Two Network Cards 2

[kaddett]

Hi

I am running a netware 6.0 sp2 server thats not connected to internet. i want to give access to the internet to my clients and also allow clients to connect from home to their netstorage folder.

My server ip address is 192.X.X.X and i would like to install another network card which connect to our router and the ip address is in the 10.X.X.X range.

How do i go about this.

Thanks in Advance

Kaddett

 

[Provogeek]

Install the hardware
Install the driver
Run INETCFG and bind the IP address to the new NIC

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Provogeek
CNE Network+ Experience

Certified nut case

 

[kaddett]

Thanks

Got it sorted but strugling to give access to the internet to my clients.

I have no border manager installed yet so am not sure how to allow access.

Thanks in Advance

Kaddett

 

[Provogeek]

Well, first you would need to enable NAT (Network Address Translation) on the server. Enable it on the PUBLIC NIC. This would be the NIC on the 10.x.x.x subnet. You can enable it for static or dynamic or both. In most cases, you will just need dynamic. You only really need a static one-to-one NAT if a host behind the NAT that need to be accessed from the out side world. Since you have no firewall in place, you should not use a one-to-one NAT.

I do get the impression that you will be using a dual NAT, this will cause you issues with some applications, but should work for most.

Then you just need to make sure the servers default route is the ethernet port on the Internet router on the 10.x.x.x subnet. Then the clients would need to have their default gateway the IP address of hte servers private IP on the 192.x.x.x subnet.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Provogeek
CNE Network+ Experience

Certified nut case

 

[kaddett]

Thanks

from your explanation i gather i should use static as my users will be accessing netstorage from home.I will be installing bordermanager 3.7 in about two weeks time as soon as licencing has been agreed by the powers that be.

is there a tid that explains how to do nat.

Thanks in Advance

Kaddett

 

[kaddett]

hi again

This is what i have done

on Server with two nic cards

card 1 which is connected to internet ip address 10.x.x.x
card 2 which is connected to local lan ip address 192.x.x.x

This server is only running netware 6.0. i installed nothing else on it yet.

at server console i ran inetcfg

selected BINDINGS

selected interface with 10.x.x.x

selected expert TCP/IP Bind Options

selected NAT

set status to static and dynamic

selected nat table

pressed ins

in public address field i entered 10.x.x.x
and in private i entered 192.x.x.1
.

on my main server where i have netware 6.0 running as well as i folder netstorage and were all the user data is stored has only one nic card ip address 192.x.x.2 I have done nothing.

When i log on the serverfrom workstation i can access netstorage ifolder fine but no internet access.

what else do i need to do. also i will have to set up access from the outside world to netstorage .


Any help with this would be much appriciated


Thanks in Advance


Kaddett

 

[Provogeek]

Good job on the first part, there are a few items you need to look at to complete this project.

Can you clarify a few things for me so I can be sure to give you the correct advice?

The server running iFolder and NetStorage (two different services), is it on a different server than the one doing the NAT, or is on the same server that is doing the NAT?

Why are you setting up the PUBLIC NIC in the server doing the NAT with a private IP address (10.x.x.x) and not a publicly routable IP address?

What is between the the PUBLIC NIC in the NAT server and the Internet access point in your network your ISP provides?

Do you have an internal DNS server?

Do you have any avilable IP addresses from your ISP?

Do you have access to or can you contact someone to help you edit your public DNS records?


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Provogeek
CNE Network+ Experience

Certified nut case

 

[kaddett]

Hi

The server running iFolder and Netstorage are running on server 192.x.x.2 and i am NOT doing Nat on this server.

Our internet service provider is a school borough which provides internet access for all the schools in the borough.They provide us with a IP range 10.7.x.x which comes through a router confiqured by the borough i have no access to but i do know it works cause when i connect a laptop to it and use the 10.7.x.x ip on it i get the internet.So this is where i have connected the other netware 6.0 server where I hope to install bordermanager 3.7 at later stage.

I have a internal dns/dhcp server runing on the server which has ifolder and netstorage on.the ip address range is 192.168.x.x.

i do have assistance from the borough were they have set up a route for testing purposes only from my ip address at home to 10.7.x.x ip address.

My internal clients can connect to ifolder and netstorage just not access the internet.


All your help is much oblidged.








Thanks in Advance

Kaddett

 

[kaddett]

Hi

Still unable to connect to the internet any help please.


Getting a bit desparate.

Thanks in Advance

Kaddett

 

[lgarner]

OK, as I understand this you have two servers on your "private" lan, one with an address of 192.168.x.1 and the other, which you want to access via the Internet at 192.168.x.2.

You've added a second NIC to server A with an address of 10.7.x.x, which is the "public" address as far as your lan is concerned. You need to get to server B from the 10 side of server A, and have your lan clients get to the internet through server A.

I think this is what you need to do:
First, add a secondary IP address to server A using a 10 address. All packets coming in with your current configuration are being NAT'd and not getting back to your clients.

Then, set up NAT on server A as you did, but use the private IP of server B (the .2 address). It looks like you're just translating from server A's public side to its own private side.

Also, ensure that your clients, and server B, have server A's private address (192.168.x.1) set as their default gateway.

Finally, make sure that your borough has set up a *real* public internet address to nat to the secondary 10.7.x.x address that you put on server A. This will allow those on the internet to get through to you. I don't see any problem with the "double nat" that they'll be going through in this case.

I think that's it. Let me know if I've forgotten something (a distinct possibliity )

I don't see any need for BorderManager here unless a) your borough has no firewall (shudder!), or b) you want to use the proxy or BMAS features. You can't use any BM VPN with your configuration due to the borough's NAT router- that screws up BM's IPSEC. I think this might be fixed with BM 3.8, but don't hold me to it.

Lee.

 

[kaddett]

Thanks i am a bit confused with your explanation but will try and go throught it once i get to work .

Thanks in Advance

Kaddett

 

[kaddett]

Hi

I have managed to set up access to the internet for my workstation clients.

Now how can I set access from external connections to the my server running netstorage.

My current set up is

server 1

two nic cards public card 10.7.x.x private card 192.168.x.1

Nat is set at dynamic only

server 2

One nic card ip address 192.168.x.2

no nat.

isp has set up access from my home ip address 212.159.x.x to the 10.7.x.x address.they have access to the relavent ports that netstorage and ifolder are working from.

internal clients can access netstorage and ifolder.

server 1 has no border manager only netware 6.0 no service pack and server two running netware 6.0 sp2.




Thanks in Advance

Kaddett

 

[lgarner]

From your previous post I understand that your web services are running on server 2. You need a secondary ip address on server 1, and nat that address to server 2.

On server 1, type "add ip address 10.7.x.x secondary", where the address is different than the actual interface address.

Then do what you indicated that you did in your original post, where you created the static & dynamic nat. But, use the secondary ip address of server 1, not the "real" address that you set up in the Bindings.

Also make sure that your ISP has another public address NAT'd on their side for your secondary ip address. Do to what you're doing requires 2 public addresses.

Hope this explains it ok.
Lee.

 

[kaddett]

thanks a million will give it a go as soon as i get to work.

Thanks in Advance

Kaddett

 

[kaddett]

thanks

done what u said and seems to be working tested from borough side and all ok will test when i get home.

webaccess displaying blank page though everything else ok though



Thanks in Advance

Kaddett

 

[kaddett]

Thanks for the help Lee got everything working.

only found that the command for assigning secondary ip address in netware 6.0 is ADD SECONDARY IPADDRESS x.x.x.x
and had to remeber to put in autoexec.ncf as disovered when restarting server secondary ip address disappeared.

other wise everything else seems ok


Thanks in Advance

Kaddett

 

[lgarner]

You're right, of course. I was mixing Novell and Cisco syntax. I'm glad that you found the right command and got it working.