• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Need help from Microsoft "Engineer Class" person

B

Bob151

Senior member

We've got a need for a special setup that we are already doing, and doing quite successfully with HP UX systems. Due to policy, monitoring and budgetary issues we need to work with what we have. So flaming that its the stupidest thing you've ever heard of will fall on def ears.

I have an MCSE that says we can't have their proxy server have two network interfaces on our inside network. Once again, this is something that we have already accomplished by simply adding an extra route command in unix, so hold the flames.

Got a proxy server with two addresses, for example.

10.1.17.34/24=Int1
10.1.12.59/24=Int2

Proxy clients will hit 10.1.17.34/24, the proxy will in turn, make its requests out int2, 10.1.12.59/24.

How do I propose such a thing?

Make the defualt route (i.e. 0.0.0.0) on int2 of 10.1.12.1. Then add a persistant route with the command "route add -p 10.0.0.0 MASK 255.0.0.0 10.1.17.1".

How would this ever work? If MS Win2K server is like UNIX and Cisco Routers, then it will follow the most explicitly defined route. Even though 10.0.0.0/2 was defined as a persistant out Int1, it will still go to the 10.1.12.0/24 network out int2 due to its most explicit information. The proxy will make requests out to the internet, passing thru the FW naturally, out int2 to the 0.0.0.0 network.

I have to work with an MCSE who is so entreched in his position that he doesn't even want to test it, even thought I pointed out its done in UNIX without running any routing protocols. I'd like to test to leard hands on that this will work or not, but he holds the hardware.

This is not that freakin' complicated. I know a MS server is not a router, but there are just a couple of static routes needed to accomplish this. This server doesn't need to run OSPF to make very simple decisions.

Any objective replies appreciated.
 
Well, it sounds as if it should work fine. The route command (in W2K) certainly exists, and it should work as you describe--it's just TCP/IP, nothing particularly complicated.

But, I don't have such a setup, so can't test it, so cannot say "fer sure" that it'll work. Just try it, and see what happens.
 
Originally posted by: n0cmonkey
How does he think proxying and tcp/ip forwarding and whatnot work in Windows?
Click to expand...

I don't know. Unfortunately, layer 2 and layer 3 issues are not the strong points of much of the MSCE material and even technet documentation, hence, their certified engineers suffer because of it.

He said that he would have to do a route add for each and every single subnetwork in our enterprise because a 10 net address is a class A address and it wont take the "route add -p 10.0.0.0 mask 255.0.0.0 {inside next hop address}". He says for each subnet that has users one it, he will have to do a static route add. Thats the silliest thing I've ever heard of. I've heard that MS does things their own way, but this is too odd to be true for a newer operating system.

 
route -?
should shed considerable light on the subject. (for the MCSE) It documents wild-carding, which should accomplish whatever needs you have.
 
Arg, the guru said that because both interfaces will have 10.anything addresses, they are therefore on the same network. That the server can't have two addresses on the same subnet, refering to the 10 subnet. He said it had to be a 172.16.x.x network becuase thats a different subnet. I tried to inform him that 10.1.17.x/24 and 10.1.12.x/24 are different subnets as well.

I informed him that 10 is the network and 10.x.x.x/(anything greater than 8) are subnets of 10.

I even went as far to configure my PC with two nics and dirrect what ever traffic out whatever NIC I chose by changing the local PC route table.

This guru informed management we have irreconsilable differences or something like that!

Is there any Microsoft information anyone knows of that will help him understand, as MS seems to be his authority on data communication networking, not someone who manages routers and tried to keep a logical, well thoughout OSPF network design and ip addressing scheme in place.
 
Well, in all fairness, having a windows box w/ two nics on the same segment will have problems eventually, IIRC, it has to do with WINS records.

In any case, it seems to me that the documentation on the ROUTE command (native in Windows) which should be available on TechNet as well, should be enough to support the idea. TechNet (since it's from M$) should carry some weight with this guy.

Are both nics on the same segment? or seperate vlans?
 
Originally posted by: Woodie
Well, in all fairness, having a windows box w/ two nics on the same segment will have problems eventually, IIRC, it has to do with WINS records.

In any case, it seems to me that the documentation on the ROUTE command (native in Windows) which should be available on TechNet as well, should be enough to support the idea. TechNet (since it's from M$) should carry some weight with this guy.

Are both nics on the same segment? or seperate vlans?
Click to expand...

To make an effective proxy, the two nics will have to be on separate segments.

I cant provide much help since Im not a Windows guy, just thought the thread was interresting 😛
 
If I understand you correctly, you just want a proxy server that takes requests from one segment (x), and forwards those requests on to another segment (y). I'm assuming as well that the items the proxy will be searching for are not on segment (y), but segment (y) can provide a route out to the public net?

Why not just configure a host route on INT2 that points to the gateway of segment (y)?
Lets say the gateway on Segment (y) is 10.1.12.1/24
The route would be
route add -p 0.0.0.0 MASK 255.255.255.255 10.1.12.1

Maybe that isn't exactly what you are looking for.



 
Originally posted by: Bob151
Arg, the guru said that because both interfaces will have 10.anything addresses, they are therefore on the same network. That the server can't have two addresses on the same subnet, refering to the 10 subnet. He said it had to be a 172.16.x.x network becuase thats a different subnet. I tried to inform him that 10.1.17.x/24 and 10.1.12.x/24 are different subnets as well.
Click to expand...

Hogwash.

Yes, by default, Windows will use a class A mask on this. You can manually assign any subnet mask you wish.

Sounds like your MCSE is letting his "knowledge" prevent him from seeing reality. If he'd just test it, he'd probably find that it works.

Now, I'm no IP guru, and subnetting makes my head spin, but W2K can definitely do TCP/IP. If you've defined custom subnets, just put 'em in the IP properties on the machines and it'll work.

 
Arg....

I recall that MS used to have some nntp newsgroups. I'm going to see if a Microsoft Paid Employee will make a rulling on this. Thats like the only thing this guy will believe. MS networking, I mean true networking, like masking, gateway, default routes, is pretty bad.

Thanks all for you help.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top