routing on Windows 2003 Standard

[Miha]

Hi

Is it possible to configure routing on 3 network cards, like 1 in 'private
network' and 2 are in 'public network'
The situation is like: LAN - 'gateway server' - ClusterFirewall.(2 nodes)
I want to do routing from LAN through first NIC on this 'gateway server' on
IP adress 10.10.10.1 through 2,3 NIC on the same gateway server on IP adress
10.10.10.2 and 10.10.10.3 (these two NIC are connected to ClusterFirewall,
which is connected to internet).
On 'gateway server' I need two card, becasue in case of working 'Firewall 1'
all traffic from lan and back will go through NIC 1 and 2 on 'gateway
server', but in case of working 'Firewall 2' traffic will go from lan and
back through NIC 1 and NIC3.
Is this possible?
Regards
Miha

 

[Bill Grant]

No, W2k/W2k3 RRAS cannot cope with that. It will send all traffic to the
default gateway. If you configure two default gateways, it will select one
and use that. It will only use the second gateway if the first fails.

Surely this should be handled by the cluster firewall. A cluster is
usually accessed by a single "cluster" address, and the clustering software
looks after the load balancing.

 

[Jeff Cochran]

Is it possible to configure routing on 3 network cards, like 1 in 'private
network' and 2 are in 'public network'
Sure.

The situation is like: LAN - 'gateway server' - ClusterFirewall.(2 nodes)
I want to do routing from LAN through first NIC on this 'gateway server' on
IP adress 10.10.10.1 through 2,3 NIC on the same gateway server on IP adress
10.10.10.2 and 10.10.10.3 (these two NIC are connected to ClusterFirewall,
which is connected to internet).
On 'gateway server' I need two card, becasue in case of working 'Firewall 1'
all traffic from lan and back will go through NIC 1 and 2 on 'gateway
server', but in case of working 'Firewall 2' traffic will go from lan and
back through NIC 1 and NIC3.
Is this possible?

It's confusing, but if I read this right you can do it. Though you
really don't need three NIC's, just the right IP addressing and some
routing.

Jeff

 

[Phillip Windell]

Alright...Bill and Jeff are saying opposite things <spank spank> let's get
it together,..what'll it be guys ;-)

Actually for me, the description was written too confusing, so I decided to
just "lurk" and see what happened.

 

[Miha]

Thank you all for help. So if I'm getting this right, I need to configure
routing (RIP) from 'private' through 'public' card, and this can be done
with RRAS. Any help how to achieve this?

Regards
Miha

Alright...Bill and Jeff are saying opposite things <spank spank> let's get
it together,..what'll it be guys ;-)

Actually for me, the description was written too confusing, so I decided
to
just "lurk" and see what happened.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Hi

Is it possible to configure routing on 3 network cards, like 1 in
'private
network' and 2 are in 'public network'
The situation is like: LAN - 'gateway server' - ClusterFirewall.(2 nodes)
I want to do routing from LAN through first NIC on this 'gateway server' on
IP adress 10.10.10.1 through 2,3 NIC on the same gateway server on IP adress
10.10.10.2 and 10.10.10.3 (these two NIC are connected to
ClusterFirewall,
which is connected to internet).
On 'gateway server' I need two card, becasue in case of working 'Firewall 1'
all traffic from lan and back will go through NIC 1 and 2 on 'gateway
server', but in case of working 'Firewall 2' traffic will go from lan and
back through NIC 1 and NIC3.
Is this possible?
Regards
Miha

 

[Phillip Windell]

If you are doing just "routing" there is no such thing as a private and
public card,..those concepts are strictly a NAT thing. You need to clarify
if you are wanting to NAT between a trusted and untrusted network or are you
simply wanting to route between two normal subnets, that is two entirely
different concepts. RRAS can do either one, but they are not the same thing
at all.


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Thank you all for help. So if I'm getting this right, I need to configure
routing (RIP) from 'private' through 'public' card, and this can be done
with RRAS. Any help how to achieve this?

Regards
Miha

Alright...Bill and Jeff are saying opposite things <spank spank> let's get
it together,..what'll it be guys ;-)

Actually for me, the description was written too confusing, so I decided
to
just "lurk" and see what happened.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Hi

Is it possible to configure routing on 3 network cards, like 1 in
'private
network' and 2 are in 'public network'
The situation is like: LAN - 'gateway server' - ClusterFirewall.(2 nodes)
I want to do routing from LAN through first NIC on this 'gateway

server'
on

IP adress 10.10.10.1 through 2,3 NIC on the same gateway server on IP adress
10.10.10.2 and 10.10.10.3 (these two NIC are connected to
ClusterFirewall,
which is connected to internet).
On 'gateway server' I need two card, becasue in case of working

'Firewall
1'

all traffic from lan and back will go through NIC 1 and 2 on 'gateway
server', but in case of working 'Firewall 2' traffic will go from lan and
back through NIC 1 and NIC3.
Is this possible?
Regards
Miha

 

[Jeff Cochran]

Alright...Bill and Jeff are saying opposite things <spank spank> let's get
it together,..what'll it be guys ;-)

We're not really, but I didn't put in much detail.

Actually for me, the description was written too confusing, so I decided to
just "lurk" and see what happened.

It is confusing. As I read it, the OP had two firewalls in a cluster
and wanted some traffic to go to one firewall, and other traffic to go
to the other, using the system described as a gateway. He had three
IP addresses on three NICs, all in the same logical network, which
wouldn't ever route anyway.

My response was that he should be able to do this, but he's going to
need to change IP's, use proper routes, and likely configure his
clustered firewall. As he described it he cannot do it, for the
reasons Bill suggests as well as the fact that three NICs that are all
in the same logical network will never send anything out another NIC.

My suggestion is three logical networks, one for the LAN side and one
for each firewall. He can use routes to direct what traffic he wants
to go through which firewall, but the routes aren't going to be easy
and depend on what he's wishing for the client side.

It's still a pretty convoluted setup. Perhaps is the OP told us what
they wanted to accomplish and didn't post any IP or routing info.

Jeff

 

[Bill Grant]

And the reply from Miha himself certainly didn't throw any light on the
situation!

 

[Phillip Windell]

It is confusing. As I read it, the OP had two firewalls in a cluster
and wanted some traffic to go to one firewall, and other traffic to go
to the other, using the system described as a gateway. He had three
IP addresses on three NICs, all in the same logical network, which
wouldn't ever route anyway.

My suggestion is three logical networks, one for the LAN side and one

<snip>

Yea, that sounds like the way to go to me.

It's still a pretty convoluted setup. Perhaps is the OP told us what
they wanted to accomplish and didn't post any IP or routing info.

Yea, it usually better if they just give the "goal" and lets us come up with
a good method, rather than try to explain some strange method and then have
us try to come up with some strange off-the-wall way to get it to somehow
"kinda-sorta" function.

 

[Miha]

H

Sorry to bother you, but finally we decided what to do.Only two network
cards, and just route between them (like Philip said route between two
normal subnets.)
First one will be connected to our LAN switch (IP of first NIC:
10.10.10.10/16) which will route through the second one that is connected to
firewall (IP of second NIC: 10.10.10.11/16; gateway 10.10.10.1 - IP of NIC
in firewall).
How do I need to configure RRAS to work with that?
Thank you again for all help
Regards
Miha

If you are doing just "routing" there is no such thing as a private and
public card,..those concepts are strictly a NAT thing. You need to
clarify
if you are wanting to NAT between a trusted and untrusted network or are
you
simply wanting to route between two normal subnets, that is two entirely
different concepts. RRAS can do either one, but they are not the same
thing
at all.


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Thank you all for help. So if I'm getting this right, I need to configure
routing (RIP) from 'private' through 'public' card, and this can be done
with RRAS. Any help how to achieve this?

Regards
Miha

Alright...Bill and Jeff are saying opposite things <spank spank> let's get
it together,..what'll it be guys ;-)

Actually for me, the description was written too confusing, so I
decided
to
just "lurk" and see what happened.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


Hi

Is it possible to configure routing on 3 network cards, like 1 in
'private
network' and 2 are in 'public network'
The situation is like: LAN - 'gateway server' - ClusterFirewall.(2 nodes)
I want to do routing from LAN through first NIC on this 'gateway server'
on
IP adress 10.10.10.1 through 2,3 NIC on the same gateway server on IP
adress
10.10.10.2 and 10.10.10.3 (these two NIC are connected to
ClusterFirewall,
which is connected to internet).
On 'gateway server' I need two card, becasue in case of working 'Firewall
1'
all traffic from lan and back will go through NIC 1 and 2 on 'gateway
server', but in case of working 'Firewall 2' traffic will go from lan and
back through NIC 1 and NIC3.
Is this possible?
Regards
Miha

 

[Phillip Windell]

Sorry to bother you, but finally we decided what to do.Only two network
cards, and just route between them (like Philip said route between two
normal subnets.)

That's me

First one will be connected to our LAN switch (IP of first NIC:
10.10.10.10/16) which will route through the second one that is connected to
firewall (IP of second NIC: 10.10.10.11/16; gateway 10.10.10.1 - IP of NIC
in firewall).
How do I need to configure RRAS to work with that?

Here are instructions for doing normal routing with RRAS on Server2000. It
should be the same with Server2003. If it is NT40 you can do it easily with
a "naked" OS and don't need RRAS.

299810 - HOW TO: Configure Windows 2000 to Be a Router
http://support.microsoft.com/default.aspx?scid=kb;en-us;299810

 

[Bill Grant]

But it all seems pretty pointless. You cannot route between things which
are in the same IP subnet. You would need to change your IP scheme. Why not
just make the firewall the default gateway for the LAN? The"router" would
not really be doing anything, even if you can get it to work.

 

[Steve Ireland]

<snip>
I think you can route through same subnet. Just why would you want to. Maybe
if you want to tax your network cards and warm up your processors for some
cheap heating.

Best bet is to tell him what he wants.
Enabe routing on the gateway.
All LAN traffic will only exit here if it is destined for anywhere other
than the LAN.
Use 10.10..10.10/16 for you LANADAPTER and 10.11.10.10/16 for your
WANADAPTER. Actually, the WANADAPTER will have to be configured with the
actual address range of the network to which it is connecting unless it is
NAT'd.
Bugger I shouldn't have started typing this...
<snip><snip>


<snip>...