Page 1 of 2 12 Last
  • Jump to page:
    #1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2008
    Posts
    183
    Rep Power
    7

    Routing questions


    So I have some basic routing questions, heres my setup

    I have 2 routers, I have a Thompson TG585 and a SMC7904WBRA and a server with 2 NICs.

    My objective is to be able to monitor ALL traffic inbound and outbound physically. What I am planning on doing in routing between my 2 NICs on the server

    SMC router (WAN) 192.168.1.2 >> SERVER NIC1 @ 192.168.1.1

    Route between NICs using RRAS 192.168.1.0 >> 10.0.0.0

    Thompson TG585 LAN (DHCP) (WLAN) 10.0.0.2 >> SERVER NIC2 @ 10.0.0.1

    So basicly the server on NIC2 will issue DHCP on the 10.0.0.0 network ( 10.0.0.10 - 10.0.0.254).

    DHCP
    ADDRESS: 10.0.0.x
    GATEWAY: 10.0.0.1
    DNS: 10.0.0.1

    Now i can use wireshark to capture ALL inbound and outbound traffic phisically!

    What do you think? Any downside to this setup?

    Thanks!
    Last edited by onlinegamesnz; April 20th, 2013 at 04:24 AM.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    surfing the interwebz
    Posts
    2,408
    Rep Power
    2004
    I think that should work fine Gamez, then again it's 11pm here so I may not be thinking too clearly. Sounds like you have your ISP/Router coming into Nic1 and then Nic2 is connected to your other router that has wifi and will service your LAN?
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2008
    Posts
    183
    Rep Power
    7
    Originally Posted by seack79
    I think that should work fine Gamez, then again it's 11pm here so I may not be thinking too clearly. Sounds like you have your ISP/Router coming into Nic1 and then Nic2 is connected to your other router that has wifi and will service your LAN?
    Thats right, only now im having issues with this damn thompson thing, such horrible routers

    In theory though, I should bow be able to capture ALL trafffic including wifi, on encapsulated data will no be seen.

    Correct?

    Thanks
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2008
    Posts
    183
    Rep Power
    7
    Great, thats done and up and running. I am seeing ALL traffic now.

    I do however have 1 more question,

    I am using windows server 2008, setup with the 2 nics WAN and LAN. My question is how can i use the firewall on the 2008 server as the main firewall. Right now it only seems to be a firewall for that specific server, i need to act as a firewall for the traffic passing between the two nics!

    Any ideas?
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    surfing the interwebz
    Posts
    2,408
    Rep Power
    2004
    In RRAS you should be able to select the "outside" NIC and choose "enable basic firewall" IIRC. I believe when you enable NAT it acts as a firewall already by it's nature. Check this out.
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2008
    Posts
    183
    Rep Power
    7
    Originally Posted by seack79
    In RRAS you should be able to select the "outside" NIC and choose "enable basic firewall" IIRC. I believe when you enable NAT it acts as a firewall already by it's nature. Check this out.
    Thanks for the reply seack!

    I have checked your link, that might be what i have to live with, Or is there some third paty software that can do what i want, which is just provide a firewall between the interfaces (I guess in a way NAT is already doing this).

    I have one other question relating to NAT. Why is it required I setup NAT in RRAS as i already have NAT running at the ADSL router. I mean, having NAT twice shouldnt be a bad thing right, thus double security. But why not just create a static route between the interfaces and thats it? Why NAT?

    Also, one more thing. In the link you provided at the bottom of the page where you create the rules for NAT, such as FTP server, Web Server etc, this would be port forwarding for NAT in RRAS correct?



    So if I were to setup a DMZ to my server at say 192.168.1.1, To forward a port to a host at 10.19.1.x I would have to create a rule in NAT there specifying the port and destination address correct?

    Thanks for the help as usual
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2008
    Posts
    183
    Rep Power
    7
    Ok I just restarted the server after some updates and NAT has stopped translating. I have no internet and I see that NAT has no translations.

    Any ideas??

    Why did it stop
  14. #8
  15. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    surfing the interwebz
    Posts
    2,408
    Rep Power
    2004
    When you open a port in your firewall (as you referenced....FTP server, Web server, etc...) this is different than NAT. NAT, which is actually PAT, is known as Port Address Translation. NAT directs all traffic from a global IP address to a unique inside local IP address. PAT does the same thing, but directs traffic based on ports; as opposed o all traffic. So in short, when you open a port in your firewall you're just allowing that traffic in. PAT then dictates where the traffic goes once it's in; you have to do both for it to work.

    You don't, and usually shouldn't, need to utilize double NAT (i.e., NAT on your router and NAT on your server). I'm not sure I fully understand your setup; if your router is performing NAT I don't think you'll need to utilize NAT on your server.
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2008
    Posts
    183
    Rep Power
    7
    Thanks for the reply seack,

    Yes there is NAT at the router, so in theory I should not need NAT on the server,

    However, i have been unable to get the nics to forward traffic from the WAN nic to the LAN nic and visa versa.

    There is a default route configured when statically assigning ip addresses and gateways etc to the nics.

    I have WAN nic

    IP: 192.168.1.1
    Mask: 255.255.255.252
    G/W: 192.168.1.2 (adsl router)
    DNS: blank (local)

    LAN nic

    IP: 10.16.1.1
    Mask: 255.0.0.0
    G/W: blank
    DNS: blank

    Thanks!
  18. #10
  19. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    surfing the interwebz
    Posts
    2,408
    Rep Power
    2004
    Not sure I'm following your setup?
  20. #11
  21. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2008
    Posts
    183
    Rep Power
    7
    Originally Posted by seack79
    Not sure I'm following your setup?
    Maybe this will help



    Thanks!
    Attached Images
    Last edited by onlinegamesnz; April 24th, 2013 at 12:56 AM.
  22. #12
  23. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    surfing the interwebz
    Posts
    2,408
    Rep Power
    2004
    You can either set the ADSL router to bridged mode if possible so all traffic gets routed to the server. Then use Nat on the server to direct traffic.

    The other option is to direct traffic from the router to the server using Nat, and then route traffic from the server to your lan using nat again. This is known as double Nat, which is usually not advised but can work fine.

    If you allow all traffic to the server just make sure the firewall is on. I would also disable unneeded services an protocols to lock it down.
  24. #13
  25. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2008
    Posts
    183
    Rep Power
    7
    Thanks seack,

    This is what I was thinking, to try and delete the NAT on the ADSL router. I will see if this router supports bridged mode.

    This is exactly what im doing, im double NATing and everything is working OK so far!

    I would prefer to let the server handle NAT and not the router.

    I have setup and DMZ to the server anyway so I only need to forward required ports on NAT on the server.

    I do have one question though!

    Say I wanted to leave NAT to the ADSL router only, and just use the server to CAPTURE all traffic between the NICs, so still have a WAN and LAN setup between the NICs. Without NAT, I am unable for the lift of me to get an active route between the two NICs to just pass all traffic from 10.0.0.0 to 192.168.1.0 and visa versa.

    Thus, being a phisical break between WAN and LAN so i know i am getting a true capture of ALL incoming and outgoing connections (which is what im doing now but double nating).

    I hope this makes sense it kind of hard to explain, im better with diagrams

    Basicly, if i remove the NAT from the Server 2008 RRAS setup at the moment, i would be stuck with WAN traffic not seeing LAN traffic and visa versa. Must just be a routing issue i thought!

    Thanks!
    Last edited by onlinegamesnz; April 28th, 2013 at 05:53 AM.
  26. #14
  27. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    surfing the interwebz
    Posts
    2,408
    Rep Power
    2004
    Hi Gamez,

    If I understand you correctly, if you disable NAT on your server traffic can't flow from your WAN to the 10.16.x.x network? That would be because you have some inside resource on the 10.16.x.x. network that is set to accept traffic from the internet. However, when the router forwards traffic to that network, it knows a route to 10.x.x.x. in general via your 2nd NIC. Since NAT is disabled, once the server receives traffic destined for the 10.x.x.x network, it doesn't know which local host to send it to because NAT isn't available to dictate where the traffic should go; make sense?

    It's kind of like if I gave you 10 cups and 10 bowls; all of different colors. Lets also assume you are color blind. I now tell you to put a quarter in the red cup. You know where the cups and bowls are (i.e., you know a route to that network), but you don't have any idea of determining which cup is the red cup (i.e., NAT isn't setup to dictate where to send the traffic once it arrives).
  28. #15
  29. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2008
    Posts
    183
    Rep Power
    7
    Originally Posted by seack79
    Hi Gamez,

    If I understand you correctly, if you disable NAT on your server traffic can't flow from your WAN to the 10.16.x.x network? That would be because you have some inside resource on the 10.16.x.x. network that is set to accept traffic from the internet. However, when the router forwards traffic to that network, it knows a route to 10.x.x.x. in general via your 2nd NIC. Since NAT is disabled, once the server receives traffic destined for the 10.x.x.x network, it doesn't know which local host to send it to because NAT isn't available to dictate where the traffic should go; make sense?

    It's kind of like if I gave you 10 cups and 10 bowls; all of different colors. Lets also assume you are color blind. I now tell you to put a quarter in the red cup. You know where the cups and bowls are (i.e., you know a route to that network), but you don't have any idea of determining which cup is the red cup (i.e., NAT isn't setup to dictate where to send the traffic once it arrives).
    Thanks seack,

    Its not WAN to LAN that i have the issue. If i disable NAT on the server, LAN cannot access WAN. I have no internet access.

    Again, WAN NIC

    IP: 192.168.1.1
    Sub: 255.255.255.252
    G/W: 192.168.1.2
    DNS: blank (localhost)

    LAN NIC

    IP: 10.16.1.1
    Sub: 255.0.0.0
    G/W: blank
    DNS: blank (localhost)

    If i remove NAT, no internet whatsoever.

    I have gone to network connections - advanced and made sure that the WAN nic is the primary orbthe first nic to communicate on and i get internet fine on the server.

    Which again, leaves me to think it must be a route.

    When configuring these nics like this, there is a default route created between the interfaces right?

    Thanks for the help
    Last edited by onlinegamesnz; April 29th, 2013 at 06:07 AM.
Page 1 of 2 12 Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo