2

Inventory:

  1. Multiple PCs [WinXp/2K] on LAN (192.168.10.x) [default gateway is 192.168.10.100]
  2. One DSL modem at 10.1.0.1
  3. One PC [Windows 2000 AS] (dual NIC with RRAS) with:
    a. 192.168.10.100 [connected to above LAN] and
    b. 10.1.0.2 [connected to DSL modem]

The gateway PC (point 3) can see the internet and the PCs on LAN (point 1) can ping the gateway PC. The gateway PC hosts a proxy server (squid).

Problem:
Just turning on RRAS on the PC (at point 3) doesn't work. I know I'm missing some steps here.. Can someone please help?

Edit: Long Story:
Some PCs on LAN (Point 1) need to have restricted access to the internet. Hence the Dual Nic PC (point 3)acting as a proxy (squid+squidguard). This works fine, all PCs on LAN can connect to the internet via the gateway proxy. However, some PCs on that LAN need to connect directly to the internet (they use citrix and other stuff that needs direct connectivity).

Ryan Fernandes
  • 312
  • 5
  • 19
  • 1
    More info? OS & version? Can the gateway PC see the internet itself? Can the lan PCs ping the gateway PC? – tomjedrz Oct 15 '09 at 06:44
  • 1
    Also .. any particular reason you don't use a cheap broadband router? – tomjedrz Oct 15 '09 at 06:46
  • Or reconfig the DSL modem to use the same subnet as your PCs... or reconfig your PCs to use the same subnet as your modem. It looks to me like you're creating trouble for yourself with this setup. – Maximus Minimus Oct 15 '09 at 09:10
  • @tomjedrz, mh: Sorry, have been out on holidays, just got back and answered all your questions. – Ryan Fernandes Oct 18 '09 at 03:12

3 Answers3

1

You need to get your win2k box (3.) to do Network Address Translation with RRAS. It is possible, but painful.

I would personally either replace 3b with a DSL modem that will terminate & NAT the connection, or upgrade 3. to Windows Server 2003, which does allow NAT without so much pain.

Nick Kavadias
  • 10,796
  • 7
  • 37
  • 47
0

You're trying to use a Win2K machine as a firewall, router and proxy. That's really not a good way to go, not least of which because Win2K is a clunky and unreliable version at best. I suggest you replace that with something better suited to the task. There are a number of Linux based firewalls that will fit your needs and more. My personal favourite is Smoothwall but there are others, each having their own strengths and weaknesses. All the ones I've seen are easily managed via a web browser and generally require very little, if any, prior Linux experience.

John Gardeniers
  • 27,458
  • 12
  • 55
  • 109
0

If I understand correctly you have most PCs working through the gateway (Point 3) already, but you want some to connect directly to the Internet without going through the gateway PC.

For those PCs that need direct access, they will need to be in the same subnet as the DSL modem, or you'll need some sort of router or gateway for them. Your gateway PC is serving as a gateway between the two subnets.

Your options are: - move some or all PCs to the DSL subnet - move DSL to the PC subnet (and any PCs that are already in that subnet) - setup a router between the subnets - i.e. if your switch supports layer 3 routing, have it route between the subnets - use the gateway PC for all routing between subnets, and work through whatever issues you have with the routing (i.e. why do you want some PCs to have direct access out?)

Scott Forsyth
  • 16,449
  • 3
  • 37
  • 56
  • "setup a router between the subnets"- Unfortunately, all I have is the gateway PC with RRAS to do this...and yes, "work through whatever issues you have with the routing"- is what I'm trying to work out here :) – Ryan Fernandes Oct 21 '09 at 02:27
  • What issue are you running into with RRAS that you're trying to solve? – Scott Forsyth Oct 21 '09 at 18:39
  • turning on RRAS on the g/w pc doesn't automatically route LAN traffic to the DSL modem/router (I would add an input/output filter to choose which IP addresses to block traffic from, once this is in place) – Ryan Fernandes Oct 22 '09 at 04:01