Re: Routing between subnets with a twist

From: Ryan <mindflux98@xxxxxxxxx>
Date: Tue, 27 May 2008 14:52:06 -0700 (PDT)

On May 27, 4:28 pm, Joe <j...@xxxxxxxxxxxxxx> wrote:

It's not clear how you're connecting these subnets, where the Internet
router is, and whether you're using the conventional SBS-as-firewall
two-NIC configuration. The traditional way would be to have the
Internet-using machines on the SBS 'LAN' NIC with the other NIC on a
different network shared only with the router, then the isolated network
connected to the LAN network via a separate router.

What I suspect you're hoping for is to use the SBS single-NIC, with LAN
machines and router all on the same network, and to use the second SBS
NIC as the gateway to the isolated network. I have a feeling that would
work on Server 2003 but not on SBS, as placing the Internet gateway on
the LAN network implies single-NIC, and the wizards are unlikely to
cooperate in the use of a second one. I could be wrong there.

However you end up arranging the topology, the answer is to set static
routes on the isolated machines, telling them where to find the gateway
to the LAN, but not setting a default gateway for them. They won't know
that there's a way out to the Internet via their static route, only a
default gateway setting would tell them that. Also, unless you tell the
Internet router where to find the isolated network, no replies will get
back to it. Only the SBS LAN machines need to have routes configured to
that network, as you describe things.

I'd also make my usual suggestion of *not* subnetting the
10.0.0.0/255.0.0.0 network, especially if older network-aware software
is involved. There are many other private ranges to choose from.

I want to make an ascii diagram but I know that'll never come out
well.

Here's my current config, best I can give.

Internet-->Cisco ASA 5505 (10.0.0.1) -> Netgear Switch -> SBS 2003 no
ISA (10.0.0.5) -> DHCP -> Workstations

I want to add (172.0.0.0) as a separate subnet off the second nic of
the SBS server and have it route between them. But judging from other
responses this doesn't seem the ideal way to go. The problem is these
Agilent instruments come configured all hokey like they have 5
different teams working on them. Sometimes they come in as 10.10.10.0,
sometimes as 192.168.168.0.. sometimes something entirely different.

Since I'm tired of these hodgepodged machines on my network I want to
consolidate them to a range of addresses off my normal net. That way
I dont end up with address conflicts from bootp that these things run.
.

Follow-Ups:
- Re: Routing between subnets with a twist
  - From: Steve

References:
- Routing between subnets with a twist
  - From: Ryan
- Re: Routing between subnets with a twist
  - From: Joe

Prev by Date: Re: Shared fax server and a fax machine
Next by Date: Re: Install Silverlight?
Previous by thread: Re: Routing between subnets with a twist
Next by thread: Re: Routing between subnets with a twist
Index(es):
- Date
- Thread

Relevant Pages

Re: Home computer network problem
... I tried rerunning the network setup wizard but when I applied LAN setting it finished the wizard. ... Still if anyone feels they can offer more simple instructions to allow me to fix this & so share folders over my home network I would again be grateful for your help & will give it another try! ... I don't recommend either McAfee or Norton so don't have those programs running on any machines; therefore, I can't check the exact location of those configuration options for you. ...
(microsoft.public.windowsxp.network_web)
Re: Switching IP address ranges
... ISA Firewall Fairy Tales - What Hardware Firewall Vendors Don't Want You to ... - The sonicwall is within my main network because it provides managed ... I have changed LAN IP subnets more than once on some relatively small SBS ...
(microsoft.public.windows.server.sbs)
Re: Is there a need for this?
... for a 5 machine network, the machines are underpowered and cluttered, ... is a mess doesn't mean you don't need SBS/AD and doesn't mean that SBS ... "The machines are underpowered" has nothing to do with SBS/AD. ... Do a backup and then update the server, ...
(microsoft.public.windows.server.general)
Re: Exchange Server 6.5 pop relay
... I knew the problem I was solving was on the server as I had turned all other ... All my machines have Avast! ... anti virus sbs suite, plus Spybot, and Microsoft ... With the system having all the machines on the network I have been free from ...
(microsoft.public.windows.server.sbs)
Re: VDQ : machine names??
... One other way that I've tried is to use system-config-network, and edit the configuration of eth0; but that seems to be little more than a pacifier. ... I want something that shows up in the prompts, and that I can use in ssh and scp, without having to look up IP numbers on the router all the time -- especially since not all LAN machines are on one floor. ... When your system connects to the network, it can tell the network which name it wants to be known as. ...
(Fedora)