1

Good morning folks,

Networking is not my strong suit, and after reading up on route programming and IP routing, I am now thoroughly confused and in need of guidance.

I have a Windows 7 Pro machine on a client network in the 192.168.128.0/24 range, and another network on a 10.0.0.0/24 range.

The machine has 2 NICs, NIC1 on 192.168.128.10, NIC2 on 10.0.0.1

The 192.168.128.0/24 range has internet access and is connected to the client network- we have no control or visibility on this network.

The 10.0.0.0/24 network has a bunch of IP enabled access control equipment, controlling doors, locks etc.

The client has now requested that these controllers report to a remote monitoring station using Armor IP. This is a service that sends an encrypted UDP packet to a service desk so that when an alarm condition (for instance, someone forcing a door open or the power going out) is met, a packet is sent to the monitoring desk and a staff member there can go through a runsheet of personnel to call.

Somehow it has fallen to me to figure out how to get the alarm packets from the 10.0.0.0/24 subnet through to the 192.168.128.0/24 subnet so they can go out to the internet.

I've done a little reading and it seems what I need to do is-

a) Enable IP Routing in Windows 7 Pro (easily done in Win 7) b) Set up a static route between the two NICs

However I have no idea how to arrange these routes. I'm not even certain this is the solution I'm looking for. I looked briefly at ICS but that would change IP addresses, and we can't do that with either network. Any help would be appreciated.

danspanner
  • 13
  • 3
  • Have you looked at windows server routing and remote access? – Jim B Mar 24 '15 at 01:40
  • At this stage we're trying to avoid adding additional software or hardware into the mix, as there are two working networks on site and we'd prefer not to rock the boat unless we absolutely need to. – danspanner Mar 24 '15 at 01:46
  • So you are willing to use a win7 device and pray with some cobbled together solution but not willing to "rock the boat" and use a real router (or at least software designed for routing)? – Jim B Mar 24 '15 at 01:51
  • In a word- yes. What it comes down to is how much our client is willing to pay- to get IP monitoring on these devices is not something they are willing to pay big dollars for (including new hardware and software). Which is beside the point- if there is a way to route packets in this manner in Windows 7 Pro (and it seems like there should be) then that would be preferable. Hence my question. – danspanner Mar 24 '15 at 02:02
  • That being said, can you explain where a router would fit in given this scenario? Would it sit between the Win 7 machine and the 10.0.0.0 network, or would it need to fit in elsewhere? – danspanner Mar 24 '15 at 02:11
  • Do you have control over the device that gives Internet access for the 192.168.128.0/24 network? If not, you'll need to do more than route -- you'll need to do NAT. – David Schwartz Mar 24 '15 at 07:32
  • The router sits between the networks so that the device at 10.0.0.5 can get to the proxy at 192.168.0.10. – Jim B Mar 24 '15 at 13:01
  • Thanks JimB I'll see if I can sort that out as a solution and give it a spin on a test network. DavidSchwartz No we have no control at all over the 192 network :( my first suggestion was to provide our own internet connection to these premises (but was immediately shot down) and I suspect that I've complicated this whole matter way out of proportion to the actual problem at hand – danspanner Mar 25 '15 at 09:34

1 Answers1

0

You've got (b) wrong. You don't put in routes between the two NICs in the Win 7 box. Windows already knows to route from one network to the other when you put it in routing mode. What you might have to do on the Win 7 box is add routes to any other networks that are behind other routers. The other thing you'll have to do is configure all the controllers to use 10.0.0.1 as their default gateway. Note that if you configure the controllers that way, 100% of their routing will be handled by the Win 7 box, so anything the Win 7 box can't get to, the controllers won't be able to get to.

The other thing you'll have to do is tell whatever default gateway the devices on the 192 network are using how to get to the 10 network. That's because anything that needs to talk to the 10 network has to know to go through the Win 7 box. Either that or you have to change the default gateway on any 192 devices that need to talk to the 10 network, which means those devices won't be able to get to whatever networks their old default gateway used to get them to (like maybe the internet).

The Win 7 box is the easy part. It's having to make changes on most or all of the devices around the Win 7 box to make this work that will be more complicated.

Todd Wilcox
  • 2,851
  • 2
  • 20
  • 32