Windows Domain routing question - dual-nic
-
Okay so RRAS is installed, but I can't figure out what this route would look like.
I'm guessing (incorrectly) that it would be 10.200.1.0, mask 255.255.255.0 GW 192.168.1.9
This isn't working though, any additional pointers (and explanation)?
-
what are you handing out as the gateway in DHCP?
-
@Dashrender the LAN host , 10.200.1.9
-
@DustinB3403 said in Windows Domain routing question - dual-nic:
GW 192.168.1.9
what is this? If this is the IP of the LAN side of the server, that would be wrong. It should be the internet gateway IP.
Also, assuming there is a firewall at the internet gateway, you'll need a route on that device as well pointing the 10.x network to the LAN side IP of the server.
Providing a picture of the network layout could be helpful.
-
@Dashrender that is the LAN side yeah. The wan side would be a 192 sub.
Even though it's all technically on my LAN
-
Whatever device does the local routing for you, it needs to be aware of the Eth 4 LAN and have
a static route pointing to it as @Dashrender already advised. ICMP needs to be allowed on Windows Firewall of the host to test this. You should only have a single default gateway per host. Create a persistent route in CMD on the host for your 10.200.1.0 network traffic to exit out of its own interface or next-hop address instead. -
So is your set up like this?
192.x.y.z WAN --- SERVER2019 --- 10.x.y.z LAN ?
Edit:
You have to set up SERVER2019 to Route for you RRAS is the right way to go for that....You also need to set up your WAN Router to point at SERVER2019's 192.x.y.z address for the 10.x.y.z network.
Make sense?
-
@dafyre said in Windows Domain routing question - dual-nic:
So is your set up like this?
192.x.y.z WAN --- SERVER2019 --- 10.x.y.z LAN ?
Yeah
-
Having the server do the routing seems weird in this case, maybe your firewall/router can do this without the need of the server. Otherwise maybe a layer 3 switch.
-
@dbeato said in Windows Domain routing question - dual-nic:
Having the server do the routing seems weird in this case, maybe your firewall/router can do this without the need of the server. Otherwise maybe a layer 3 switch.
or an ER-L, just something to act as a router.
-
The issue is this is a segmented network, I only want routing to exist in this workspace so I can test and toy around with things.
Normally I would agree, but I need to have these segmented as any overlap would cause network issues.
The thing I'm playing with and have setup is a DC on the separated network segment, but wanted to route internet through the second nic on this VM so I could pull updates etc on my client machine. .
-
@Dashrender said in Windows Domain routing question - dual-nic:
@dbeato said in Windows Domain routing question - dual-nic:
Having the server do the routing seems weird in this case, maybe your firewall/router can do this without the need of the server. Otherwise maybe a layer 3 switch.
or an ER-L, just something to act as a router.
No, the way this is setup is that I have my true LAN, and then I have an internal to my VM LAN. These are separated networks and I'm not going to buy a router for my VM's.
-
@DustinB3403 said in Windows Domain routing question - dual-nic:
@Dashrender said in Windows Domain routing question - dual-nic:
@dbeato said in Windows Domain routing question - dual-nic:
Having the server do the routing seems weird in this case, maybe your firewall/router can do this without the need of the server. Otherwise maybe a layer 3 switch.
or an ER-L, just something to act as a router.
No, the way this is setup is that I have my true LAN, and then I have an internal to my VM LAN. These are separated networks and I'm not going to buy a router for my VM's.
oh - then this is even easier - setup a PFSense VM and have it do your routing.
-
@Dashrender said in Windows Domain routing question - dual-nic:
@DustinB3403 said in Windows Domain routing question - dual-nic:
@Dashrender said in Windows Domain routing question - dual-nic:
@dbeato said in Windows Domain routing question - dual-nic:
Having the server do the routing seems weird in this case, maybe your firewall/router can do this without the need of the server. Otherwise maybe a layer 3 switch.
or an ER-L, just something to act as a router.
No, the way this is setup is that I have my true LAN, and then I have an internal to my VM LAN. These are separated networks and I'm not going to buy a router for my VM's.
oh - then this is even easier - setup a PFSense VM and have it do your routing.
VyOS
-
Though - if you have a second layer network like this, you'll need to inform your external router on the internal networks and how to route them.
-
@Dashrender said in Windows Domain routing question - dual-nic:
Though - if you have a second layer network like this, you'll need to inform your external router on the internal networks and how to route them.
Routing to the internet is mostly just a nice to have.