Results 1 to 8 of 8

Thread: bad network configuration

  1. #1
    Senior Member
    Join Date
    Apr 2005
    Posts
    123

    bad network configuration

    Hello everyone.

    I have here a problem of a bad network configuration.
    I have 3 diferent networks

    192.168.0.x
    192.168.1.x
    192.168.2.x

    My problem is, if someone from 192.168.0.x tries to comunicate with 192.168.1.x or even 192.168.2.x, he can't, unless he add a route in command line, such, route add <ip> <mask> <ip>

    this is for all the networks that need to comunicate to each other, how can i solve this?
    I have a firewall, that is also my gateway.

  2. #2
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    OK, you've got me stumped.

    I haven't the foggiest idea. So I will ask some questions.

    Who set up these subnets? ( oh, sorry, networks )

    You want all the hosts on the subnets to be able talk to all other hosts on all other subnets with no restrictions?

    What is the netmask? Why was it chosen?

    If a host can communicate directly with another just by adding it to it's own routing table, I'm guessing there are no gateways set up for the subnets. Is this by design?

    How are the hosts administered, how many are you talking about, and ( to bring this thread into an area where it might fit in a security forum ) do you actually allow users to manipulate the routing tables?

    Maybe someone with more networking experience then me can answer your question, but I would start by answering these questions.
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  3. #3
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Hey Hey,

    It sounds to me like you've most likely got all three subnets plugged directly into a switch, this would explain the inability to communicate.

    IKnowNot has asked some good questions and the answers to them would be beneficial to answer this.

    If you could provide a diagram of your network layout (Visio would be awesome, but text will work) and as well the output of route print at the command line

    It will look similar to this

    Code:
    D:\Program Files\Support Tools>route print
    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x2 ...00 50 56 c0 00 08 ...... VMware Virtual Ethernet Adapter for VMnet8
    0x3 ...00 50 56 c0 00 01 ...... VMware Virtual Ethernet Adapter for VMnet1
    0x10005 ...00 0c 6e ca 72 4a ...... VIA Rhine II Fast Ethernet Adapter - Virtual Machine Network Services Driver
    0x10006 ...00 e0 29 99 87 c5 ...... SMC EZ Card 10/100 PCI (SMC1211TX) - Virtual Machine Network Services Driver
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.100       20
            127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
          192.168.1.0    255.255.255.0    192.168.1.100   192.168.1.100       20
        192.168.1.100  255.255.255.255        127.0.0.1       127.0.0.1       20
        192.168.1.255  255.255.255.255    192.168.1.100   192.168.1.100       20
         192.168.60.0    255.255.255.0     192.168.60.1    192.168.60.1       20
         192.168.60.1  255.255.255.255        127.0.0.1       127.0.0.1       20
       192.168.60.255  255.255.255.255     192.168.60.1    192.168.60.1       20
        192.168.254.0    255.255.255.0    192.168.254.1   192.168.254.1       20
        192.168.254.1  255.255.255.255        127.0.0.1       127.0.0.1       20
      192.168.254.255  255.255.255.255    192.168.254.1   192.168.254.1       20
            224.0.0.0        240.0.0.0    192.168.1.100   192.168.1.100       20
            224.0.0.0        240.0.0.0     192.168.60.1    192.168.60.1       20
            224.0.0.0        240.0.0.0    192.168.254.1   192.168.254.1       20
      255.255.255.255  255.255.255.255    192.168.1.100   192.168.1.100       1
      255.255.255.255  255.255.255.255     192.168.60.1    192.168.60.1       1
      255.255.255.255  255.255.255.255     192.168.60.1           10006       1
      255.255.255.255  255.255.255.255    192.168.254.1   192.168.254.1       1
    Default Gateway:       192.168.1.1
    ===========================================================================
    Persistent Routes:
      None
    Do it without the route added and then give us the exact command that you use to add the route.

    We'll find you an answer,

    Peace
    HT

  4. #4
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    If you want all the hosts on all three subnets to talk to each other without restrictions - I am guessing this is some sort of home network maybe one or two clients on each subnet (dont ask me why just the impression i get) - Is there a specific need for these 3 subnets? - if not just have them all on the same network and have no subnets?

    If you do need three subnets what hardware do you have, routers, switchs etc? These are what need to be configured to allow subnets to talk.

  5. #5
    Senior Member
    Join Date
    Apr 2005
    Posts
    123
    these networks are connected to each other by routers, with the subnet mask 255.255.255.0

    I don't have any gateway configured, i have smoothwall firewall, but i don't know how to reconfigure the firewall so that he can manage all the request to one privet network to other.

    To "patch" this situations, i have created a script, for each computer that needs to have access to other privet network, this script will add a route to the correct router, so the users don't have access to the route table on there computers

    I would like your opinion, how should i solve this. I guess that is possible using the firewall to manage the requests, the firewall would have a route table, for all the privet networks.

    Im using Smoothwall, but im thinking to change to IPCOP, its much simpler, and less bugs. Any opinion on this?

    Thanks for all the replys.

  6. #6
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    What routers do you have?

    If you have cisco ones a possible solution would be to send all traffic addressed to 192.168.1.x 255.255.255.0 to what ever the ip address is of the port on the router that the subnet concerned is "attached to". Do this for each induvidual network on all the routers.

    Let me know if you have cisco routers and I can give you the exact comands you need to do this.

    Or if you have a lot less than 254 clients in total on all three networks put them all on the same ip range i.e 192.168.1. 0 -254.

  7. #7
    Senior Member
    Join Date
    Apr 2005
    Posts
    123
    There are all Cisco Routers. and i have separate in to diferent networks, because they are in diferent locations, and this way its much easyer to to differentiate the networks.

    If i execute that command, what happends when a client is trying to access the web?
    I have a DHCP Server on the firewall , my guess is, the firewall manages all the request, if anyone from 192.168.0.x asks a request to 192.168.1.x, then the firewall, will route the request, to the correct router that have access to the 192.168.1.x network.
    But i don't know how to do this on this firewall, since im going to change the firewall, i have not asked how to do it, in the smoothwall forums.

    Thanks for the replys

  8. #8
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    I cant really help on the firewall side of it but I would have thought that internal traffic would be allowed? Unless the firewall is either physicaly in between the routers or the routers have been configured to send everything to the firewall first?

    However depending what routing protocol you are using, RIP, OSPF etc, if you havent told your router(s) to send all traffic addressed to 192.168.1.x 255.255.255.0 to the ip address of the router port that it is on, your networks wont talk to each other as in essence they are three different networks in three different domains.

    You need to tell all the routers where is should send the traffic addressed for all three networks so it knows what to do. dont forget to use the subnet maks though!

    Hope this is helping?

    gl

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •