Network setup questions.

Posted on 2004-11-06
Last Modified: 2010-04-10
I was recently given a a solution to a previous problem with this diagram. I like the way its set up but had a question or 2 about how to perfrom some of the ideas.

Why not do something like this instead:

                                     router(no DHCP, yes NAT)
                                         |                     |
                      WIndows 2003 Server     2nd router (DHCP, no NAT)
                                     |                         |
                          real office network        ( network for when we bring pcs in to service)

Statically configure the Win2k3 server's IP address and the 2nd router's outside interface to be in router 1's inside interface IP range.

Configure router 2 to perform routing, but not NAT.  Have router 2 give out IP's to the computers in the "service" zone.

Configure Win2k3 server to route, provide DHCP, DNS, but not provide NAT.

So, if you get an end-user computer all crudded up with viruses, worms and such... you only have to worry about protecting your server, and not the other computers on the network.

On Router 1, set it up for
Set up router 2 as on the outside and with subnet mask of on the inside.  Set up the routing function to send all unknown traffic to

Set up Win2k3 Server as on the outside and on the inside.  Set up the default route to be

Router 2 serves DHCP to the client computers.

Win2k3 server serves DHCP, DNS to the corporate computers.

Do not route between the client (dirty) network and the corporate network.  That keeps the viruses from "finding" the win2k3 server and corporate network.

How do you set up NAT though a router, and can it be done with a simple linksys?

How do you "Set up router 2 as on the outside and with subnet mask of on the inside.  Set up the routing function to send all unknown traffic to"?

Question by:pcmagic2004
    LVL 4

    Expert Comment

    I am curious about your solution.  It works if you have extra equipment you are trying to use, however it could be simplified with a router that has at least two ethernet interfaces and a switch that supports VLAN's.  In other words, place one ethernet port in one VLAN and the other ethernet port in another VLAN.  VLAN-1 would support corporate traffic and VLAN-2 would support service traffic.  DHCP can be configured on the router just for that particular subnet/VLAN and you could access-list to permit/deny traffic you desire.  You can setup multiple route/default routes to select which network can go where.  This would eliminate alot of the complexity and not invite multiple points of failure into the network.  Equipment that support this type of configuration are (Cisco 1605, Cisco 1721, Cisco 2621 and higher).  

    To answer your question about the linksys, you connect to it via a web browser and select the advanced tab and fill in the information.  Identify what your local network is and what it should be translated to to access the Internet.

    Your thoughts
    LVL 1

    Author Comment

    I am sorta new to setups like this and from my last post this was the most logical.  I am not familiar with Cisco but would like to learn. For my own knowledge thoug, you are telling me a cisco router can be split up to run 2 separate networks?
    LVL 8

    Expert Comment

    >>...can it be done with a simple linksys?
    yes, NAT is a standard for (i think) all the dsl-routers

    >>"Set up router 2 as on the outside "
    You'll have to have the normal ethernet-protocol configured at the outside port of the router - no dsl or PPPoE or whatelse... then configure TCP/IP to the given adress

    >>Set up the routing function to send all unknown traffic to
    that means: default gateway for the router 2 has to be that IP - as it is the LAN ip of router 1
    LVL 2

    Accepted Solution

    Yeah, you can do it all with some more expensive Cisco equipment.  Yes, that would be the more elegant way to do it, but you'd have to buy some "real" networking equipment.  A Cisco router with 3 Ethernet Interfaces would do this wonderfully... but then you'd have to have spend some time learning about how to set up the router.  For the two Linksys boxes, you're talking about spending $100 or so total.  A Cisco 1605 Router's street price is $600-700, although you might be able to pick up a used or refurb for cheaper.

    My impression from the previous posting was that you wanted to do this quickly and easily... and with readily available/consumer components, and that your skill level, while it is getting better, isn't up for all that. That's why I suggested the 2-consumer-router design.

    (note: Linksys changes code frequently.  My comments are based on firmware that I have on my router, yours may be slightly different)

    Log on to the Router by opening a connecting a computer to it, set your computer to use DHCP, then open a web page to (that's the default out-of-the-box IP of the Linksys).  There's a way to "factory default" the linksys in case you really screw it up... just power it on with the reset button held in for 15 seconds.

    >How do you set up NAT though a router, and can it be done with a simple linksys?

    Yes, it is "on" by default.  You can turn it "on" or "off" on the Linksys management control webpage on the Setup | Advanced Routing page

    >How do you "Set up router 2 as on the outside and with
    >subnet mask of on the inside.  Set up the routing function to send all unknown
    >traffic to"?

    Static routing is set on the Setup | Advanced Routing page as well.  Set the destination for IP and subnet mask to go to the "next hop".  In the case of this setup, it would be for

    You can set the IP address of the router manually, on the Setup | Basic Setup page.

    -- Nick

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
    Let’s list some of the technologies that enable smooth teleworking. 
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now