Topic: repost sorry

[Jan]

Hi all,

Have a question that is still active for me. I repost it here hoping someone will answer it. I wish to know if I can upgrade my server only one ethernetcard SME 5.5 to a server and gateway two ethernetcard setup as described below. Had some problems trying so.....

Here's the present setup

Internet
I
Router/firewall/modem ADSL 192.168.1.*(forewarding some ports to SME)
I
Switch -- SME 5.5 server only 192.168.1.*(one ethernet card)
I
Client Comuters 192.168.1.*

This works fine for now but as I posted before I want to start using it as a gateway and server. I tried it but got into some trouble setting it up and als got some complaints so maybe I should ask here for full details first.

Here's the setup I want to get working

Internet
I
Router/firewall/modem ADSL 192.168.1.* (DMZ to SME5.5 on 10.0.0.*)
I
Switch == SME 5.5 server and gateway external 10.0.0.* & internal 192.168.1.*
I
Client Computers 192.168.1.*

The idea is I do NOT want to change the router setup from router to bridge or something like that nor put the SME in between router and clients (for the moment. Can this work?

Problems I ran into:
Once I set it up like this I couldn't ping the server's internal or external address
Once I gave my client a static IP in the 10.0.0.* range I could ping both addresses.
Both ethernet cards are of the same make and type so difficult to keep apart but I figured it shouldn't matter since both are connected to the same switch.
No connection to the internet

Any ideas?

Thanks in advance,

Jan

[Bill Talcott]

If you're only using one network connection to the SME, why do you want to put two NICs in it?

If you're using it for a gateway, you're sending all the traffic through the SME anyway, so why don't you want the SME between the clients and router? If you have the SME set up as a gateway, then it will route traffic out through the external port, so it won't work unless you have it between the internet connection and the clients.

[Jeff]

Have you set up your local machines to use the internal ip address as the gateway?

There are a lot of different things going on here.  I just did this yesterday on a 5.6u with no problems as far as changing from server only to server and gateway.  Aside from the client computer how is dns configured?  Client or ESmith,  Double check the gateway on Esmith is router.  Can you get to webpages via ip only?

[Jan]

Bill,

1st answer. I want to use it as a gateway eventually just leave the option open to opt out for now. Basically the server needs to prove effective first.... unfortunately.
Once I can show it to be reliabel and possibly even better than the hardware router I will put it in between clients and router

2nd answer. I want to put 2 nics in one of which will have a different range but both are (for now) connected physically to the same switch which is connected to the router.

The problem is that I have no idea if this should work or not.

So if you think it works, please let me know. If you think it will not work, please let me know why not and what the cure should be.

Thanks for your patience and help.

regards,


Jan

[Jan]

Jeff,

I can't seem to remember if I did or not so I will try again next weekend to make sure.I entered nothing for DNS in SME or client, so I guess its using the SME.

In the server only mode I can just type the full address so I don't think its a DNS issue. I couldn't ping either IP (external NIC or internal NIC) untill I gave my client a static IP within the external range. I thought that was kinda weird.

Any solutions tips or tricks is very much appreciated.

regards,

Jan

[Bill Talcott]

Jan wrote:
>
> 1st answer. I want to use it as a gateway eventually just
> leave the option open to opt out for now. Basically the
> server needs to prove effective first.... unfortunately.
> Once I can show it to be reliabel and possibly even better
> than the hardware router I will put it in between clients and
> router
>
> 2nd answer. I want to put 2 nics in one of which will have a
> different range but both are (for now) connected physically
> to the same switch which is connected to the router.
>
> The problem is that I have no idea if this should work or not.
>
> So if you think it works, please let me know. If you think it
> will not work, please let me know why not and what the cure
> should be.

It would depend on how your router is set up. You'll need to set the EXTERNAL interface of the SME to the same as the other PCs (192.168.1.x), so it can access the router. You'll then need to specify a different range for the SME's INTERNAL interface (10.0.0.x for example). I'm not sure how this will affect communications between PCs on the "router LAN" and those on the "SME LAN". The SME LAN PCs will be NAT-ed behind the one "router LAN" IP address that the external interface has. Unless I'm missing something, the "router LAN" would appear to be an external network just like any other. Maybe the local networks setting would get around that though...

I don't know much about routing two separate networks on one switch. Never tried it... But if you have the SME acting as a DHCP server on its LAN and the router acting as a DHCP server for its LAN, and both LANs are on the same switch, I would think you'd get conflicts when a DHCP request was sent out by a client. You'd need to turn off DHCP on one and give out static IPs for its LAN. You may be able to specify the "router LAN" PCs in the SME's hostnames panel by MAC, so it won't try to assign its own IPs to those PCs, though I haven't tried that.

In short, an SME is everything that a "home broadband router" is, plus more. I think you're going to spend a lot of time setting things up and fixing little problems to get both routers working on the same network, when you could basically just drop in the default SME in place of the other router.

[Bill Talcott]

Also, I remember reading a while back that people had issues when using two of the same NIC in an SME. It would get confused or something. Haven't seen anything lately, so it may have been a problem that was fixed. Might want to get a cheap card to throw in for the internet side, just to make things easier though.

[Jan]

Bill,

Thanks for all the input, its much appreciated. I think I will try setting the router/modem on 10.0.0.1. The internal NIC will remain on 192.168.1.* and the external NIC I will set to 10.0.0.2. DHCP only from the SME and the standard gateway set to the internal nic on 192.168.1.* The wireing I will keep as mentioned before for now. That is untill the system works as it should. Finally I believe there shouldn't be a problem with the two identical NIC's once I had set my client to the external IP range I could ping both, so chances are they both work.

Next weekend I'll try this ... almost can't wait .....

Thanks for the input.

Kind regards,

Jan

[Bill Talcott]

Jan wrote:
>
> Thanks for all the input, its much appreciated. I think I
> will try setting the router/modem on 10.0.0.1. The internal
> NIC will remain on 192.168.1.* and the external NIC I will
> set to 10.0.0.2. DHCP only from the SME and the standard
> gateway set to the internal nic on 192.168.1.* The wireing I
> will keep as mentioned before for now. That is untill the
> system works as it should. Finally I believe there shouldn't
> be a problem with the two identical NIC's once I had set my
> client to the external IP range I could ping both, so chances
> are they both work.

Are you planning on having other PCs connected directly to the router still (via the switch)? If so, they'll need to be set up manually, and I believe they won't have access to the SME's private services. As I said, the remote network stuff might allow that, but I have no firsthand experience with it (here either it's on the LAN or it's not). I think you'd save yourself a lot of messing around if you just had the router going to the external NIC, and the internal NIC feeding the switch. Then all the PCs are on the LAN, and you don't have to worry about figuring out where each computer is trying to send its data.

[Jan]

Bill,

Yes, unfortunately for now I will not put SME between clients and router/modem yet. We have the misfortune of having an at times very unstable ADSL connection. This means:

1. We get a new IP every so many times after a disconnect occurs and need to find out the new one from the router/modem to keep the external DNS records straight. To do this we need to be able to log into the router/modem using its IP address. I'm not sure I can do that if the SME is inbetween the client and the router/modem. (a static IP is not yet available)

2. I still have to prove to the users that the SME is working as it should before they will allow me to change anything substantial. They know enough to circomvent the server in orden to access the internet without SME and that's just what they want to be able to do. In essence they type in the router/modem  as gateway in their client's network settings.

So maybe in a few months, or preferably weeks, I'll have'm ready to believe SME is a good choice and make the final leap.

I'll keep you posted.

Kind regards,

Jan

[Bill Talcott]

Jan wrote:
>
> 1. We get a new IP every so many times after a disconnect
> occurs and need to find out the new one from the router/modem
> to keep the external DNS records straight. To do this we need
> to be able to log into the router/modem using its IP address.
> I'm not sure I can do that if the SME is inbetween the client
> and the router/modem. (a static IP is not yet available)

We're using 10.0.x.x for our LAN behind the SME. I can still access the cable modem's web interface at 192.168.0.1 from my PC, through the SME. If you can give the external interface of the SME the actual public IP, you could have it update the dynamic DNS info automatically even...

> 2. I still have to prove to the users that the SME is working
> as it should before they will allow me to change anything
> substantial. They know enough to circomvent the server in
> orden to access the internet without SME and that's just what
> they want to be able to do. In essence they type in the
> router/modem  as gateway in their client's network settings.

The point I was trying to make is that dropping a default SME in is a much less substantial change than trying to rig up parallel networks and stuff. I think you'll run into more problems trying to make it work this way, than you would just dropping it in the chain, and removing it if there is a problem. I'm just used to users blaming the most visible target (the new SME) for any problem that comes up after a change, even if it's caused by something else (parallel networking problems).

Depending on the physical layout, it might be easier to get another cheap switch (Best Buy has a 5 port D-Link DSS-5+ with auto MDI/MDIX for US$30). Hook that switch to the router, and run the SME off it. Then run the SME to the existing switch. If you have a problem and want to get the SME out of the chain, just move the cable for the existing switch from the SME's internal NIC to the new switch. Then all the PCs will be on the "router LAN" again. You could even leave DHCP enabled on both the router and the SME then (since they'd be physically separated), and the users would just need to renew the lease, and it would work either way.

[Jan]

Bill,

I will try both. Switches and server are physically close to each other < 1m  so I don't see a problem there. You're right that any time there is a problem people here will blame SME if they know it's in between them and the internet. But next saturday I can try all so if the one doesn't work I'll try the other.

Thanks for all the input!

regards,

Jan

[Kevin Manderson]

Hi

I have a similar requirement with multiple intenal NICs but ths time for security reasons. I need to separate off some PCs. One segment will have the current users with their internal network etc and the second will have some temporary 'public' clients in the same office (through a different switch). I want to split the 'public' clients out and protect the rest of the lan.

I have several options with different firewall setups but would like to use the SME as the actual gateway if possible. Am intending to experiment and see if I can have the two NICs with dhcp working. Has anyone done this sucessfully.

Regards
kevin