lab stations on two networks

[demon42]

I manage a lab that has a handfull of computers, each on two networks: a local network AND a large network that I do not have admin access to.
We use the large network for most purposes including WAN access.
We use the local network for testing.
It's important to keep these networks isolated from each other (I dont want machines just on the local network to have internet access, for example).

The stations have two NICs, and they have no problem pinging both google and local IPs.

As part of what we do in the lab, we often use the config interfaces of some network switches. Using telnet to access the switches isn't a problem, and works great. The problem is that these stations cannot access the switch's WebUI. It appears that the stations attempt to find the destination IPs on the WAN instead of locally, and end up timing out.

What settings can I change on the stations such that when accessing a specific network (the local network) to first look on the second NIC?

If this is in any way unclear please ask!

Thanks in advance!

 

[demon42]

bump?

 

[ronzilla]

Do these boxes use a proxy server for http access? If so, and if it's on the WAN, that could be the source of your problem.

 

[piasabird]

It would seem odd to have 2 nics in each box if you want them separated. Seems like you could just bridge the 2 nic cards. I cant imagine each box having its own software fire wall or proxy server. It would make more sense if you used a small router or a managed switch using VLAN to separate to limit access from the small netwrok to the large network. You can limit access multiple ways. It could be by NIC Card, Computer name, User Name (network user name). By the attached server, by Netware or the server attached to or you have access to. DNS could route by the Protocol used or the subnet attached to. Different protocols are associated with Port numbers like 27 for Different functions like FTP, HTTP, Chat, etc.

You may have to sign on to two networks. Seems like you could just switch the plugs around on the computer and mess up which nic goes to which network.

 

[demon42]

I'm not sure I follow you, maybe I was unclear...
I THINK what I'm looking for is somewhere on my stations some setting that says something like "when attempting an address that starts with these three octets, look on this adapter first"
Already it seems to do this automatically without any problems EXCEPT when trying to access the WebUI of a switch via explorer.

(Possibly related: when browsing for shared folders on the small network, the FIRST time you try to access a specific machine it stalls/takes a really long time to connect to it. After either opening a new window or waiting it out, access to that machine is quick and easy.)

At least for now I'm not terribly worried about any security settings.

Does this change the question, or did I just misunderstand your answer?

 

[ronzilla]

If you are able to telnet to the switches, routing probably isn't your problem. The answer to your question about the route table: On windows (at command prompt) route print. On *ix, route -n. I really don't think that'll be the issue though.

Since it seems to work fine in all cases except when http'ing to the switch, I would check proxy configuration. If your computer is configured like this:

{LAN} <--> PC <--> {WAN} <--> {Internet}

and you use a proxy in {WAN} to get to {Internet}, when you try to http to an address in {LAN}, it will try to go through the proxy. But since proxy is in {WAN} and there is no way for a box in {WAN} to get to {LAN}, the http connection wouldn't work (even though telnet does).

If you aren't using a proxy, make sure you only set a gateway on the NIC that leads you to the internet. I've seen situations where multiple gateways can cause major headaches. So either leave one gateway blank, or set them both to be the same gateway.

 

[nweaver]

if you do have a proxy configured, add and exclusion for the entire network (lan) using * as wildcards.

 

[nweaver]

if you do have a proxy configured, add and exclusion for the entire network (lan) using * as wildcards.

 

[demon42]

Problem solved!
I remembered that there is a proxy server available on the WAN but we don't need to use it. After checking the settings, I saw that it was set to the default 'automatically detect' LAN settings.
After unchecking that and restarting the card, it works great!!!
Thanks for your help!