General discussion
-
Topic
-
multi-homed server route problems
LockedFirstly please don’t post an answer unless you’re reasonably sure of your solution so the question doesn’t get wiped off the map without a decent response. If you have any suggestions please e-mail them to me at: ngrunseit@harveyworld.com.au
I amhaving a problem on a server which has two NICs one NIC in the Win 2000 server is connected to my LAN while the other NIC is connected to my Sonicwall Firewall’s DMZ.
Whenever you VPN in via the firewall to the LAN one can ping the IPs of non-multi-homed PCs on the LAN, but not those that ARE multi-homed.
My multi-homed server has a route: 0.0.0.0 mask 0.0.0.0
which lets it contact my internet router via the DMZ based NIC, and thus see the outside world. If I add any default gateway to the LAN NIC so it may see the firewall too I start having major problems where (despite having no routing/ remote access service enabled) the firewall detects data originating from my DMZ IP coming from the LAN NIC and vice versa. The problem is by adding a default gateway, or merely a static route like: 0.0.0.0 mask 0.0.0.0
it will allow my users that are VPN’d into the network to see the LAN NIC on the multi-homed server, but will cause the firewall to start blocking traffic which appears to be originating from the wrong IP, on the LAN/DMZ ports. It’s not as complicated as it sounds, but it’s driving me crazy.
I just need to add a route so that my server can see the VPN’d incoming connections,but at the same time not make the server think it can route traffic to the outside world via the LAN NIC