-1

I currently have the following setup whereby I need Server #1 to reach the Internet via Server #2 using its second NIC.

Is this possible using static routes? If so which route should be added to where?

At present server 1 can ping server 2, and server 2 can access both the internet and ping server 1.

Network Diagram

lethalMango
  • 127
  • 4
  • I did find (http://serverfault.com/questions/390470/static-routes-on-windows-computer-with-two-nics-connected-to-two-routed-networ?rq=1) this question however I'm not quite sure how this translates to this situation. – lethalMango Jun 11 '13 at 13:43
  • Just to add, this is an isolated training network which moves from site to site, however from time to time the Internet is required hence the second NIC to access the third party network. The networks cannot be merged as DHCP is running on Server #1 as many more devices are often connected. – lethalMango Jun 11 '13 at 13:52
  • -1 because this is a pretty common problem for which a log of how-tos exist. – Jason Tan Jun 11 '13 at 14:38
  • @JasonTan I have looked for some time over the net for how-tos however I couldn't find anything. Do you have a link for a 'how-to' related to the above? – lethalMango Jun 11 '13 at 15:25
  • Yeah apologies - I made that comment thinking you were running linux - there are tons of howtos for that. I can't vote it up again. Unless you edit the question. – Jason Tan Jun 11 '13 at 16:13

2 Answers2

0

You should bridge the connection between NIC 1 & NIC 2 on Server 2. Change the ip to something like 192.168.1.x and the default gateway to 192.168.1.254 on server 1. Also you have to change the IP of server 2 NIC 1 to 192.168.1.y. Doing this, server 1 can contact it's default gateway (router 1), which will forward the IP packets to the internet.

Another solution is to configure server 2 to forward the packages it recieves from server 1 to it's default gateway using NAT. Doing this, server 2 will be a semi-router.

Jonathan Kortleven
  • 446
  • 4
  • 12
0

Assuming linux.

You need to do two things:

  1. Turn on ip forwarding
  2. Set up masquerading Source Network Adress Translation (SNAT)

Leave everything how you have it and check that IP forwarding is on is on.

sysctl net.ipv4.ip_forward

[root@somehose ~]$ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0

If that is set to 0 (as it is in the above example) then you need to set it to 1 (on).

Edit /etc/sysctl.conf Make sure that:

net.ipv4.ip_forward = 1

Run sysctl -p to reload sysctl.conf that will cause all the settings in that file to be read and set. Since it is in the file they will also be reser at boot time.

Then run sysctl net.ipv4.ip_forward again to make sure it actually changed.

[root@somehose ~]$ sysctl net.ipv4.ip_forward
    net.ipv4.ip_forward = 1

Now I'm very confident of the above.

You'll also need to turn on SNAT on server2. Assumes SERVER #2 NIC #2 is eth1 and SERVER #2 NIC #1 is eth0

I'm not 100% sure on the actual command syntax and I don't have a test rug I can test on where I am but you can just google "masquerading iptables SNAT" and you can find a howto. Come to think of it you could have googles that and got the whole answer. Never mind.

iptables -t nat -A POSTROUTING --out-interface eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp -o eth0 -j SNAT --to-source 10.10.10.3

You need to put this in the appropriate file for your distro so that it persists accross reboots.

Jason Tan
  • 2,742
  • 2
  • 17
  • 24
  • Hi Jason, Thanks - I'm sorry I forgot to mention it is on Windows Server 2003 (however we also have planned a linux setup so this will come in useful then). Do you know if this can be achieved in Windows? – lethalMango Jun 11 '13 at 14:37
  • I don't know about windows. I imagine it can, but I don't know for sure, and I certainly don't know how to do it, if it is. Sorry I can't be more helpful, windows is just not my gig at that level. – Jason Tan Jun 11 '13 at 14:58