• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 758
  • Last Modified:

Dual ADSL Router to Win2003 Server with Single NIC

Hi

I have a client who has had a 2nd ADSL installed with their SINGLE NIC Windows 2003 server behind.

They now have 2 Netgear DG834 routers configured as

Router1
Public IP 80.14.x.x
LAN IP 192.168.180.1

Router2
Public IP 85.20.x.x
LAN IP 192.168.180.5

SBServer
LAN IP 192.168.180.2
Gateway IP 192.168.180.1

This works fine to send incoming SMTP, Web and RAS traffic IN through Router1.

The problem occurs when I send traffic in through Router2. I get no response back from the server? I can see that the traffic is hitting the router from its logs and being forwarded to the Server.

Is this because the Server NIC has a gateway of 192.168.180.1 and is sending the response traffic out to Router 1?

I have tried setting a static route on Router 1 to Router 2 as follows:

Destination IP 85.20.x.x (Router2 Public IP)    Gateway 192.168.180.5

but that doesn't work.

I have tried setting a second gateway on the server NIC of 192.168.180.5 and that seems to break everything!

Can someone please advise.

M
0
Winfix1
Asked:
Winfix1
3 Solutions
 
Kruno DžoićSystem EngineerCommented:
You want to send traffic from Server to routers
or from Client to Server and Server to routers?
0
 
Winfix1Author Commented:
M3rc74

I want incoming SMTP, Web and other traffic to be able to come in and out through both routers. ie to use the second ADSL as a failover incoming route for SMTP traffic once a second MX record is setup.
0
 
Kruno DžoićSystem EngineerCommented:
The best way to achieve this is to buy Dual WAN router or make one from old PC
0
Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

 
Miguel Angel Perez MuñozCommented:
With this scenario, can do manually, changing default gateway. But adding a second gateway not work.
0
 
Winfix1Author Commented:
I want to use the existing Routers and don't want manual intervention. Surely its a simple thing achieve. Maybe I need to add a static route to the IP config of the server?
0
 
George FendlerprogrammerCommented:
No, this is not a simple as it sounds. Drashiel is correct. Load balancing is more complicated than it sounds. The IP header only has one field for the return path. When you send something out over gateway-1, it will never come back over gateway-2.
Just my $0.02
0
 
gortm001Commented:
The problem you are facing is that that you can only have 1 default gateway. Look at your server (open a dos-prompt and type route print)

You will see that youre server only knows his own network 192.168.180.x that is connected to his own Nic, the .2 address. Everything else that does not fit the mask of 192.168.180.x he will send to his default gateway on number 1, making it his problem to deliver it on the right location.

As M3rc74 already mentioned, if you really want to solve this with the least amount of mony spent, I would suggest that you replace both netgears with f.i. a Vigor 29x0 series router, who supports the use of 2 WAN's including load balancing and redundancy.

See http://www.draytek.com/user/PdInfoDetail.php?Id=31 for more detailed info.

Afaik this is  "Out of the box" functionality.

The reason portfowarding on your second router is not working is also easily explained: Your router is doing NAT, so the IPpackage from the outside  arriving at the outside address of your second router is delivered to the internal address of the server. Since the originating address is an external mailserver and NOT the internal address of of your second router (192.168.180.5) responses from the server will be sent through the default gateway. Since this is outbound traffic NAT in your first router will replace the originating sender addres (your servers internal address 192.168.180.1) with the external address of your first router.

You might see that this is very confusing for the sending mailserver, talking to Ip address A, getting answers from IP address B, that will not work.

Hope this helps,

KG
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now