We help IT Professionals succeed at work.

Networking Gurus: ip addressing help

370 Views
Last Modified: 2010-04-09
Please disregard the newbie question, but.......

The sequence below is:- ip, subnet mask, default gateway.

Switch (DHCP OFF): 192.168.2.1 / 255.255.0.0 / 0.0.0.0

Server 1 - 192.168.2.150 / 255.255.0.0 / 192.168.2.1
Server 2 - 192.168.2.151 / 255.255.0.0 / 192.168.2.1
Server 3 - 192.168.2.152 / 255.255.0.0 / 192.168.2.1

Users (DHCP Scope - 192.168.3.2 - 192.168.3.254) - different subnet
User 1 - 192.168.3.2 / 255.255.0.0 / 192.168.2.1
User 2 - 192.168.3.3 / 255.255.0.0 / 192.168.2.1
User 3 - 192.168.3.4 / 255.255.0.0 / 192.168.2.1

Firewall (DHCP OFF): 192.168.111.1 / 255.255.255.0

Users and servers can see each other via the switch.
DHCP is turned off on the switch and the Firewall, as Server 1 is hosting the DHCP service that gives the scope to the users. Servers are obviously statically assigned.

Question: How to get users and servers alike, to access the internet via the firewall.

If I connect a user up directly to te firewall using its LAN ports and using the ip address of the Firewall as the default gateway as the client, it works np, obviosly. Help me get my head around this one please.

been seeing subnets and numbers whole day.
Comment
Watch Question

CERTIFIED EXPERT

Commented:
Hi TechInNeedmm,

The servers will need to be manually configured to point to the firewall's IP address (192.168.111.1) for their default gateway. They will also need the DNS setting configured to point to your DNS server.

The users will need the same, but can be configured by DHCP. What operating system is your DHCP server running?

Cheers,
Daniel

Author

Commented:
This is what I thought as it would only make sense (But was told otherwise). That is, if looking at it from a NAT setup perspective. Basically, the way i look at it is that the Firewall would be the NAT server as it has an external and an internal IP. It does the translation and routing, so in essence, the servers have to point to that. So I was correct in thinking this way then?

With a NAT server running, you have all servers and users point to this machine as the default gateway. So with the firewall thrown in the mix, same applies?

>> They will also need the DNS setting configured to point to your DNS server.
Server 1 (Domain Controller) - DHCP, DNS, AD
I have set this server's ip (192.168.2.150) to be the only ip address that will server DNS requests and also configured forwarders pointing to 2 external DNS addresses of my ISP.

This is a windows environment.

Author

Commented:
so does anything point to the switch's ip and use it as it's default gateway? or is it there to route and direct traffic.

Commented:
Why is the firewall subnetted as class C when the other subnets are class B?

Author

Commented:
oops typo
255.255.255.0
CERTIFIED EXPERT

Commented:
As long as your users and servers can ping the firewall's internal IP, you should use this as the default gateway. The DNS server should also use the firewall as the default gateway.

First, on the DNS server, make sure that the default gateway is set to the firewall's internal IP addres, and then try to ping an IP address on the Internet (eg. 64.233.167.99, Google). This will confirm that routing is set up properly.

Then try to ping a host on the Internet by it's DNS name, eg. google.com.

Then try pinging an IP from one of your users PCs, and then by it's DNS name.

Post your results back here.

Cheers,
Daniel

Author

Commented:
Yes, I have done this already and this works fine. It also works fine as well with reverse lookup for internal resolutions.

>>First, on the DNS server, make sure that the default gateway is set to the firewall's internal IP addres, >>and then try to ping an IP address on the Internet (eg. 64.233.167.99, Google). This will confirm that >>routing is set up properly.
 
Yes, when all servers and users use the ip address of the internal interface of the firewall, it works fine.

But, in reference to what I asked originally. If I wanted to set it up differently by having all servers, users, additional switches etc to use the ip address of the "main switch" i then have to setup a static route from the switch to the router. Correct? I did not see this option on my switch, which made it confusing at first, but I think it is simply that my switch does not support static routing.

Never really done this so,.....with static routing (with a switch that has that capability), would it be a simple process of entering the Firewall's internal ip to resolve external requests from my users etc?

Author

Commented:
bump
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
U got it.
Thanks for clarifying. I need a Layered 3 Switch or router to do what I need to do in terms of pointing all devices from different subnets to it in order to communicate as well as access the internet.

Thanks again.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.