2

Currently we have a Windows XP computer with 2 NICs. We want all traffice destined for private IP addresses to go in/out of NIC (10.1.1.20) and all public traffic to go in/out NIC (173.x.x.x)

Our configuration:

alt text

We are not needing the 2 NICs to be connected in any way. (We are not trying to use this machine as a router)

What do we need to do?

Thanks!!

Community
  • 1
mattlandis
  • 177
  • 3
  • 9

2 Answers2

1

You want traffic for just a specific IP address to go through 10.1.1.20, and ALL other traffic to go through 173.x.x.x, correct?

This is simple to do, thankfully. From the command prompt, enter:

route add y.y.y.y mask 255.255.255.255 10.1.1.20

Where y.y.y.y is the public IP address, and 10.1.1.20 is the IP address of the network card (obviously). This route will be removed upon restart of the machine, so to make it permanant, add a -p to the end of the command.

Mark Henderson
  • 68,823
  • 31
  • 180
  • 259
  • 1
    You also have two default routes which is going to cause all kinds of problems. I don't remember the exact syntax for the route command, but you need to remove the first line of your routing table and make sure that your configuration for that NIC does not include a default gateway. – Catherine MacInnes Jan 07 '10 at 21:56
  • No, your assumption isn't quite right. We want all LAN traffic to go out NIC that assigned 10.1.1.20. We want all WAN destined traffic to go out/in the NIC assigned to 173.x.x.x. Thanks for the ideas soo far. – mattlandis Jan 07 '10 at 22:25
  • @Catherine: the two default routes have different metrics; only the one with a metric of 20 will be used. – Murali Suriar Jan 08 '10 at 00:22
0

We want all traffice destined for a public ip address to go in/out nic (10.1.1.20) and all public traffic to go in/out nic (173.x.x.x NIC)

I assume you meant "all traffic destined for a private IP address to go in/out NIC (10.1.1.20)" ?

If so, please could you provide a little more detail?

  1. What private addresses do you have present in your LAN? Is it just 10.1.1.0/24? (i.e. 10.1.1.1 - 10.1.1.254) Or are there other private addresses (10.x.x.x; 172.[16-31].x.x; 192.168.x.x) to be concerned about?

  2. Are you certain there are no public IP addresses in use on your LAN?

If you only need access to the 10.1.1.X network via your LAN NIC, then you should be able to do this by configuring your internet facing interface as the default. You can do this by lowering the metric of the default route configured on your internet facing NIC:

route CHANGE 0.0.0.0 mask 0.0.0.0 173.161.180.158 metric 10

EDIT: in response to your comments.

The 10.1.1.x addresses will already be routed via your LAN NIC, as they will be considered directly connected. See the third entry in your routing table:

Network Destination        Netmask          Gateway       Interface  Metric
           10.1.1.0  255.255.255.0        10.1.1.20       10.1.1.20      20

In order to ensure the 10.1.2.X addresses will be routed via this interface, you will need another static route. The following command should work:

route -p ADD 10.1.2.0 MASK 255.255.255.0 10.1.1.1

The '-p' makes the route persistent across reboots.

Regarding my second question: there are some organisations that have both public and private address space within their internal networks (not on the internet). If you are certain that 10.1.1.x and 10.1.2.x are the only address ranges in use, then this does not apply.

Regarding two default gateways: this was previously not recommended as all default gateways would be installed with a metric of 1, which lead to ambiguity as to which route should be used for traffic matching the default route. In this case, your two default gateways have different metrics; the one with the lower metric will always be preferred as long as that interface is available. (See this answer for more detail).

Note that currently the default route via your 10.x.x.x interface has a lower metric (20, rather than 30), which will lead to any internet traffic being routed to your LAN.

Community
  • 1
Murali Suriar
  • 10,296
  • 8
  • 41
  • 62
  • Your assumption about "private" is correct...i see i typed it wrong... #1-We have 10.1.1.x and 10.1.2.x LAN IP addresses. #2-The computer in question has 173.161.180.155 assigned to the 2nd NIC. Also, do you have anything to say about the "default gateway"--having 2 of them? – mattlandis Jan 07 '10 at 23:18
  • Okay, I think the key answer here was to make the metric of the public interface lower than the LAN interface. That did the trick! Thanks! – mattlandis Jan 08 '10 at 12:47