General discussion

  • Creator
  • #2189113

    Routing question (I think)


    by david.larsen ·

    I am having problems getting my two static IPs to “talk” to one another.

    I have two IPs that can access the Internet just fine. From another computer on the Internet, I can reach my IPs just fine. However, I can’t reach one IP from the other.

    I’ve got my modem connected to a Netgear FS605 switch. I’ve got one line running to my router and another goes directly to a computer. The computers behind the router use NAT and can reach the Internet just fine. Same thing with the computer.

    Now the computer that’s running directly off the router is running Windows 2K3. It’s at My router is at
    I imagine you can browse to the simple dummy websites on both of those. (The 131 forwards port 80 to a local machine behind the router.)

    I’ve done remote desktop to a system elsewhere on the net and they can get to those IPs just fine.
    HOWEVER, I can’t connect from my “public” x.x.x.64 machine to my router (x.x.x.131) … and my machines behind the router that can access ALL of the internet just fine can’t seem to get anything through to my x.x.x.64 address.

    My logic:
    IP #1 can reach internet. Internet can reach IP #1.
    IP #2 can reach internet. Internet can reach IP #2.
    IP#1 should be able to reach IP #2.

    Note: tracerts time out trying either direction.

    Any ideas?

All Comments

  • Author
    • #3053572

      Reply To: Routing question (I think)

      by cg it ·

      In reply to Routing question (I think)

      Some routers have an option to filter NAT redirect to the lan via the public IP address. If you can’t access on a NAT redirect chances are the router has that filter enabled. We use the NAT redirect filters at the perimeter and behind the DMZ so that no one behind the DMZ router can access servers in the DMZ.

    • #3053571

      Reply To: Routing question (I think)

      by toivo talikka ·

      In reply to Routing question (I think)

      Your layout seems slightly back to front, but please correct me if I am wrong. According to your description the Windows Server 2003 with the external IP address is connected directly to the internet through the switch.

      Usually the internet is connected to the public side of a router and the LAN is connected to the private side. The router (you do not specify the type of your router) is usually programmable, or you can access its administrative interface through a browser.

      Check if your router supports DMZ (Demilitarized Zone). That’s where your W2K3 server should be, behind DMZ and NAT. The router should direct requests to to the server’s internal IP address, which is on a different subnet (e.g. from your LAN (e.g.

      Your Netgear FS605 switch should be connected to the LAN port of the router, supported by NAT. The PC workstations will be on a subnet, e.g.

      Now the router would understand the scenario and be able to route packets from one subnet to the other. You have to define pinholes in the DMZ arrangement for the accepted packet types like HTTP requests to be passed between the W2K3 server and the LAN.

      You may have to talk to your ISP to find out the external IP number for your modem, which can be different from the two public IP addresses you have given but within the same range. Or just do a traceroute.

    • #3053516

      Reply To: Routing question (I think)

      by hozcanhan ·

      In reply to Routing question (I think)

      larsen , as toivo and cg explained well your setup seems “upside down” . I would recommend that you set up a DMZ as explained formally in the books ; especially if w2k3 is in question . Instead of writing a long explanation here is a good link : . NAT is also explained well here . If you continue with your present set up more “special case ” issues will rise in the future .

Viewing 2 reply threads