Skip to main content

pc technician who's boss won't explain things to him ..

More
21 years 1 month ago #1290 by Raggedy_Hobo
"Why do you need to subnet? If you have only 10 - 50 workstations, you probably don't, unless you are going to have a lot of traffic." ---- At the moment no, we do not have alot of traffic. Within 3 months, we'll have over 200 computers connected to this one drop. Within 6 months we'll have approximately 500 in use.

Does everyone need to access the same resources? ---- Just the web/mail servers (NS1 and NS2 respectively)

What type of clients are you talking about that are coming over the AP (Access Point)? Are they individuals or separate companies that access your system. ---- Our system is operating as an ISP. So both companies and individuals will connect to our network.

You need to get a handle on NAT, before you start trying to deal with DHCP, DNS and WINS. Those are whole subjects in themselves. ---- NAT overload is the ability of a router/PC to change certain characteristics (namely, source/destination ports) of a protocol packet so that the router/PC can use ports to "control/direct" the incoming/outgoing traffic.

Let's start with your network to the outside. You apparently have 14 outside address (even though they are private to your ISP). You really only need 1. You should only need to use NAT Overload. ---- Correct

What you have (now that you understand NAT fully), is 2 sides of router (or server acting as a router). I am going to assume the NAT is going to access the internet on one side (you can have NAT inside your local network and never going to the internet, if you want to - that is what "private interface connected to private network" is for). ---- NIC 1 which is connected to the internet side of my server is the one that is running NAT .. If i set NIC 2 to "Public interface connected to the internet" and enable "Translate TCP/UDP headers" .. NIC 1 "maps" itself to the IP address of NIC 1

If you put a router right after the ISPs router, the interface (NIC) that is connected directly that router (the ISPs) will be your connection to the Internet. That address would be one of the 14 addresses (and the only one you will use). ---- Aye, I have it cabled currently like this .. ISP's router - switch - NIC 1 and connect to the internet just fine

Now I assume from your diagram, the address of the ISPs router is 10.168.161.113. ---- Correct

Normally, at least this is what I have seen, the first router will be 1, the 2nd (perhaps a firewall will be 2 etc). Therefore, we will use 2 for the 2nd router (your router) and that will be 114 (or 10.168.161.114 - where 114 is 1110 0010). ---- I am using NS1 (NIC 1) as the 2nd router .. it is using the IP of 114 (I could have sworn I read somewhere that I could do this .. ??)

Now you are connect to the internet by your router. Now you need to connect your private network. I noticed a couple of addresses you were using 10.x.x.x and 20.x.x.x. Not sure what the 20.x.x.x is, but this is a Public address. The private address you are allowed are as follows:

10.0.0.0/8 which is the subnet mask 255.0.0.0
172.16.0.0/12 which is the subnet mask 255.240.0.0
192.168.0.0/16 which is the subnet mask 255.255.0.0 ---- I'll switch to this now .. In my haste, I forgot the golden rule .. shame on me

Let's use the first one (192.168.100.0/24) and set the other side of our router to 192.168.100.1. ---- I'm using a 2nd NIC to act as the other side of the router .. ?? that is not possible?? The test computer I have setup can ping the NIC 2 IP address (test computer = PC - wireless ethernet bridge - Access Point - NIC 2 .. same setup as all client PCs/networks that will connect to us)

Now I don't know what you are using for a router, but you could spend less than a $100 and get a router from your neighborhood Computer store (Linksys, Dlink,Soho etc) and solve your problem in minutes. If you need to set up multiple subnets, it will be a little more difficult. ---- I currently only have 1 router, the one provided and maintained by our ISP ..

But you need to figure out what you need, network wise, before you get into how to how to assign address. In your case, since you have so little experience, you should probably start out assigning them (or some of them) statically just to make sure you have everying set up correctly. ---- What I need network wise is .. for it to be up and running .. LOL :D To be honest, I'm not for sure what I need, network wise. That's the problem. Currently, I need to be able to support over 65 PC's. None need to share any resources except being able to connect to the internet and to the mail server

I would set up the routers first and one workstation with address 192.168.100.5 and see if you can ping 192.168.100.1. ---- I kinda have that now .. except i'm not using a 2nd router, just the NS1 server's 2 NIC's ..

currently, the physical layout goes like this:

ISP - router - 5 port switch (NS1 and NS2 are connected to switch) - NS1 NIC 1 - internal routing (NAT) - NIC 2 - 5 port switch - Access Point - client PC's/routers

In the beginning ...

I wonder, where will this road lead me

I configured and got running my first "real" network ever on October 22, 2003 at 5am THANKS to the wonderful people of www.firewall.cx/index.php
More
21 years 1 month ago #1292 by tfs
Sounds like you are going to increase your access fairly soon.

Based on this, it seems a little much to expect your W2K to handle routing, NAT and work as your Web Server. With the amount of traffic you are talking about, especially if you are going to act as an ISP, you may be overwhelming the server. I personnally would be looking at a router, even a commodity one (less than $100) that is dedicated to your routing.

But that is another issue.

Are your customers coming to you from both directions from the provider and from the AP? This would determine how you handle your public servers (Web Server and Mail Server). If your clients are access the public servers from the Provider side, I am at a loss as to how they are getting to them. You have private address here (10.x.x.x), which are not routed across the internet. If I am not mistaken, they are dropped by most routers.

Your definition of NAT is partially correct. You are actually using MAC address and the port to route the address.

If you are going to use NS1 as your router, you need to use the address of the NIC 2 as your Gateway or they won't get routed. What is the address of the 2nd NIC (the 1st is 10.168.161.114, if I read your post correctly). However, in your diagram you have your wireless bridge also set to 10.168.161.114 (sub network 1). This will cause you a problem.

Based on what we have set up you will have only 1 network, not 3. The question is, who is setting up the addresses for your clients that are coming in over the AP?

Also, are you using ICS to do your NAT for you?

What are the new network addresses ( the private ones)?

Thanks,

Tom
More
21 years 1 month ago #1300 by tfs
I am not sure of your network addresses at this point, but to really test the network and make sure that you are connected correctly, you need to test from a workstation on each side of the NS1 router.

For example, if you have the following setup:

[code:1]
IP Address: 10.168.161.114 1st NIC -> internet
Subnet: 255.255.255.240
IP Address: 192.168.50.1 2nd NIC -> private network
Subnet: 255.255.255.0
Gateway: 10.168.161.113 The ISP router.
[/code:1]

I would temporarily set up a workstation "A" to something like:

IP Address: 192.168.50.5
Subnet: 255.255.255.0
Gateway: 192.168.50.1

and another workstation "B" to:

IP Address: 10.168.161.115
Subnet: 255.255.255.240
Gateway: 10.168.161.114

You also need to make sure that the following registry entry is set:

HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Services\Tcpip \Parameters

Set the "IPEnableRouter" entry (by defining as value : 1 )

Try to ping workstation "A" from workstation "B" and vice versa.

Then try to ping 10.168.161.113 from both workstations.

Last try to ping www.yahoo.com (66.218.71.84) with both the name and address. If you can, you can see the internet from both sides of the router.

Thanks,

Tom
More
21 years 1 month ago #1314 by Raggedy_Hobo
Are your customers coming to you from both directions from the provider and from the AP?
No, our customers come strictly through the AP .. we have no customers coming in on our provider's side .. as for the web server/mail server .. both are accessible by everyone in that NS1 and NS2 both have registered domains on the internet .. you can visit both by going to www.itcomm.net

Your definition of NAT is partially correct. You are actually using MAC address and the port to route the address.
Stored to memory :D

If you are going to use NS1 as your router, you need to use the address of the NIC 2 as your Gateway or they won't get routed. ---- I don't understand this one??? NIC1 connects to the WAN with a setup of:
NIC1 (connects to WAN, provider's router)
IP address: 10.168.161.114
sub mask : 255.255.255.240
gateway: 10.168.161.113
NIC2 (connects to our LAN and AP)
IP address: 192.168.0.1
sub mask : 255.255.255.0
gateway: 10.168.161.114

What is the address of the 2nd NIC (the 1st is 10.168.161.114, if I read your post correctly). However, in your diagram you have your wireless bridge also set to 10.168.161.114 (sub network 1). This will cause you a problem.
That is probably a typo .. I will double check in a minute .. nothing in our sub network is using the public IP's

Based on what we have set up you will have only 1 network, not 3. The question is, who is setting up the addresses for your clients that are coming in over the AP?
My assumption is our server. I'm assuming I can setup the server to handle routing issues via DHCP and the Routing and Remote Access application that comes with W2k .. Currently, NIC2 is running DHCP to our clients. Our clients (currently a few machines) are receiving the IP addresses correctly. I am able to ping from the client through the hops to NIC2 .. I am unable to get from NIC2 to NIC1 .. if i could get that figured out, then what i have setup would work until we can purchase a router ..

Also, are you using ICS to do your NAT for you? ---- I used a wizard to create the Routing and Remote Access table. The wizard options I choose go like this:

1. Internet Connection Server (Enable all the computers of this network to connect to the Internet)

2. Set up a router with the NAT protocol (I could choose Internet Connection Sharing here, but, that's only to connect a single network to the internet .. I understand that from us to our clients is a single network, but, don't I need to use NAT to get the private IPs?)

3. Use the selected internet connectin (I select NIC1 with an IP of 10.168.161.114)

4. Click finish on the wizard ..

I check routing interfaces:
NIC1 enabled
NIC2 enabled
Loopback enabled
Internal enabled

I go to IP Routing, click NAT, right click NIC1 and select properties and verify that its setup to be "Public interface connected to the internet" and that it's setup to Translate TCP/UDP headers .. I check NIC2 to make sure it's setup the same way.


What are the new network addresses ( the private ones)? --- 192.168.0.1 to 192.168.0.254


I'm missing a configuration or have it setup incorrectly, to route between the 2 NIC cards .. I am able to go from the server to the internet on NIC1 .. I am able to ping clients from NIC2 .. I'm able to ping NIC2 from clients .. I just can't get the client's to ping the internet .. i'm missing something in my routing/remote access setup .. i just know i am .. :(

In the beginning ...

I wonder, where will this road lead me

I configured and got running my first "real" network ever on October 22, 2003 at 5am THANKS to the wonderful people of www.firewall.cx/index.php
More
21 years 1 month ago #1319 by Raggedy_Hobo
C:\>ipconfig/all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : NS1
Primary DNS Suffix . . . . . . . : itcomm.net
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : itcomm.net

Ethernet adapter AT&T Internet Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : ATI AT-2500TX PCI Fast Ethernet Adap
ter
Physical Address. . . . . . . . . : 00-A0-D2-A4-03-A4
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.168.161.114
Subnet Mask . . . . . . . . . . . : 255.255.255.240
Default Gateway . . . . . . . . . : 10.168.161.113
DNS Servers . . . . . . . . . . . : 10.127.17.71
10.127.16.68

Ethernet adapter ITCOMM Customer Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139(A) PCI Fast Ethernet
Adapter
Physical Address. . . . . . . . . : 00-30-BD-05-8A-6F
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.50.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.168.161.113
DNS Servers . . . . . . . . . . . : 10.127.17.71
10.127.16.68

C:\>

Verification of NIC cards and there settings ..


I don't have an extra computer to stick on the WAN side of my server .. I do have a computer setup on the LAN side however ..

ooooooooooohhhhhhhh.. omg .. test comp, LAN side is pinging, sec, i brb ..

In the beginning ...

I wonder, where will this road lead me

I configured and got running my first "real" network ever on October 22, 2003 at 5am THANKS to the wonderful people of www.firewall.cx/index.php
More
21 years 1 month ago #1320 by Raggedy_Hobo
OK, great news!!! farthest i've been able to ping so far!!!

Workstation A (192.168.50.8, 255.255.255.0, GW10.168.161.113) is able to ping to the NIC1 IP address of 10.168.161.114! .. but, I still can't ping the router's address of 10.168.161.113 ..

gonna double check my routing table .. SO SO CLOSE!!!

In the beginning ...

I wonder, where will this road lead me

I configured and got running my first "real" network ever on October 22, 2003 at 5am THANKS to the wonderful people of www.firewall.cx/index.php
Time to create page: 0.158 seconds