We help IT Professionals succeed at work.

Gateway on Different Network Segment


Currently I am working with a client who has an existing win2k webserver with the following config:
ip: 192.168.0.10
subnet: 255.255.255.0
gateway: 10.1.1.9

They want to add a new Windows 2003 webserver with 192.168.0.12 as the IP and the same subnet and GW.  When I try to configure windows 2003 this way, it comes back warning that "The default gateway is not in the same network segment" as the server's IP address.  

Of course, the warning makes perfect sense.  So that leads to two questions:
1)  Why does the windows 2k configuration work?  BTW, there's no fancy routing confiured that I can determine. It just works (like magic).
2)  Is there anyway to configure the windows 2003 server to exist with that IP and GW?  I'd rather not have to do the reconfiguration required if I change the GW routers IP address.

Comment
Watch Question

Commented:
if you do a tracert what ip address does the server go through to get to 10.1.1.9. Does the server have multiple nic's with one on a 10.1.1.x network?

Author

Commented:
Tracert to gateway 10.1.1.9 from webserver 192.168.0.10 times out.
Tracert to an external address from webserver 192.168.0.10 indicates our WAN Gateway IP address as the first hop.
Fred MarshallPrincipal
CERTIFIED EXPERT

Commented:
Maybe network on a stick on the older computer?  What is / are the added IP addressses on the NIC?

What does the routing table show?

route print on a command line would show us, ... please.

Author

Commented:
2 addresses on 1 NIC, 1 for normal and the other for SSL.  192.168.0.11 (SSL) was just added a few months back.

Here's the route table - sorry meant to tag it onto the last post...

Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
<edit - webserver's MAC address> ...... Intel(R) PRO/100 S Server Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.1.1.9    192.168.0.10       1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.0.0    255.255.255.0     192.168.0.10    192.168.0.10       1
     192.168.0.10  255.255.255.255        127.0.0.1       127.0.0.1       1
     192.168.0.11  255.255.255.255        127.0.0.1       127.0.0.1       1
    192.168.0.255  255.255.255.255     192.168.0.10    192.168.0.10       1
        224.0.0.0        224.0.0.0     192.168.0.10    192.168.0.10       1
  255.255.255.255  255.255.255.255     192.168.0.10    192.168.0.10       1
Default Gateway:          10.1.1.9
===========================================================================
Persistent Routes:
  None

__________________________________________________
Fred MarshallPrincipal
CERTIFIED EXPERT

Commented:
The routing table says:

"The default route (the route for anything not explicit otherwise in the routing table) puts packets on the LAN wire at the NIC with address 192.168.0.10 destined for the device addressed 10.1.1.9"

Normally, we'd call 10.1.1.9 the "internet gateway" or just "gateway" for the LAN (to get to other places NOT on the LAN).  
Note that the LAN subnet 192.168.0.0 is directed to the local NIC address 192.168.0.10 which means "just put these packets out on the wire" as there is supposed to be a destination computer on the local LAN subnet which has the destination address.

So, all I can interpret from this is:

- There is a device on the wire with address 10.1.1.9.  And, this is the gateway.
(if it were on the wire but NOT the gateway then the packets destined off the LAN subnet would normally be directed to the gateway and might be dropped if addressed to 10.1.1.9 unless 10.x.x.0 were associated with an address on a port on the other side of the gateway router).

How this device communicates *back* to the computers on the LAN is a question.
Perhaps that device has a route that says something similar / reciprocal:

"Packets destined for 192.168.0.0 go to 10.1.1.9 as their gateway."

So there appears to be a route to accomplish that somewhere.

Author

Commented:
Yes, if that was the case, though, wouldn't configuring the new server with 192.168.0.12 also work?  It doesn't.  Once that new 2003 server is assigned with the 192.168.0.12 address  with 10.1.1.9 as the gateway, it can't hit anything else.

Working remotely right now - so I can't grab the route table on the new webserver when config'd with the 192.168.0.12 address.  I seem to remember from yesterday that they compared exactly the same. I'll try to post it tomorrow or so...
Fred MarshallPrincipal
CERTIFIED EXPERT

Commented:
Well, I'm going to assume that the Server will accept the conflict in addresses.....

Then if 10.1.1.9 is the assigned gateway, everything should work as advertised I should think.

The route elsewhere would be the same unless it's specific....
That is:
Let's assume that the route elsewhere (i.e. at 10.1.1.9 device) is:
192.168.0.0 to 10.1.1.9 (the local LAN NIC presumably)
Then the added 192.168.0.12 would be included in that route.

But, what if it's:
192.168.0.13 to 10.1.1.9?
then you'd have to add:
192.168.0.12 to 10.1.1.9
or change the route to
192.168.0.0 to 10.1.1.9

Otherwise, there's no return path for these latter cases.
Commented:
do you have access to the gateway: 10.1.1.9

And if so can you check it to see if there are multiple ip addresses configured on this device. You could just reconfigure it to use an address in the same subnet and get it all working as would make sense with a ip address in the same subnet and progress it that way.

Also, try running an arp -a and seeing if the 10.1.1.9 has an arp for any other addresses.

Author

Commented:
OK, found the problem.
The new webserver's ARP table contains an entry for the gateway with an incorrect MAC.  I defined static ARP entries for the gateway and the other webserver.  Everything is OK now.
Most Valuable Expert 2011

Commented:
Why not just fix the thing!

Clearly it is configured wrong and probably has been for who knows how long.  The only reason it works at all is just plainly a "lucky" loophole in the config.

So just configure it with the gateway it really should have had in the first place and be done with it.

After you give it the correct Gateway it should have had in the first place, run the command line "route /f" to clear the routing table and reboot the thing so the route table rebuilds correctly this time during the reboot.
Most Valuable Expert 2011

Commented:
There is no reason in the world to create a static ARP entry.   When every thing is configured the way it is supposed to be configure all entries in the MAC table should be dynamic.  What do you think is going to happen to that static mac entry as soon as a nic goes bad or a device gets swapped out causing the mac address to change?

Author

Commented:
Yes, in a perfect world, it should be fixed.  Ultimately limited time and resources intrude.

Problem is fixed.  Can't seem to figure out how to close the question and award points - They should go to Aegil
Most Valuable Expert 2011

Commented:
In any world it should be fixed.  It takes less time to put in the right gateway than it does to monkey with the mac table. Now you are just creating a bigger mess that can haunt you later
Fred MarshallPrincipal
CERTIFIED EXPERT

Commented:
Print out the routing table on the gateway computer.  What does that say?  You should know the answer to this anyway.

I understand you "solved" the immediate problem but it appears you still have a lurking problem which should be fixed.  

For example, what if the gateway computer had had a route not to the subnet but to individual computers in the subnet?  etc.
Most Valuable Expert 2011

Commented:
A multiple subnet LAN should be laid out like this.  Multiple subnets means there is a LAN Router somewhere,..or you couldn't have multiple subnets [properly] to start with.  The LAN Router is supposed to be the Gateway of all devices and it is based on the proper router interface the "faces" the device.  Then the LAN Router uses the Internet Device as it's Gateway.  The Internet Device then has all LAN Segments in its LAT and has a Static Route telling it to use the LAN Router to reach the other segments.

All the "MAC hacking" is doing is causing the "wrong" IP# to resolve to the correct MAC that it should have resolved to if the proper IP# was used in the first place,...which is senseless,...just put the right IP into it in the first place.

 3 segment LAN