Simple Win2k3 routing issue

Hello. Trying to setup my 2k3 box as a router between a wireless
network for various computers around the house and a wired network of
servers and such in a computer room. I'm doing this using RRAS, which
has been enabled but doesn't seem to be doing what I want. For
simplification, I've left out non-relevent boxes from this ascii
diagram of the network:

uplink <-> wireless router <-> 2k3 server <-> wired hub <-> bsd box
192.168.1.1 ^ ^ 192.168.0.3
| |
192.168.1.101 192.168.0.1

RRAS is running on the 2k3 box, which is dual-honed. I basically want
all 192.168.0.* traffic redirected to the wired network and all of the
outbound traffic from within it directed out. I also need to forward
ssh into the BSD box. All of this stuff is working fine except I cannot
connect to the world outside the wireless router from the bsd box.

I figured that a static route like this would work, but it doesn't:
dest: 0.0.0.0 mask: 0.0.0.0 gateway: 192.168.1.1 if: wired nic

The gateway on the bsd box is 192.168.0.1

Probably missing something obvious... Any help appreciated

"Bruce C. Miller" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> servers and such in a computer room. I'm doing this using RRAS, which
> has been enabled but doesn't seem to be doing what I want. For
> simplification, I've left out non-relevent boxes from this ascii
> diagram of the network:

Win2k3 as a Router or a NAT Device? The two aren't the same thing.
Broadband Router (wired or wireless) are not *real* router,...they are NAT
Devices,...calling them routers is just "marketing-speak" where marketing
departments of the SOHO industry have been allowed to re-write the
dictionary to suit themselves because they probably figured if they told you
they wanted to sell you a "Broadband NAT Server" or a "Broadband NAT
Firewall" they wouldn't sell as well. However if they called them
"Broadband NAT Firewalls" I think it would have both been accuarte and would
have sold well now that "firewalls" are the big thing that everyone wants to
have.
________________________________________________
Assuming Win2k3 is a real router and not a NAT Device, you need
things to look like this:

Wireless NAT Device
1. Uses IP as Default Gateway
2. Has a Static Route for the 192.168.0.x network that uses the
Win2k3 box as the "gateway"

Win2k3 Box
1. Uses the Wireless NAT Device as the Default Gateway

Hosts on both networks
1. Uses the Win2k3 box as their Default Gateway. The actual
IP# used depends on what Win2k3 Nic directly faces them.
__________________________________________________
Assuming Win2k3 is a NAT Device, you need things to look like this:

Wireless NAT Device
1. Uses IP as Default Gateway

Win2k3 Box
1. Uses the Wireless NAT Device as the Default Gateway

Hosts on 192.168.1.x network
1. Uses the Wireless NAT Device as their Default Gateway.

Hosts on 192.168.0.x network
1. Uses the Win2k3 box as their Default Gateway.



--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/pro...isaserver.mspx
-----------------------------------------------------

Phillip Windell wrote:
<snip>
> Assuming Win2k3 is a NAT Device, you need things to look like this:
>
> Wireless NAT Device
> 1. Uses IP as Default Gateway
>
> Win2k3 Box
> 1. Uses the Wireless NAT Device as the Default Gateway
>
> Hosts on 192.168.1.x network
> 1. Uses the Wireless NAT Device as their Default Gateway.
>
> Hosts on 192.168.0.x network
> 1. Uses the Win2k3 box as their Default Gateway.

Thanks, I was missing having the wireless device as the gateway on the
2k3 box's wired NIC.

The win2k3 box does have IP routing setup on RRAS, so i assume it can
safely be called a router. If the wireless router also had something
like a dsl modem on board, then i suppose it could be a router too,
since it acts as a junction between the two networks.

"Bruce C. Miller" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ps.com...

> Thanks, I was missing having the wireless device as the gateway on the
> 2k3 box's wired NIC.

Ok, very good.

> The win2k3 box does have IP routing setup on RRAS, so i assume it can
> safely be called a router. If the wireless router also had something
> like a dsl modem on board, then i suppose it could be a router too,
> since it acts as a junction between the two networks.

Yes, it can because RRAS is a router,..NAT is just a "feature" of RRAS.
NAT does require "routing" as it underlying engine, so any real router can
also be configured to do NAT.
That is different than a NAT Device which cannot do anything but NAT, it
cannot be turned off, it is the primary function and not simply a feature.
In other words a router can be a router or a NAT box,...but a NAT Device can
only be a NAT Device. That may not seem like a big deal, but it
is,...especially when two people using the same "words" but mean two
different things when they use them.

The explosion of the SOHO market and they way they have misused terminology
has created a lot of confusion and disarray involving what people mean by
what they say, and it has become a real frustration to me that I can't seem
to stop whining and complaining about,....so you can ignore my rantings if
you wish :-)

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/pro...isaserver.mspx
-----------------------------------------------------

"Bruce C. Miller" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ps.com...
> safely be called a router. If the wireless router also had something
> like a dsl modem on board, then i suppose it could be a router too,
> since it acts as a junction between the two networks.

No. The wireless NAT Device would not. Being a junction between two
networks does not define a router. A LAN Router, a Proxy Server, and a NAT
Device can *all* be a juction between two networks, but neither the proxy or
the nat box are "routers". The key is in "how" they do it and what are they
capable of and not capable of. For example a proxy server and a NAT Device
can both join two network but they are two totally differenet and competeing
technologies:
1. The NAT Device does not "proxy"
2. The proxy (typically) does not route or nat and in fact may not even
use Layer3 functionality at all but functions in the Proxy
Application
which is totally above the OSI Layers.
3. A LAN Router can route but can also be configured to perform
NAT as a "feature". However no LAN Router can "proxy".
4. Then with all that said, there are blended products like MS ISA
Server that is primarily a proxy, but it can also do NAT and can
also
function as a LAN Router all in one product. But you have to keep
mind that this is a combination product and cannot be used to define
what other product are or aren't.

It may all seem like splitting hairs, but it makes a big difference when
troubleshooting or designing some kind of network environment.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

I have said all this before, but the question keeps coming up in the
newsgroups.

It really all depends on default routing (and what it can and cannot
do).

Routing betwen two subnets is easy if there is only one gateway. You
simply make the router the default gateway for both subnets.

192.168.0.x dg 192.168.0.1
|
192.168.0.1 dg blank
router
192.168.1.1 dg blank
|
192.168.1.x dg 192.168.1.1

If one subnet has an existing gateway (such as to the Internet) this
fails, because the default route of this subnet is to the Internet router,
not the internal router. The traffic for the "other" local subnet never gets
to the internal router. It goes to the Internet router and is discarded.

There are a couple of ways to ge around the problem. If you just need
both subnets to have Internet access, you can do NAT again on the second
router. What you can't do with this setup is access the "inner" subnet from
the other one, because you are on the wrong side of the second NAT.

If you want both subnets to access the Internet and each other, you need
to modify the routing. Default routing won't do it for you. The Internet
router needs to know where the "inner" subnet is and how to reach it.

Internet
NAT
192.168.0.254
|
workstations
192.168.0.x dg 192.168.0.254
|
192.168.0.1 dg 192.168.0.254
router
192.168.1.1 dg blank
|
192.168.1.x dg 192.168.1.1

To make it all work, you can add a static route to the Internet router
to forward traffic for 192.168.0.0/24 to the Internal router eg

192.168.0.0 255.255.255.0 192.168.0.1


Phillip Windell wrote:
> "Bruce C. Miller" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ps.com...
>
>> Thanks, I was missing having the wireless device as the gateway on
>> the 2k3 box's wired NIC.
>
> Ok, very good.
>
>> The win2k3 box does have IP routing setup on RRAS, so i assume it can
>> safely be called a router. If the wireless router also had something
>> like a dsl modem on board, then i suppose it could be a router too,
>> since it acts as a junction between the two networks.
>
> Yes, it can because RRAS is a router,..NAT is just a "feature" of
> RRAS.
> NAT does require "routing" as it underlying engine, so any real
> router can also be configured to do NAT.
> That is different than a NAT Device which cannot do anything but NAT,
> it cannot be turned off, it is the primary function and not simply a
> feature. In other words a router can be a router or a NAT box,...but
> a NAT Device can only be a NAT Device. That may not seem like a big
> deal, but it is,...especially when two people using the same "words"
> but mean two different things when they use them.
>
> The explosion of the SOHO market and they way they have misused
> terminology has created a lot of confusion and disarray involving
> what people mean by what they say, and it has become a real
> frustration to me that I can't seem to stop whining and complaining
> about,....so you can ignore my rantings if you wish :-)

"Bill Grant" <not.available@online> wrote in message
news:OJEZiC$(E-Mail Removed)...
> I have said all this before, but the question keeps coming up in the
> newsgroups.

Several times a day usually :-)

I have seen some websites with good diagrams. Maybe if we find a good one we
should just post the link to it and forget it.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com