Problem with IP Masquerade + routed internal network (pretty newbie question)

From: Dragan (gekko_at_eunet.yu)
Date: 07/14/03 

Date: Mon, 14 Jul 2003 17:11:23 +0200

I have a class C internal network divided into 3 sections (one central
office and two branches) connected by 2 routers (DSL router). Routers are
communicating throuth RIP2 protocol. Machines are Win98 and WinXP, servers
are Linux servers (Samba and SQL used), Windows adresses are leased through
DHCP. The network looks like this:

192.168.1.0/24 network (around 10 computers) - 192.168.1.1 server,
192.168.2.1 router
        |
192.168.1.2
192.168.0.3
        |
192.168.0/24 network (50 computers) - 192.168.0.1 server, 192.168.0.3 and
192.168.0.2 routers
        |
192.168.0.2
192.168.2.1
        |
192.168.2.0/24 network (20 computers) 192.168.2.3 server, 192.168.2.1 router

It works fine, but now we want to connect central office (192.168.0.0/24) to
the internet. We have one public IP adress and we would like to use IP
Masquerade. I have set up a Red Hat 9 Linux as a NAT server with adress
192.168.0.10, IP Masquerade works fine, but now there is a problem with
internal routed network. I had to set up 192.168.0.10 server as a default
gateway but that breaks connection with other two subnetworks. If I define
static routes to two subnetworks on each of the Windows machines then it
works fine, but I can't set up static routed through DHCP, and I know of no
other way to define routes other than typing route add... in command prompt.
If static routes are not defined then everything that goes out of
192.168.0.0/24 nework goes to 192.168.0.10 NAT server, where it gets lost.
If it were only one internal network then it wouldn't be a problem but this
way I don't know how to solve the problem. Tnx in advance.

                        Dragan

Relevant Pages

  • Re: Groklaws "Bias" and the SCO DDoS Attack
    ... >routers, with port 80 redirected to a web server on the LAN side. ... I've also used Sonicwall DMZ ...
    (comp.unix.sco.misc)
  • Re: Cant browse across subnets
    ... The only change on the routers in the past 2 years was this past weekend on ... Windows firewall - on the SBS server? ... computers can see shares and printers at their location just fine - just not ... All workstations can resolve all computernames via nslookup. ...
    (microsoft.public.windows.server.sbs)
  • Re: Makes no sense to me?
    ... A NIC by itself cannot "join two routers". ... > What I think you want is to have two NICs in EACH server. ... > One NIC on each server connects to a corresponding router and nothing else. ... > shared switch defined on a third IP network ...
    (microsoft.public.win2000.networking)
  • Re: Groklaws "Bias" and the SCO DDoS Attack
    ... >on the same local LAN your office machines are you can congest that ... routers, with port 80 redirected to a web server on the LAN side. ... I've also used Sonicwall DMZ routers. ...
    (comp.unix.sco.misc)
  • Re: Suggestions for Firewall/Port selection hardware box
    ... Router/NAT sitting on the other - so the server is "isolated" from the rest ... >> have a DMZ port - but I do not think that this allows me to control the ... > forward host is still connected to your internal LAN, ... I'm not aware of any sub$300-$400 home routers that will ...
    (comp.security.firewalls)