[dba-Tech] Getting through a router

Jim Lawrence accessd at shaw.ca
Mon Dec 3 12:45:29 CST 2007 

Hi John:

In complex situation like this there are a number of things that can be
done. 

Set up one of your servers as the primary and start Active Directory
services on that computer. From this location it can control all the IP
addresses to the rest of the network, the level of security and who on the
network can see what.

The router should now be set to have all inbound ports to point to the
primary server. For example: In essence the Active directory services, on
the Primary server, re-directs the mail (port 80) to the other stations.
This allows only one point of entry to the network.

To actually connect to individual stations, you can either access your
Primary server and through Active Directory services control each. Like who
(which IP/station) gets access to printers, shares, rights, resources,
routers etc.

In addition, I have setup a Hamachi VPN network that allows each station to
be accessed directly internally or remotely. Even when an external request
is received it is challenged by a login request.       

The reason it all works is there is a single point of control through Active
Directory Services. http://technet.microsoft.com/en-us/library/aa998088.aspx

HTH
Jim


-----Original Message-----
From: dba-tech-bounces at databaseadvisors.com
[mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of jwcolby
Sent: Monday, December 03, 2007 6:17 AM
To: 'Discussion of Hardware and Software issues'
Subject: [dba-Tech] Getting through a router

Guys,

I have a cable modem to the internet.  I then have one of those new MIMO
routers (Netgear WPN824) router connected to that cable modem - Wireless
network C2Db2.  This wireless router allows my TIVO, my wife's and my son's
laptop to get to the internet.  All in all the MIMO technology is pretty
awesome, allowing significantly better signal strength in most cases.  This
router apparently has the DHCP Server enabled and serves addresses
192.168.1.1 through 192.168.1.255

Behind that router I have my old original wireless router (A DLink) behind
which is my business network - Wireless network C2Db.  This router has the
DHCP Server enabled and serves addresses 192.168.122.1 through
192.168.122.255.  ATM I have a cable running from the DLink to an 8 port 1
gb switch.  All of my servers and my laptop (via cable) connect to that
switch and thus have 1g connectivity .

My problem is that if I take my laptop downstairs I really want to use the
MIMO out to the internet because it is truly a stronger signal, a LOT
stronger in some cases.  However if I go in through the MIMO I can't see the
business network behind the DLink router.

I went into my laptop and set up a hard coded IP address 192.168.122.150 for
my Dell M90 laptop wireless and 192.168.122.151 for the laptop 1gbit NIC so
that it works correctly behind the DLink (business) firewall.

I went into the DLink (business) firewall server and set up a rule to allow
WAN IP address 192.168.122.150 (the M90 wireless) to pass through the router
and access all IP addresses on the LAN side, using all protocols and all
ports.  This rule does not appear to work, i.e. when I disconnect the cable
which connects the laptop to the 1gbit switch and connect to wireless
network C2Db2 (MIMO) I cannot see the computers behind the DLink firewall.
Furthermore the laptop cannot see the internet directly through the MIMO
router, I suspect because of the IP range conflict.  If I connect to the
wireless network C2Db (the DLink wireless) the laptop can of course see the
business network because it is behind the DLink firewall, and it can
correctly see the internet. 

So my question is, can rules be set up to allow a specific NIC OR IP address
to pass all traffic through the DLink business router?  IOW I need to get
from the MIMO side to the DLink side, but only for the M90 laptop.

Also can I set up the MIMO router DHCP to serve up IP addresses in the
192.168.122.x range just like the DLink router does so that the M90 laptop
with a fixed IP address in the 192.168.122.X range can directly pass through
the MIMO router?

Did I explain this well enough to understand what I am up to?  I want a MIMO
wireless that my TIVO and all the laptops around the house can get to the
internet on.  I want a firewall behind that to isolate my business network
but still allow it to access the internet.  I want JUST my M90 laptop to be
able to get through the DLink (business) firewall when it connects to the
MIMO wireless network, but I also want my M90 laptop to be able to get out
to the internet when connected through the MIMO wireless or when connected
through the DLink router.

John W. Colby
Colby Consulting
www.ColbyConsulting.com 

_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com

More information about the dba-Tech mailing list