |  |      |
Internet -------------------      |  |    ----- 3Com Router------------------------   |      |  
                                          |  |                                                               |      |  
                                          |    ----My WorkStation                                   |      |
                                           -----------------------EngineeringServer ----------       ------>   All other blackhole systems


Also, if needed the engineering server has an extra nic (total of 3) that isn't being used for anything.  If routing or something would be easier if I was hooked up to that, that is an option.

~Derek Brunt
Project Engineer / IT IIS Manager
Brunt Associates
0
 
LVL 11

Accepted Solution

by:
NetoMeter Screencasts earned 375 total points
ID: 11824943
Here is what I am thinking about:


                                 5-Port switch                                                     Internal Switches & hubs  
                                   |  |  |  |  |                                                        |  |      |
Internet -------------------      |       ----- 3Com Router------------------------   |      |  
                                          |                                                                  |      |  
                                          |                        Nic1                         Nic2
                                           -----------------------EngineeringServer ----------       ------>   All other blackhole systems
                                                                                   |Nic3
                                                                                     ----My WorkStation

You can configure NAT on the Engineering Server. Nic1 should be the Public Interface in the NAT configuration. Nic3 - the private interface. You should not include Nic2 interface in the NAT configuration. You have to enable RRAS (Routing and remote Access server if it is not already enabled and if NAT protocol is not present under IP Routing Right Click General, choose new routing protocol and select NAT. After that you have to right click NAT and add interface - Nic1 and NIC3 )

Good Luck!

NetoMeter
<<link removed>>


PS:1. Still I think it poses a security risk to have a Server short connect the outside and inside interfaces of your firewall. Usually I need an external not filtered Public IP when I have to create a VPN connection or use blocked ports onth firewall. I have two cards on my desktop - external and internal and I never have them both enabled.
      2. In the suggested configuration above you are not going to change the security settings of your server. When you need to connect to the internal network RRAS is going to route to it through Nic2. When you need to access internet RRAS is going to NAT to the Public IP of the RRAS server (Nic1).
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Evil_RSA
ID: 11825145
Isn't using NAT going to take me off my live IP and want to put me on a 192.168 IP?

For incoming connections - Would they still be able to directly connect to the IP on my system or would I need to use the IP of the server on NIC 1?

~Derek Brunt
Project Engineer / IT IIS Manager
Brunt Associates

P.S.  On a quick side note, I know this is nowhere near how systems should be done in practice, but for a band-aid fix, untill we get another two servers, this is going to have to work.  This is just another reason I didn't want to release my full IP address to this sad network
0
 
LVL 18

Expert Comment

by:crissand
ID: 11828550
Why don't you use the router as the first equipment connected to the Internet? The Engineering server must have a public address?
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11829115
Agreed.  Just setup NAT on your router, so that everything behind it is hidden by something in the xxx.144.209.242 – 254 range.
I don't understand what you mean by blackholing in this sense - this is upstream router terminology and has no place on a local LAN ??

~Tim Holman
Astronaut
National Aeronautics and Space Administration
0
 
LVL 11

Expert Comment

by:kabaam
ID: 11829601
Tim,
How's the weather on the moon?  :-)
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11831078
Well actually, the moon doesn't have a weather system as its gravity is too light to hold down an atmosphere, but I'm sure you already knew that ?  ;)
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question