Networking Gurus: ip addressing help
Please disregard the newbie question, but.......
The sequence below is:- ip, subnet mask, default gateway.
Switch (DHCP OFF): 192.168.2.1 / 255.255.0.0 / 0.0.0.0
Server 1 - 192.168.2.150 / 255.255.0.0 / 192.168.2.1
Server 2 - 192.168.2.151 / 255.255.0.0 / 192.168.2.1
Server 3 - 192.168.2.152 / 255.255.0.0 / 192.168.2.1
Users (DHCP Scope - 192.168.3.2 - 192.168.3.254) - different subnet
User 1 - 192.168.3.2 / 255.255.0.0 / 192.168.2.1
User 2 - 192.168.3.3 / 255.255.0.0 / 192.168.2.1
User 3 - 192.168.3.4 / 255.255.0.0 / 192.168.2.1
Firewall (DHCP OFF): 192.168.111.1 / 255.255.255.0
Users and servers can see each other via the switch.
DHCP is turned off on the switch and the Firewall, as Server 1 is hosting the DHCP service that gives the scope to the users. Servers are obviously statically assigned.
Question: How to get users and servers alike, to access the internet via the firewall.
If I connect a user up directly to te firewall using its LAN ports and using the ip address of the Firewall as the default gateway as the client, it works np, obviosly. Help me get my head around this one please.
been seeing subnets and numbers whole day.
The sequence below is:- ip, subnet mask, default gateway.
Switch (DHCP OFF): 192.168.2.1 / 255.255.0.0 / 0.0.0.0
Server 1 - 192.168.2.150 / 255.255.0.0 / 192.168.2.1
Server 2 - 192.168.2.151 / 255.255.0.0 / 192.168.2.1
Server 3 - 192.168.2.152 / 255.255.0.0 / 192.168.2.1
Users (DHCP Scope - 192.168.3.2 - 192.168.3.254) - different subnet
User 1 - 192.168.3.2 / 255.255.0.0 / 192.168.2.1
User 2 - 192.168.3.3 / 255.255.0.0 / 192.168.2.1
User 3 - 192.168.3.4 / 255.255.0.0 / 192.168.2.1
Firewall (DHCP OFF): 192.168.111.1 / 255.255.255.0
Users and servers can see each other via the switch.
DHCP is turned off on the switch and the Firewall, as Server 1 is hosting the DHCP service that gives the scope to the users. Servers are obviously statically assigned.
Question: How to get users and servers alike, to access the internet via the firewall.
If I connect a user up directly to te firewall using its LAN ports and using the ip address of the Firewall as the default gateway as the client, it works np, obviosly. Help me get my head around this one please.
been seeing subnets and numbers whole day.
ASKER
This is what I thought as it would only make sense (But was told otherwise). That is, if looking at it from a NAT setup perspective. Basically, the way i look at it is that the Firewall would be the NAT server as it has an external and an internal IP. It does the translation and routing, so in essence, the servers have to point to that. So I was correct in thinking this way then?
With a NAT server running, you have all servers and users point to this machine as the default gateway. So with the firewall thrown in the mix, same applies?
>> They will also need the DNS setting configured to point to your DNS server.
Server 1 (Domain Controller) - DHCP, DNS, AD
I have set this server's ip (192.168.2.150) to be the only ip address that will server DNS requests and also configured forwarders pointing to 2 external DNS addresses of my ISP.
This is a windows environment.
With a NAT server running, you have all servers and users point to this machine as the default gateway. So with the firewall thrown in the mix, same applies?
>> They will also need the DNS setting configured to point to your DNS server.
Server 1 (Domain Controller) - DHCP, DNS, AD
I have set this server's ip (192.168.2.150) to be the only ip address that will server DNS requests and also configured forwarders pointing to 2 external DNS addresses of my ISP.
This is a windows environment.
ASKER
so does anything point to the switch's ip and use it as it's default gateway? or is it there to route and direct traffic.
Why is the firewall subnetted as class C when the other subnets are class B?
ASKER
oops typo
255.255.255.0
255.255.255.0
As long as your users and servers can ping the firewall's internal IP, you should use this as the default gateway. The DNS server should also use the firewall as the default gateway.
First, on the DNS server, make sure that the default gateway is set to the firewall's internal IP addres, and then try to ping an IP address on the Internet (eg. 64.233.167.99, Google). This will confirm that routing is set up properly.
Then try to ping a host on the Internet by it's DNS name, eg. google.com.
Then try pinging an IP from one of your users PCs, and then by it's DNS name.
Post your results back here.
Cheers,
Daniel
First, on the DNS server, make sure that the default gateway is set to the firewall's internal IP addres, and then try to ping an IP address on the Internet (eg. 64.233.167.99, Google). This will confirm that routing is set up properly.
Then try to ping a host on the Internet by it's DNS name, eg. google.com.
Then try pinging an IP from one of your users PCs, and then by it's DNS name.
Post your results back here.
Cheers,
Daniel
ASKER
Yes, I have done this already and this works fine. It also works fine as well with reverse lookup for internal resolutions.
>>First, on the DNS server, make sure that the default gateway is set to the firewall's internal IP addres, >>and then try to ping an IP address on the Internet (eg. 64.233.167.99, Google). This will confirm that >>routing is set up properly.
Yes, when all servers and users use the ip address of the internal interface of the firewall, it works fine.
But, in reference to what I asked originally. If I wanted to set it up differently by having all servers, users, additional switches etc to use the ip address of the "main switch" i then have to setup a static route from the switch to the router. Correct? I did not see this option on my switch, which made it confusing at first, but I think it is simply that my switch does not support static routing.
Never really done this so,.....with static routing (with a switch that has that capability), would it be a simple process of entering the Firewall's internal ip to resolve external requests from my users etc?
>>First, on the DNS server, make sure that the default gateway is set to the firewall's internal IP addres, >>and then try to ping an IP address on the Internet (eg. 64.233.167.99, Google). This will confirm that >>routing is set up properly.
Yes, when all servers and users use the ip address of the internal interface of the firewall, it works fine.
But, in reference to what I asked originally. If I wanted to set it up differently by having all servers, users, additional switches etc to use the ip address of the "main switch" i then have to setup a static route from the switch to the router. Correct? I did not see this option on my switch, which made it confusing at first, but I think it is simply that my switch does not support static routing.
Never really done this so,.....with static routing (with a switch that has that capability), would it be a simple process of entering the Firewall's internal ip to resolve external requests from my users etc?
ASKER
bump
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
U got it.
Thanks for clarifying. I need a Layered 3 Switch or router to do what I need to do in terms of pointing all devices from different subnets to it in order to communicate as well as access the internet.
Thanks again.
Thanks for clarifying. I need a Layered 3 Switch or router to do what I need to do in terms of pointing all devices from different subnets to it in order to communicate as well as access the internet.
Thanks again.
The servers will need to be manually configured to point to the firewall's IP address (192.168.111.1) for their default gateway. They will also need the DNS setting configured to point to your DNS server.
The users will need the same, but can be configured by DHCP. What operating system is your DHCP server running?
Cheers,
Daniel