General discussion

Locked

NAT or NOT!

By Robert Young ·
My company runs a small NT4 based network. The standard IPs are in the range 192.168.42.* however, it has been necessary to add a 2nd NIC into the server and assign it an IP in the range 57.52.75.* to allow some workstations to access an external network. The w/s in question have also been assigned IPs in this 2nd range. The reason behind the 2nd NIC idea was to allow them to see the mail server which resides on the server in question also. NOW! When these workstations are assigned their IPs(Static) they can easily see each other, the server, teh external network required and the mail server. (LMHosts file used to point w/s to server) Unfortunately, they are unable to see the ISDN router (Cisco 760) for the company Internet access. The router has an address of 192.168.42.5 and all clients on the 192 network can access it no problem. On the client machines on the 57 network, the default gateway MUST be set to 57.52.75.1 to point to the router to communicate with the external network. This is obviously the problem when they attempt to access www. Can anyone please provide me with a solution (other than sticking in a 2nd NIC into each client)? We simply don't have enough floor points to accomodate the extra cabling which would come with this solution. I would appreciate any detailed solution (i.e a TOTAL IDIOTS GUIDE!!).
There are some BIG POINTS to be had.
Many Thanks....
B Young

This conversation is currently closed to new comments.

11 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

NAT or NOT!

by turambar386 In reply to NAT or NOT!

Let me see if I got this straight. correct me if I am wrong.

Your internal network is one physical network with two logical networks (192.168.42.0 and 57.52.75.0).

You have two routers: 192.168.42.5 with goes to the Internet, and 57.52.75.1 which goes to an external network that hosts a mail server.

You have put two NICs into your internal server, each with an IP address in the different logical networks.

Does this sound correct so far?
If not, let me know.

This sounds like asilly way of doing things, but whatever.

The easiest way to get out of this mess requires that you have control over the 57.52.75.1 router. If you do, simply add a secondary IP address to the internal interface on the router in the 192.168.42.0subnet and insert a default gateway pointing to the 192.168.42.1 router. (how you do this depends on the brand and model of router).

If you do NOT have admin access to this router, you would be better off to put all the workstations back to the192.168.42.0 network and do one of the following options:

IF you have admin access to the 192.168.42.5 router: Simply add a secondary IP address to the internal interface with an ip address in the 57.52.75.0 network. Then, assign this router as the default gateway on all the workstations and your server.

If you do NOT have admin access to that router, you should enable routing on your dual-NICed server. Assign the 192.168.42.5 router as the default gateway on the server, and assign the server as the default gateway on the workstations. How you do this depends on the operating system of the server.

If you would like more detailed instructions on any of the options mentioned, let me know the operating systems used and model/brands of the routers.

Collapse -

NAT or NOT!

by turambar386 In reply to NAT or NOT!

Okay, Robert. You cannot move those w/s from the 57.52.75.0 network and you cannot add a route on the 57.52.75.1 router.

Not a problem.. here's what you do. (I am assuming since you haven't specified that you are using NT)

On your Dual-NIC Server:
- Go into the TCP/IP Properties. For the 192.168.42.0 NIC, enter the default gateway as 192.168.42.5.
- For the NIC in the 57.52.75.0 network, leave the default gateway blank.
- Enable routing (in the Forwarding tab of TCP/IP properties, check 'Enable IP Forwarding').
- close TCP/IP properties. YOu may need to reboot.
- Once the server is back up, go into a command prompt and enter:
route add -p 57.0.0.0 mask 255.0.0.0 57.52.75.1

Please note that I am assuming here that the mail server you are trying to reach is somewhere within the 57.0.0.0 network!

Now, on all the workstations in your 57.52.75.0 network, change the default gateway to the IP address of your dual-NIC server.

This should work like a charm.

Collapse -

NAT or NOT!

by Robert Young In reply to NAT or NOT!

Poster rated this answer

Collapse -

NAT or NOT!

by Some Guy in Seattle In reply to NAT or NOT!

I tried answering this but it didn't take so here's my answer again...

Looks like the core problem is the 57.52.75.* devices cannot see the 192.168.42.* network on the other side of the NT Server. You are correct that a second NIC in each machine would fix the problem but it would be annoying and expensive.

Try adding a persistent route on each of the machines in the 57.52.75.* network directing them on how to reach the 192.168.42.* network. From a DOS prompt on each machine, add this command (all one command):

route add -p 192.168.42.0 mask 255.255.255.0 57.52.75.(whatever the last octet of the NT server is here) metric 1

The "-p" will make this route persistent across reboots so it won't have to be added each time. The metric is just the number of routers the machine can expect to see to get to the 192.168.42.* (in this case, only one, the NT Server is acting as the router). For more info on the syntax of this command, type "route" on the command line and it will give some info there.

And speaking of this, on the NT Server make sure to do a right click on Network Neighborhood, Select TCP/IP, and there should be a tab there for routing. Make sure the checkbox is on so this machine will forward traffic across it.

Hope that helps,

Collapse -

NAT or NOT!

by Robert Young In reply to NAT or NOT!

Poster rated this answer

Collapse -

NAT or NOT!

by Curacao_Dejavu In reply to NAT or NOT!

my way to solve it.
Had a similar situation.

ws config.
ip:192.168.42.x
subnet: your subnet
default gateway 192.168.42.5

second ip (in the advance tcp/ip configuration).
ip. 57.52.75.x

then static route (in dos prompt)
route add -p 57.52.75.? mask 255.255.255.0 57.52.75.1

?= adress of the server which they have to connect to.
This means everybody is on your internal network and has access to internet, shares etc. Only when they request a 57.52.75.? traffic they go through therouter using the static route command.


worked like a charm, (then with the help of a consultant of course).

Collapse -

NAT or NOT!

by Robert Young In reply to NAT or NOT!

Poster rated this answer

Collapse -

NAT or NOT!

by Robert Young In reply to NAT or NOT!

I really appreciate all the help guys. However, I may not have described the situation fully. The w/s cannot be assigned a 192 address and must be on the 57 network. Secondly, the router for the 57 network connects up to the Galilleo system (travel agency) and all w/s must originate a 57 IP address or no traffic is permitted to their servers.
When attempting to add a route to the w/s, as descibed by Some Guy In Seattle the -p switch was not permitted and the route add failed (Error 87?). The only route I could add was as follows. route add 192.168.42.0 mask 255.255.255.0 57.52.75.29 metric 1.

Unfortunately, this does not solve the problem. The W/S are still unable to browse the internet. They can still see the file & mail server (192.168.42.1), however I suspect the fact that the server does not use the ISDN Router to browse the internet may be an issue! Still relying on dial up!!!!
I omitted the fact that the 57 & 192 are on different subnets 255.255.255.224 & 0 respectively. Will this be an issue also?

I am almost at my wits end here....someone please take my job now!!!!

Collapse -

NAT or NOT!

by estebandelatorre In reply to NAT or NOT!

You have 2 networks, and many of your clients have to see both of them.
Select one network to work, eg: 192.168.
Keep only one nic and ip address in each server and wks.
Place a router pointing:
a.- wan side 57 network
b.- lan side: assign a new ip address from the 192.168 scope.
c.- define a static route to reach the new network (and here is where you made a mistake!)
the route command should be:
ROUTE ADD 57.52.75.0 (ALL NETWORKS END WITH 0)
MASK 255.255.255.224 (THE MASK OF THE NETWORK-EXTERNAL- YOU WANT TO REACH)
THEN PLACE YOUR GATEWAY (ROUTER LAN-SIDE. YOU SHOULD PING YOUR ROUTER LAN-SIDE!!!
METRIC 1 /P (/P TO TRACE THE ROUTE PERMANTLY)
SO COMMAN
ROUTE ADD 57.52.75.0 MASK 255.255.255.224 192.168.42.? METRIC 1 /P
*iT IS SUPPOSED THAT YOPUR PC IS PLACED IN THE 192.168.42.X LAN.

Collapse -

NAT or NOT!

by Robert Young In reply to NAT or NOT!

Poster rated this answer

Back to Desktop Forum
11 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums