Link to home
Start Free TrialLog in
Avatar of aprashar
aprashar

asked on

Need help with the "Route -p" command for dual homed servers

Hi guys,

I need help with a persistent "Route -p" command.

I have a single server with 2 Nics.

NIC1:
IP Address: 190.7.1.12
      Subnet: 255.255.0.0
  Gateway: 190.7.1.10

NIC2:
IP Address: 10.10.10.12
      Subnet: 255.255.255.0
  Gateway: 190.7.1.10

I want traffic on the 190.7.1.12 to stay on that network and I want traffic on the 10.10.10.x to stay on that network but I do want that 10.10.10.x network to go out the 190.7.1.10 for the internet.

Any advice on what the Route -P command would be to do that?
Avatar of Rob Williams
Rob Williams
Flag of Canada image

Traffic will stay local to it's own subnet by default.
A PC/Server can only have one gateway address so you need to remove the 190.7.1.10 gateway from the 10.10.10.12 adapter.
Then, enable routing and remote access on the server and check "LAN routing". Finally, just set the gateway on the PC's in the 10.10.10.x subnet to use 10.10.10.12 as their default gateway. This will effectively add to those PC the following route, with no need to manually add it.
route -p add 0.0.0.0  mask 0.0.0.0  10.10.10.12
You want local traffic to go to the local gateway:

So, for NIC2:
IP Address: 10.10.10.12
      Subnet: 255.255.255.0
  Gateway: 10.10.10.12
This is probably already there as you can see from:
route print

You want packets on LAN2 destined for the internet to get onto LAN1 and routed to the default  address' gateway.

So, first, you want to route LAN2 packets destined for the "default" address to go to LAN1 with NIC1 being the gateway or "next hop".

route -p 0.0.0.0 mask 0.0.0.0 190.7.1.12 metric 1

Or, maybe this would be sufficient:

route -p 0.0.0.0 mask 0.0.0.0 190.7.1.10 metric 1

In the end you need from "route print"

0.0.0.0   0.0.0.0   190.7.1.10  190.7.1.12  1

Which means any address outside either LAN will go from the 190.7.1.12 interface (NIC1) to the internet gateway 190.7.1.10.

Then, you want packets *from* the internet destined for LAN2 to go to NIC1 as the gateway.

*On the gateway router*  on LAN1 you probably need the equivalent of:

route -p 10.10.10.0 mask 255.255.255.0 190.7.1.12

This establishes NIC1 as the gateway to LAN2.

Then, you need the packets arriving at NIC1 to be routed to NIC2.
So:

route -p 10.10.10.0 mask 255.255.255.0 10.10.10.12

I may have made some mistakes here but those are the key ideas.

Note that packets on LAN2 that are addressed for LAN1 will be routed via the default LAN2 route.
Note that packets on LAN1 that are addressed for LAN2 will be routed.
So, isolation between the LANs may need to be implemented with a firewall than only allows the internet traffic path ... something like that.

And routing on this computer has to be enabled.

I hope this helps.  I've not done it myself but this should get you closer and it may work!

What you can't do is establish a route that has the gateway or next hop address in a range that's different than one of the LAN subnet ranges.


ASKER CERTIFIED SOLUTION
Avatar of Keith Alabaster
Keith Alabaster
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Not spot on, I forgot the return path, thanks Keith.

The other option is to enable Rip v2 on the router and server.
:)  We make a good team Rob lol. Watch out, only another 34K to go on ISA for the Genius ticket. Then I'm coming full steam at the MS Networks area hahaha
Genius on ISA is quite an achievement !   Difficult topic, and not as many questions as other TA's. I'll hold my congratulations, but well done !

Not a lot of question on Microsoft Networks now either, since they added all the new TA's last year. Still enough to go around though. If it comes to head to head, I am no match for you. My #'s come from too much time on my hands, not knowledge <G>. Due to upcoming workload, I may have to back off a bit as of the end of this month for a little while.

Sorry to "steal" your question here aprashar, but Keith if you have a chance could you take a peek at:
https://www.experts-exchange.com/questions/23223514/Error-800-while-trying-to-vpn-into-SBS-server.html?cid=238
I'm sure your input would be more useful than mine.

Cheers All !