Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Routing between network segments through Netware 6 IPXTUNNEL and Linksys Router... Is it possible?

Posted on 2004-09-24
17
Medium Priority
?
881 Views
Last Modified: 2010-08-05
Here is my setup I'm running a Cable Modem for Internet Access and I have it connected to a Hub that splits the signal to 2 computers that get their Public DHCP address from the Cablemodem's DHCP Server. Both computers are also connected to a Netware server via  IPX over the same network card.

The Linksys Wireless Router is assigned a non routable static ip address of 192.168.1.1 and assigns 192.168.1.X addresses to another computer and any Wireless connections via DHCP but it's WAN side is connected to the Cablemodem via the aforementioned Hub and get's it's Public address through the Cable Modem DHCP.

The Netware 6 Server has 2 Network cards. The first is configured using TCP/IP and connected to the internal Network and assigned a static address of 192.168.1.2, it's obviously connected to the Linksys Router LAN side. The other network card is configured for IPX and is connected to the same HUB that the computers receiving a Public IP address from the Cablemodem are.

I want to be able to network via IP to the computers on the 192.168.1.x side of the Linksys Router from the computers connected to the IPX side of the Netware Server that have DHCP public IP addresses from the cablemodem. I think I can do this by tunneling IP packets through IPX but I don't know if the Linksys router is compatible with that. I've tried to setup static routes and play with IPtunnel but I'm not sure if I'm doing it right. Any help would be appreciated. I'm able to see the other computers in the network because I've configured IPX for Windows Networking. All of the computers are running Windows XP SP2 with the exception of the Netware 6 server. I need to use the IP protocol for some specific network applictions that don't support IPX.

Thanks in advance,

Clint Swiney

0
Comment
Question by:ClintSwiney
  • 7
  • 5
  • 2
  • +2
17 Comments
 
LVL 34

Expert Comment

by:PsiCop
ID: 12148501
Geez. If the NetWare v6 server is hooked to the same hub that the Linksys is hooked to, why are you trying to use IPX? Just use IP.

There was, many moons ago, a product called NetWare/IP (NWIP) that tunneled IPX thru IP for NetWare v4 environments. It was garbage and it died a well-deserved death when NetWare v5.0 came out. I doubt if it'd work on NetWare v6, even if you could locate a copy.

I don't think the Linksys is a limiting factor.
0
 
LVL 7

Author Comment

by:ClintSwiney
ID: 12150473
I know it's a weird situation. I only have 4 DHCP addresses from the cablemodem. 1 Is for the Server, 2 for the Workstations, and 1 for the Linksys Router. The other computer is connected to the Linksys and has a private IP, It connects to the Private IP side of the Netware Server. The other ones connect to the Public IP side using IPX because using the IP on that side violates my Service agreement and I've gotten nastygrams grom Comcast about that when I had it working that way. So I cant really use IP the way I want because of all these darn dynamic IP port apps it makes it darn near impossible to set up a puny linksys router to work with multiple pcs running Webcam chat software etc.....

The netware 6 has a setting in the IPX setip in inetcfg for the IPX protocol setup that says tunnel IPX through IP.

http://support.novell.com/cgi-bin/search/searchtid.cgi?/10014154.htm

I may have answered my own question with that FAQ from Novell....

It seems like I'd have to tell the Linksys to allow traffic to pass through itself from the IPX side but If I assign an IP address to iptunnel it should route I think....


We'll see... Anyone else have any suggestions?

Clint
0
 
LVL 30

Expert Comment

by:pgm554
ID: 12150647
Dude,all you need to do is add a hub or switch and route out through the 2nd network card.

Check out this Novell Cool solutions article.It's for SBS 5,but it will work with 6 using inetcfg.
Option C is what I would recommend.

www.novell.com/coolsolutions/smallbiz/features/a_dsl_configuration_sb_html.html
0
How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

 
LVL 7

Author Comment

by:ClintSwiney
ID: 12150952
Well that's all well and good but I want to continue to use my Public IP's assigned to 2 computers so I can have unrestricted by a router access to all my ports. Like I said I only have 4 IP's available. They are all used up and I have an extra machine I want to connect to via IP but is on the other side of the network using not routable IP. My Netware Server is the only link between them but my prediciment is how to see the other PC using IP instead of IPS with my main PC running IP with a Public IP address and the other using a Private IP Address. I know it'll work somehow because I can ping either machine from the server but not from the workstations.


Clint
0
 
LVL 7

Author Comment

by:ClintSwiney
ID: 12150991
It appears that the IP tunnel driver in NW6 is really only for communicating with other Servers running IPtunnel and/or IPrelay. It does not allow packets to pass through from the workstations connected to the IPX side of the network. Bummer..... This may be an impossible configuration. I may have to get a better router that siupports more than one IP address. Then Configure it for one to one NAT to the machines I want to have a public IP. But I Know there's a way to do it with what I already have... Any additional suggestions would be great.....


Clint
0
 
LVL 30

Assisted Solution

by:pgm554
pgm554 earned 150 total points
ID: 12151330
Try BorderManager ,it has an IPX/IP gateway feature.

support.novell.com/cgi-bin/search/searchtid.cgi?/10012947.htm
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 12151938
If this is NW6 SBS, then it includes BorderManager, which is, actually, a pretty good firewall in its own right.

It is considered unwise to expose your network to the public the way you say you want to.  The only reason I can see for having workstations with public IP addresses is if you want to do peer-to-peer file sharing, and don't care if you get a few backdoor trojans planted on you.  Workstation-based personal firewalls are not a remedy for being more secure at the edge.  If you want to have workstations exposed to the internet, then they should be firewalled at the point where they connect to the rest of the network (put in a DMZ so to speak) and BorderManager is an excellent way to do that.

Use one of the public IP's for BorderManager's public side, and have a second NIC in the NetWare server to for the private side.  Let BorderManager keep bad stuff from getting at the inside while allowing the DMZ-ed workstations filtered access to the private network.
0
 
LVL 7

Author Comment

by:ClintSwiney
ID: 12151939
I may need to shed a little light on the subject. I've created a network diagram that may help.

http://clint.swiney.com/images/My-Network.jpg

I want to be able to see/ping the network PC on the linksys side from the PC on the public IP side connected to the server via IPX.

Installing a second NIC in the PC on the Public side and connecting it to the Private side may solve the problem. But I'd rather route it if possible, mostly for the experience fun of being able to do it.

Wha'da ya think 'bout that?

Clint
0
 
LVL 7

Author Comment

by:ClintSwiney
ID: 12151960
I realize the issues involved with exposing my computers on the net. I'm running Windows XP Firewall and Symantec Antivirus Corporate Edition 9. I've not gotten any trojans using this setup and I've been using it like this for years. I know about the security problems with MS stuff but I've not been affected. I closely monitor my systems and keep them updated. I'd rather not get into a security argument here I'd really like to see if there is any way to route the ip traffic through ipx at the workstation level so they can see each other, like I stated previously mostly for the experience and fun of being able to do it. It may just be impossible. But that's what I'm trying to find out.


Clint
0
 
LVL 35

Accepted Solution

by:
ShineOn earned 450 total points
ID: 12152033
IPTUNNEL is for VPN.  So is IPXTUNNEL.  It isn't the same thing as the old NWIP that allowed IPX to ride along with IP kinda-sorta.  It's not going to work unless you set up BorderManager VPN.

I say, forget about IPX.  Set up a route between the public side and private side on the NetWare box.  NetWare has very good routing capabilities.

The only way to do exactly what you're talking about is with a gateway.  IP is one network protocol, IPX is another.  You can't route IP traffic through IPX without doing a gateway, any more than you can route SNA through IP. You have to gate it, translate the packets from one protocol to the other.

On the personal firewall thing, I recommend you get a commercial one rather than using the one that comes with XP.  Not an argument, just a comment... :-)
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 12152050
If that kind of route doesn't fare well with Comcast, then NAT them - let them take on the public IP of the NetWare box.
0
 
LVL 7

Author Comment

by:ClintSwiney
ID: 12152116
That's great.... Ummm how would I go about setting up a route between the public and private side on the Netware box? Both sides are on IP networks it's just one is on public and one private. The Netware box is connected to both... How would I accomplish this? I've already tried to set up a static route on the Netware server but I think I may be doing it wrong. Can you give me some pointers? If so it will accomplish what I'm trying to do which is see the other side of the network using IP. I was barking up the wrong tree trying to use iptunnel to do it I think I'm going to stop beating that dead horse. I really like the idea of trying to set up a route and like I said I've tried that, but it did not work.

Now I have a static route setup on the server using inetcfg with these paramaters:

Route Type: Network
IP Address of Network/Host: 192.168.1.0
SN M: 255.255.255.0
Next Hop: 192.168.1.1
Metric: 1
Type: Passive

But this seems redundant because the server already knows about this network since it's connected to it.

HELP!




0
 
LVL 35

Expert Comment

by:ShineOn
ID: 12153095
You want to set up a route to the other network too.  You want the private side to be able to find the public side.


It isn't redundant, because although the server knows about both networks, you are establishing a route through the server between the networks.  It doesn't automatically route  anything; in fact, it automatically does not route anything.
0
 
LVL 10

Assisted Solution

by:DSPoole
DSPoole earned 150 total points
ID: 12163522
1)  not only set up NAT as suggested above to use unlimited private IP's against a couple public IP's
-but also-
2)  set up internal DHCP against your private IP range for the workstations.  Keep your router and NetWare box out of the DHCP range - assign them static private IP addresses on the same subnet.

0
 
LVL 7

Author Comment

by:ClintSwiney
ID: 12174667
I split the points between the most relavent answers. I still have not gotten it to work. I think the best option is to get a real firewall/router that supports a good SPI firewall, Multiple IPs and One to One NAT. That way all the computers including the server can be behind a firewall.


Clint
0
 
LVL 10

Expert Comment

by:DSPoole
ID: 12174955
Clint - you don't need One to One NAT with the workstations - you can have ONE Public IP address that is NAT'd to SEVERAL workstations.  Heck, I've got ONE Public IP address being used simulataneously by HUNDREDS of workstations.  It's called Dynamic NAT.

You only need to NAT servers to the Internet with a Public IP address if you need to access services on those servers from outside the firewall.  Mail and web servers would need an IP address on the 'Net but a basic file/print server would not.

Also, many routers can do PAT (Port Forwarding) which would allow multiple servers behind the firewall to share a single Public IP address as long as their TCP/UDP ports were different, ie:  HTTP (80) and HTTPS (443) could be directed to ONE internal IP address for a web server and on the SAME Public IP address, POP3 (110) and SMTP (25) could be redirected to a different internal IP address for the mail server while DNS (53) could be redirected to yet another private IP address for a Name Server - and all three can be using the SAME Public IP address.

0
 
LVL 35

Expert Comment

by:ShineOn
ID: 12176095
Once you have the routes established through the server, you have to point to the server's private IP address as the default route for the private-side PC's, or they won't see anything on the other side.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know there are services out there that can turn an Instagram feed into an RSS feed? I found some interesting exclusive Instagram content which I wanted to follow without signing up for yet another social media account. RSS to the rescue!
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question