PDA

Click to See Complete Forum and Search --> : IP Routing Questions

Michael Whang
06-20-2000, 06:29 PM
I'm trying to install Firewall-1 on an NT machine for a small number of web
servers. I have two NICs on the firewall/gateway machine. All of the sytems, including the firewall/gateway machine are on the same subnet.

I've been having difficulties to get packets across my internal NIC to the external NIC to the internet on the firewall/gateway machine. I've enabled IP forwarding and from my failures to access the internet from the internal network, I suspect there's more that I need to do.

Do I set the default gateway of the internal network to the internal IP address of the firewall/gateway machine?

If I set the default gateway for the firewall/gateway to the one the ISP gave me, how will the intenal NIC know to route to the external NIC?

Are there any other protocols or services that I need to install (RIP, RRAS)?

Any other steps or help to enable an internal network to reach the internet through an NT gateway will be appreciated.
Sharan
07-21-2000, 08:29 PM
May be this will help u..

I assume that one of the ethernet cards will have the external ip address & subnetmask ( from u r isp) and gateway for that IP (given by u r ISP) .

Pls leave the gateway address BLANK for other ethernet ( the one for u r intranet).

Since u have already enabled packet forwarding u need to add a route table entry as follows ( from ntfaq)


Assuming our two hosts are not on the same local network, host A will check its routing table for a router that connects to the local network of host B. If it does not find a match then the data packets will be send to the "default gateway". In most cases, there will not be one router that connects straight to the intended recipient, rather the router will know of another route to pass on your packet, which will then goto another router etc.

For example:

Host A - 200.200.200.5
Host B - 200.200.199.6
Subnet Mask - 255.255.255.0
Router - 200.200.200.2 and 200.200.199.2
Host A's routing table - Network 200.200.199.0 use router 200.200.200.2

In this example, Host A would deduce that Host B is on a separate network, as its Network ID is 200.200.199. Host A would then check its routing table and see that it knows for network 200.200.199 (the zero means all) it should send to 200.200.200.2. The router would receive the packets and then forward them to network 200.200.199.

What actually happens is each router will have its own routing table that will point to other routes.

To actually configure a route, you use the route command, for example to configure a root for network 200.200.199 to use router 200.200.200.2 you would type

route -p add 200.200.199.0 mask 255.255.255.0 200.200.200.2

The -p makes the addition permanent, otherwise it will be lost with a reboot.

To view your existing information type route print.



Hope this helps...

------------
Michael Whang at 6/20/00 1:29:05 PM

I'm trying to install Firewall-1 on an NT machine for a small number of web
servers. I have two NICs on the firewall/gateway machine. All of the sytems, including the firewall/gateway machine are on the same subnet.

I've been having difficulties to get packets across my internal NIC to the external NIC to the internet on the firewall/gateway machine. I've enabled IP forwarding and from my failures to access the internet from the internal network, I suspect there's more that I need to do.

Do I set the default gateway of the internal network to the internal IP address of the firewall/gateway machine?

If I set the default gateway for the firewall/gateway to the one the ISP gave me, how will the intenal NIC know to route to the external NIC?

Are there any other protocols or services that I need to install (RIP, RRAS)?

Any other steps or help to enable an internal network to reach the internet through an NT gateway will be appreciated.
David
01-22-2001, 03:56 AM
Are u using private IP address behide the firewall. Packets sent from those address will be dropped on the Internet. That's probably why packets cannot be sent back. By installing FW-1 and configure NAT, u shold be able to see both net.


------------
Sharan at 7/21/00 3:29:08 PM


May be this will help u..

I assume that one of the ethernet cards will have the external ip address & subnetmask ( from u r isp) and gateway for that IP (given by u r ISP) .

Pls leave the gateway address BLANK for other ethernet ( the one for u r intranet).

Since u have already enabled packet forwarding u need to add a route table entry as follows ( from ntfaq)


Assuming our two hosts are not on the same local network, host A will check its routing table for a router that connects to the local network of host B. If it does not find a match then the data packets will be send to the "default gateway". In most cases, there will not be one router that connects straight to the intended recipient, rather the router will know of another route to pass on your packet, which will then goto another router etc.

For example:

Host A - 200.200.200.5
Host B - 200.200.199.6
Subnet Mask - 255.255.255.0
Router - 200.200.200.2 and 200.200.199.2
Host A's routing table - Network 200.200.199.0 use router 200.200.200.2

In this example, Host A would deduce that Host B is on a separate network, as its Network ID is 200.200.199. Host A would then check its routing table and see that it knows for network 200.200.199 (the zero means all) it should send to 200.200.200.2. The router would receive the packets and then forward them to network 200.200.199.

What actually happens is each router will have its own routing table that will point to other routes.

To actually configure a route, you use the route command, for example to configure a root for network 200.200.199 to use router 200.200.200.2 you would type

route -p add 200.200.199.0 mask 255.255.255.0 200.200.200.2

The -p makes the addition permanent, otherwise it will be lost with a reboot.

To view your existing information type route print.



Hope this helps...

------------
Michael Whang at 6/20/00 1:29:05 PM

I'm trying to install Firewall-1 on an NT machine for a small number of web
servers. I have two NICs on the firewall/gateway machine. All of the sytems, including the firewall/gateway machine are on the same subnet.

I've been having difficulties to get packets across my internal NIC to the external NIC to the internet on the firewall/gateway machine. I've enabled IP forwarding and from my failures to access the internet from the internal network, I suspect there's more that I need to do.

Do I set the default gateway of the internal network to the internal IP address of the firewall/gateway machine?

If I set the default gateway for the firewall/gateway to the one the ISP gave me, how will the intenal NIC know to route to the external NIC?

Are there any other protocols or services that I need to install (RIP, RRAS)?

Any other steps or help to enable an internal network to reach the internet through an NT gateway will be appreciated.