Difficult network configuration question on WinXP for you experts - Windows NT

This is a discussion on Difficult network configuration question on WinXP for you experts - Windows NT ; Hello All, I've hit a network configuration problem that I can't quite figure out in Windows XP. I have two machines and two static IP addresses from my ISP. One machine acts like a server/firewall for the other, so the ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Difficult network configuration question on WinXP for you experts

  1. Difficult network configuration question on WinXP for you experts

    Hello All,

    I've hit a network configuration problem that I can't quite figure out
    in Windows XP.

    I have two machines and two static IP addresses from my ISP. One machine
    acts like a server/firewall for the other, so the network topology is as
    such.

    |Windows Machine|--->|Firewall Machine|--->Internet

    I have two static IP addresses from my ISP. I have assigned one IP
    address to the windows machine and the second the firewall machine.

    In this configuration, SMB (File Sharing) does not work since the
    firewall machine does not act like a bridge for security reasons and so
    the broadcast adderess does not work. So, I've added secondary, private
    IP addresses to both machines on a common subnet so that file sharing
    works.

    |Windows Machine|--->|Firewall Machine|--->Internet
    64.81.246.210 64.81.246.219
    192.168.1.2 192.168.1.1

    The firewall machine is running an SMB server on its internal interface.

    So now, here is the crux of my problem:
    How do I configure the windows XP box for the following behavior,
    1) For all file sharing SMB traffic, use the 192.168.1.2 address
    2) For all other traffic, use 64.81.246.210

    These two IP addresses cause problems depending on the order that they
    are specified.

    If I put the private adderess first, SMB works fine and people can
    connect to my machine via the public address. The problem is that some
    programs (eg, BitTorrent) break, since they get the local IP address and
    report it to some server, which in this case is the private one and
    invalid on the net.

    If I put the routable address first, all this software works fine, but
    SMB breaks since it now does a NetBios lookup over a broadcast address
    which is not bridged, so it gets no answer!

    The "route" command line tool seems to have the options that I want, but
    I can;t make the settings persist across a reboot. Is there some gui
    wrapper for this? I can't find one.



  2. Re: Difficult network configuration question on WinXP for you experts

    Hi,

    > I have two machines and two static IP addresses from my ISP. One machine
    > acts like a server/firewall for the other, so the network topology is as
    > such.
    >
    > |Windows Machine|--->|Firewall Machine|--->Internet
    >
    > I have two static IP addresses from my ISP. I have assigned one IP
    > address to the windows machine and the second the firewall machine.
    >
    > In this configuration, SMB (File Sharing) does not work since the
    > firewall machine does not act like a bridge for security reasons and so
    > the broadcast adderess does not work. So, I've added secondary, private
    > IP addresses to both machines on a common subnet so that file sharing
    > works.
    >
    > |Windows Machine|--->|Firewall Machine|--->Internet
    > 64.81.246.210 64.81.246.219
    > 192.168.1.2 192.168.1.1
    >
    > The firewall machine is running an SMB server on its internal interface.
    >
    > So now, here is the crux of my problem:
    > How do I configure the windows XP box for the following behavior,
    > 1) For all file sharing SMB traffic, use the 192.168.1.2 address
    > 2) For all other traffic, use 64.81.246.210


    Your setup looks a bit weird to me, for the following reasons:

    You have 2 static IPs, but only one machine is connected direktly to the
    internet. As long as your Firewall server does not act as a bridge for the IP
    of your windows box, there seems to be no use in giving the XP box a public IP
    at all.

    Besides this and indiependend from wheter the machines are online or
    not, i think if both boxes are in the same subnet, bcast should work at least
    between both boxes so the XP biox should see the smb shares on the server box.
    But i never had to deal with such a situation, so i may be wrong at this point.

    Ok, unless you consider getting the XP box directly into the internet (which
    should solve all problems, since the static fully IPs apply, but which will
    expose the XP box to th eworld, too) i would advice you to switch to the defualt
    scenario of a LAN:

    The server box has 2 interfaces, one on the internet side and this one
    has a static IP. The other interface is a private one, only.
    With an IP like 192.168.1.1/24.

    The XP box only has 1 interface, it has only a private IP on the same subnet,
    e.g. 192.168.1.2/24.

    You can use masquerading on the server box, so it can act as a default
    gateway for your XP box (providing internet access).
    Your server box may provide other services, too.

    Samba(smb) should work fine, since broadcast at the private side
    is no problem. Just make sure, your smb server daemon does not
    listen at the public interface with it's static IP (to keep
    the samba service private). Or you might use your firewall to block
    samba ports for the world interface.....

    Ok, now the 2nd static IP seems without any use, but unless you get a 2nd
    machine (or NIC on the same machine) directly to the internet, i think
    there is no real need.

    HTH

    Ralf

  3. Re: Difficult network configuration question on WinXP for you experts

    Unless you have some specific need for 2 IP's, why not just use a router and
    connect both machines to the router. Or you could even use a simple hub and
    connect each machine directly to the ISP, each with its own IP address. But
    the router is better - built in firewall etc.


    "Ralf Herrmann" wrote in message
    news:c8i2oe$59n$05$1@news.t-online.com...
    > Hi,
    >
    > > I have two machines and two static IP addresses from my ISP. One machine
    > > acts like a server/firewall for the other, so the network topology is as
    > > such.
    > >
    > > |Windows Machine|--->|Firewall Machine|--->Internet
    > >
    > > I have two static IP addresses from my ISP. I have assigned one IP
    > > address to the windows machine and the second the firewall machine.
    > >
    > > In this configuration, SMB (File Sharing) does not work since the
    > > firewall machine does not act like a bridge for security reasons and so
    > > the broadcast adderess does not work. So, I've added secondary, private
    > > IP addresses to both machines on a common subnet so that file sharing
    > > works.
    > >
    > > |Windows Machine|--->|Firewall Machine|--->Internet
    > > 64.81.246.210 64.81.246.219
    > > 192.168.1.2 192.168.1.1
    > >
    > > The firewall machine is running an SMB server on its internal interface.
    > >
    > > So now, here is the crux of my problem:
    > > How do I configure the windows XP box for the following behavior,
    > > 1) For all file sharing SMB traffic, use the 192.168.1.2 address
    > > 2) For all other traffic, use 64.81.246.210

    >
    > Your setup looks a bit weird to me, for the following reasons:
    >
    > You have 2 static IPs, but only one machine is connected direktly to the
    > internet. As long as your Firewall server does not act as a bridge for the

    IP
    > of your windows box, there seems to be no use in giving the XP box a

    public IP
    > at all.
    >
    > Besides this and indiependend from wheter the machines are online or
    > not, i think if both boxes are in the same subnet, bcast should work at

    least
    > between both boxes so the XP biox should see the smb shares on the server

    box.
    > But i never had to deal with such a situation, so i may be wrong at this

    point.
    >
    > Ok, unless you consider getting the XP box directly into the internet

    (which
    > should solve all problems, since the static fully IPs apply, but which

    will
    > expose the XP box to th eworld, too) i would advice you to switch to the

    defualt
    > scenario of a LAN:
    >
    > The server box has 2 interfaces, one on the internet side and this one
    > has a static IP. The other interface is a private one, only.
    > With an IP like 192.168.1.1/24.
    >
    > The XP box only has 1 interface, it has only a private IP on the same

    subnet,
    > e.g. 192.168.1.2/24.
    >
    > You can use masquerading on the server box, so it can act as a default
    > gateway for your XP box (providing internet access).
    > Your server box may provide other services, too.
    >
    > Samba(smb) should work fine, since broadcast at the private side
    > is no problem. Just make sure, your smb server daemon does not
    > listen at the public interface with it's static IP (to keep
    > the samba service private). Or you might use your firewall to block
    > samba ports for the world interface.....
    >
    > Ok, now the 2nd static IP seems without any use, but unless you get a 2nd
    > machine (or NIC on the same machine) directly to the internet, i think
    > there is no real need.
    >
    > HTH
    >
    > Ralf




+ Reply to Thread