NAT with 2 routers/firewalls

Toggle sidebar Toggle sidebar
L

Lux88

Junior Member
Nov 28, 2005
4
0
66
I'm trying to achieve a simple setup, where important external apps can access a LAN (server) through another router. The same LAN has 2 connections from the internet.

*) Router 1 - main router, DHCP server etc.
External IP A, internal IP 1.1, netmask 255.0
All computers and servers have this router configured as a gateway.

*) Router 2 - DHCP server disabled.
External IP B, internal static IP 1.149, netmask 255.0 (verified - can ping the server).
A NAT for external apps.

The problem: when I configure the external apps with IP B, the apps report "no connection".
But the logs on router 2 say that the traffic was allowed.

For example Remote Desktop Connection.
A NAT rule to the server is set up on both routers.
When connecting to address A, everything works.
When connecting to address B, RDP says "can't connect", although router 2 logs the connection as Allowed.


What am I missing?
Thanks in advance!
 
her209

her209

No Lifer
Oct 11, 2000
56,336
11
0
Sounds like a routing problem.

The internal server that is being accessed by the external app through External IP B has a default gateway of internal IP 1.1 (the DHCP server). So the connection comes in, but fails because the traffic is being sent to Router 1 instead of Router 2.
 
Last edited:
L

Lux88

Junior Member
Nov 28, 2005
4
0
66
Isn't the purpose of NAT to make an illusion that connections are initiated by 1.149 and thus all the responses are also sent to 1.149?

How are this kind of situations usually handled? Is having a server with 2 NIC-s the only option?

Thanks again!
 
her209

her209

No Lifer
Oct 11, 2000
56,336
11
0
Lux88 said:
Isn't the purpose of NAT to make an illusion that connections are initiated by 1.149 and thus all the responses are also sent to 1.149?

How are this kind of situations usually handled? Is having a server with 2 NIC-s the only option?

Thanks again!
Click to expand...
I'm assuming you have a static NAT on Router B that points to the Internal server. When a packet comes into router B on an allowed (forwarded) port, the destination IP address is changed into the internal IP address of the Internal server. The source IP address doesn't change. The packet is then forwarded to the Internal server.

When the Internal server sends a packet back to the External app, it sends it to the source IP of the packet it received. But because it has a default gateway of 1.1, it sends it to Router 1. Router 1 then NATs the Internal server IP address and sends it to the External app IP. The External IP sees this as traffic from a separate connection and discards it.
 
her209

her209

No Lifer
Oct 11, 2000
56,336
11
0
You have several options to fix the problem. Here are two that come to mind:

1) Manually configure the default gateway on the Internal server to point to Router B. Internal computers will still be able to talk to the Internal server. If you had external connections accessing the Internal server through Router 1, then those won't work anymore.

2) Keep the current default gateway. Add a route to the routing table on Internal server that directs all traffic destined for External App IP address to Router B.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom