On Tue, Jun 2, 2009 at 1:01 PM, Salvador Manzo <[email protected]> wrote:
> ... multiple IPs on a server ...
[...]
> 10.0.0.1 Private Gateway
> 10.0.x.x Range
>
> Public
> 128.125.n.y Normal Public Gateway
> 128.125.x.x Range
I'm going to assume you mean a server which is directly attached to
two different IP networks. (It can be the same physical network
interface with multiple IP addresses assigned, or two separate
interfaces; that doesn't matter for present purposes.)
Further, I will assume the IP topology looks something like this:
Network A = 10.0.0.0/24
Server Address B = 10.0.0.b
Gateway C = 10.0.0.1
Gateway C can reach the rest of 10.0/16
Network N = 128.125.n.0/24
Server Address P = 128.125.n.p
Gateway Y = 128.125.n.y
Gateway Y can reach the rest of 128.158/16
Also, gateway C can reach the rest of the world, and is the gateway
you want to use for that purpose.
(In the above, "rest of the world" can mean whatever you like. It
can be a subset of the real world, if that's what you want.)
> ROUTE -p ADD 128.125.0.0 MASK 255.255.0.0 128.125.n.y METRIC 2 IF 2
You're on the right track. You don't actually need the "METRIC 2 IF
2" stuff, and I recommend omitting it. It may confuse things (people
or computers), especially in the future if/when things change. So:
ROUTE -p ADD 128.125.0.0 MASK 255.255.0.0 128.125.n.y
You also need to make sure that you have **NOT** configured a
default route via anything *but* gateway C (10.0.0.1). In particular,
do **NOT** configure 128.125.n.y as a "default gateway".
That should do it.
=== MORE INFORMATION ===
Here's how it works:
Once the IP addresses B and P are configured on the server, the
server will automatically have routes to the directly connected
networks (A and N). You just need to tell the server how to reach
networks which are not directly connected.
The route command above adds a static route. That route tells the
server that 128.125/16 can be reached via gateway 128.125.n.y. The
server already knows how to reach gateway 128.125.n.y, since it is
attached to network N via address P.
Configuring a "default gateway" just creates a default route. A
default route is simply a route which matches any destination (network
0.0.0.0, netmask 0.0.0.0, prefix length 0). By configuring 10.0.0.1
as a "default gateway", you get a route that says, "the whole world
can be reached via the gateway at 10.0.0.1".
The general IP routing algorithm prefers more specific routes. So a
default route will only be used as a "last resort". The route to
128.125.0.0/16 will be preferred over the route to 0/0. The route to
128.125.n.0/24 will be preferred over the route to 128.125.0.0/16.
The general IP routing algorithm is also recursive, so the server
knows that to reach gateway 128.125.n.y, it should use the route to
128.125.y.0/24 it has via the directly connected interface.
The reason for my emphasis on default gateway configuration is:
Default routes ("default gateways") are not actually associated with
network interfaces, as far as IP is concerned. Routes live the
routing table, and tell the host's built-in software router where to
send packets.
However, the configuration automation stuff Microsoft provides
*does* associate default routes with interfaces. That is bogus. It
happens to work for the common case, but it causes confusion whenever
things get the least bit complicated. People tend to want to
configure a "default gateway" for every interface, but that's not
required, and usually wrong.
In your case, you only want a single default gateway, 10.0.0.1.
In fairness to Microsoft, plenty of other companies do the same
thing in their configuration automation stuff. So it's a common
source of confusion. Just remember: When you see a "default gateway"
option for an interface, keep in mind you're adding a default route to
the system-wide routing table, not just that interface.
If you're not familiar with prefix notation, well, this message is
already too long, so I'll just say:
/24 = netmask 255.255.255.0
/16 = netmask 255.255.0.0
/8 = netmask 255.0.0.0
-- Ben
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
