BMarden
asked on
Routing Assistance
I am a bit rusting on my routing tables and could use some assistance please.
I have a Server 2008R with primary interface 192.168.1.6/24 and default gateway of 192.168.1.1 (NetGear Internet Router). I have just added a second interface (not registering with DNS) with IP of 10.20.30.5/24, MS Client and File/Printer sharing are not bound to this interface.
I have created a new DHPC scope for the 10.20.30.0 network. I have connected a Wireless AP for guest access directly connected to this interface. I can connect to the AP, and get an IP Address but I cannot get to the internet, nor can I ping 192.168.1.1
From the server I tried a ping 192.168.1.1 -S 10.20.30.5 which failed, source address of 192.168.1.6 is successful. Seems to be a routing issue.
I have (RRAS) routing Role installed and enabled.
Here is the routing table from the server.
IPv4 Route Table
==========================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.6 266
10.20.30.0 255.255.255.0 On-link 10.20.30.5 266
10.20.30.5 255.255.255.255 On-link 10.20.30.5 266
10.20.30.255 255.255.255.255 On-link 10.20.30.5 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.6 266
192.168.1.6 255.255.255.255 On-link 192.168.1.6 266
192.168.1.255 255.255.255.255 On-link 192.168.1.6 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.6 266
224.0.0.0 240.0.0.0 On-link 10.20.30.5 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.6 266
255.255.255.255 255.255.255.255 On-link 10.20.30.5 266
==========================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.1 Default
==========================
Thanks for any assistance
I have a Server 2008R with primary interface 192.168.1.6/24 and default gateway of 192.168.1.1 (NetGear Internet Router). I have just added a second interface (not registering with DNS) with IP of 10.20.30.5/24, MS Client and File/Printer sharing are not bound to this interface.
I have created a new DHPC scope for the 10.20.30.0 network. I have connected a Wireless AP for guest access directly connected to this interface. I can connect to the AP, and get an IP Address but I cannot get to the internet, nor can I ping 192.168.1.1
From the server I tried a ping 192.168.1.1 -S 10.20.30.5 which failed, source address of 192.168.1.6 is successful. Seems to be a routing issue.
I have (RRAS) routing Role installed and enabled.
Here is the routing table from the server.
IPv4 Route Table
==========================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.6 266
10.20.30.0 255.255.255.0 On-link 10.20.30.5 266
10.20.30.5 255.255.255.255 On-link 10.20.30.5 266
10.20.30.255 255.255.255.255 On-link 10.20.30.5 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.6 266
192.168.1.6 255.255.255.255 On-link 192.168.1.6 266
192.168.1.255 255.255.255.255 On-link 192.168.1.6 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.6 266
224.0.0.0 240.0.0.0 On-link 10.20.30.5 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.6 266
255.255.255.255 255.255.255.255 On-link 10.20.30.5 266
==========================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.1 Default
==========================
Thanks for any assistance
Clients definitely need to use 10.20.30.5 as the gateway.
In the RRAS NAT config the 2nd NIC needs to be assigned as internal interface and the 1st NIC as the external facing interface (that way, no manual routing needs to be done)
In the RRAS NAT config the 2nd NIC needs to be assigned as internal interface and the 1st NIC as the external facing interface (that way, no manual routing needs to be done)
ASKER
Yes, Using 10.20.30.5 as gateway on AP also set in DHCP scope options for that network.
RRAS NAT config? why do I need to NAT this, prefer to simply route it, primary router (192.168.1.1) is firewall/NAT.
Thanks
RRAS NAT config? why do I need to NAT this, prefer to simply route it, primary router (192.168.1.1) is firewall/NAT.
Thanks
As you said, 10.20.30.5 is the GATEWAY and HAS TO HAVE NAT functions enabled to route packets properly from the 10.20.30.x range to and from the internet.
If you think you can fool the systems in 10.20.30.x range that 10.20.30.5 passes traffic through to 192.168.1.1 magically, you're mistaken. NAT is the function to pass it through.
Even if you hacked the system into routing it directly (or even changing the gateway IP on those clients to 192.168.1.1), the next problem is that the 192.168.1.1 router won't understand one bit of what's going on (WTF do I do with these 10.20.30.x packets?) and traffic doesn't flow back at all.
No matter how you route it, it will break, and you won't get ONE BIT from the internet.
You are confusing the route command (Windows cmd: route add) with the router functions (NAT).
If you think you can fool the systems in 10.20.30.x range that 10.20.30.5 passes traffic through to 192.168.1.1 magically, you're mistaken. NAT is the function to pass it through.
Even if you hacked the system into routing it directly (or even changing the gateway IP on those clients to 192.168.1.1), the next problem is that the 192.168.1.1 router won't understand one bit of what's going on (WTF do I do with these 10.20.30.x packets?) and traffic doesn't flow back at all.
No matter how you route it, it will break, and you won't get ONE BIT from the internet.
You are confusing the route command (Windows cmd: route add) with the router functions (NAT).
If I understood that you added network 10.20.30.0/24 directly to server (not to router), then actually, NAT is not needed, but what is really needed is that you show next device in line (routing device) where to send packets for network 10.20.30.0/24. As long as packets are not intended for internet usually there in no need for NAT.
You need to set that will point to your server as next hop for 10.20.30.50/24 network (or turn on RIP on ruter and server). At this point packets are coming to default gateway, but default gateway has no idea where network 10.20.30.0/24 is.
Usually this is done by command
ip route 10.20.30.0 255.255.255.0 192.168.1.6
or you have some graphic tool to add static route (depending on router).
Router only can forward packets to destination that it can find in routing table. Currently the only matching route is probably default route so all packets for 10.20.30.50/24.network are going to internet.
If I did not understand your configuration well, can you post topology? :)
You need to set that will point to your server as next hop for 10.20.30.50/24 network (or turn on RIP on ruter and server). At this point packets are coming to default gateway, but default gateway has no idea where network 10.20.30.0/24 is.
Usually this is done by command
ip route 10.20.30.0 255.255.255.0 192.168.1.6
or you have some graphic tool to add static route (depending on router).
Router only can forward packets to destination that it can find in routing table. Currently the only matching route is probably default route so all packets for 10.20.30.50/24.network are going to internet.
If I did not understand your configuration well, can you post topology? :)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
TP Link consumer grade routers can add static routes. :)
So, it all comes down to what is routing device.
If that option is available there is no need to burden server CPU with natting (NAT can be a big burden).
So, it all comes down to what is routing device.
If that option is available there is no need to burden server CPU with natting (NAT can be a big burden).
ASKER
Router Has RIP and I would think it would discover, but no facility to add static route into the Netgear.
I will try the NAT, thanks
I will try the NAT, thanks
ASKER
Thx
BTW, since router has RIP you can configure RIP on router and server too.
On server it is the same place where you need to enable NAT.
Routing and remote access - IPv4 - General - New routing protocol
:)
On server it is the same place where you need to enable NAT.
Routing and remote access - IPv4 - General - New routing protocol
:)
To be able to ping anything in other networks you need to have reachable default gateway.
I can only guess, but maybe that should be 10.20.30.5