|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Firewalls, PC static routes, gateways
Subject: Re: Firewalls, PC static routes, gateways
From: Rodney van den Oever (RvdOever
chello.nl)
Date: Mon Jan 03 2000 - 19:06:38 CST
- Next message: Ben Nagy: "RE: Firewalls, PC static routes, gateways"
- Previous message: Peter Vincent: "Win98 SE Firewall?"
- In reply to: Randy Witlicki: "Firewalls, PC static routes, gateways"
- Next in thread: Ben Nagy: "RE: Firewalls, PC static routes, gateways"
- Reply: Rodney van den Oever: "Re: Firewalls, PC static routes, gateways"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Randy Witlicki wrote:
>
> I'm wondering if anybody has come up with a reasonable
> solution to static routes for Windows 95/98/NT laptop users
> in networks with a firewall and *another* gateway.
> If we have a setup where:
> - The default route points to the firewall on the local
> network, and;
> - You need an additional route to point to a gateway for
> some private network (either via VPN or a private (leased line
> or frame relay) link).
> (e.g.: the route to 0.0.0.0 is 10.0.0.1 and the route to
> 172.16.0.0/16 is 10.0.0.2)
Either:
1. set the default route to the internal router and make sure that one
has a default route pointing to the inside interface of the firewall and
has knowledge of other networks within the VPN.
2. Use DHCP anyway and add a batchfile to add a static route. Be aware
that you can't add static routes via DHCP (at least Windows won't accept
any).
Just add some batchfile to the startup-group e.g.:
bash$ cat routeadd.bat
echo off
rem DHCP:
ipconfig /release 0
ipconfig /renew 0
rem Work
route delete 0.0.0.0 mask 0.0.0.0 x.x.x.x
route add 0.0.0.0 mask 0.0.0.0 10.0.0.1
route add 172.16.0.0 mask 255.255.0.0 10.0.0.2
3. If you add a default route to 10.0.0.1 on the VPN-router and you
enable ICMP-redirects (probably by default enabled), this router will
send an ICMP-redirect to the clients telling them there's a better path
to the outside world via 10.0.0.1. This oughta work with Windows.
> - If you have a "route add" in a startup .BAT file on a 95 or
> 98 PC or a "route add -p" on an NT PC, if it is a laptop and that
> laptop travels to the remote network the "route add" is pointing
> at, then you need a .BAT file to reverse the startup .BAT file.
> I assume you might have similar problems with a *nix laptop.
> Is there a way to get one of these systems to listen to
> RIP or something similar ?
In case the user connects to another network, the batchfile just won't
work because of the different interface address, but's that no probem.
-- Rodney van den Oever / PGP Key ID 0x0A6CCE53 'Hit any user to continue.' - Erich Meijer
- Next message: Ben Nagy: "RE: Firewalls, PC static routes, gateways"
- Previous message: Peter Vincent: "Win98 SE Firewall?"
- In reply to: Randy Witlicki: "Firewalls, PC static routes, gateways"
- Next in thread: Ben Nagy: "RE: Firewalls, PC static routes, gateways"
- Reply: Rodney van den Oever: "Re: Firewalls, PC static routes, gateways"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Tue Jan 04 2000 - 04:56:30 CST