VMware Cloud Community
YaoBling
Contributor
Contributor
‎07-31-2009 09:18 AM

Routing issues from a public interface to a private interface

Hi experts,

I have an issue here. I have a VM that is running a w2k3 server. I have two virtual network interfaces attached to it. One with a public IP so I can reach the machine from the internet. Second interface has a private IP configured.

I have a web server setup with a public address. I can access the webserver externally, but when the webserver needs to connect to services within the private IP range I can't seem to get them to talk to each other. Can this be fixed by adding a routing table within the win2k3 VM? If so how do I do it? or any other solution. There is no firewall/routers involved here. I have attached the current routes within the VM.

Any help is much appreciated.

Thanks,

Sayhoa

0x10003 ...00 0c 29 7c 23 2f ...... VMware Accelerated AMD PCNet Adapter

0x10004 ...00 0c 29 7c 23 39 ...... VMware Accelerated AMD PCNet Adapter

===========================================================================

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 140.99.54.1 140.99.54.106 10

0.0.0.0 0.0.0.0 192.168.1.100 192.168.1.120 10

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

140.99.54.0 255.255.255.0 140.99.54.106 140.99.54.106 10

140.99.54.105 255.255.255.255 127.0.0.1 127.0.0.1 10

140.99.54.106 255.255.255.255 127.0.0.1 127.0.0.1 10

140.99.255.255 255.255.255.255 140.99.54.106 140.99.54.106 10

192.168.1.0 255.255.255.0 192.168.1.120 192.168.1.120 10

192.168.1.0 255.255.255.0 192.168.1.122 140.99.54.106 10

192.168.1.120 255.255.255.255 127.0.0.1 127.0.0.1 10

192.168.1.122 255.255.255.255 127.0.0.1 127.0.0.1 10

192.168.1.123 255.255.255.255 127.0.0.1 127.0.0.1 10

192.168.1.124 255.255.255.255 127.0.0.1 127.0.0.1 10

192.168.1.125 255.255.255.255 127.0.0.1 127.0.0.1 10

192.168.1.126 255.255.255.255 127.0.0.1 127.0.0.1 10

192.168.1.255 255.255.255.255 192.168.1.120 192.168.1.120 10

192.168.1.255 255.255.255.255 192.168.1.122 140.99.54.106 10

224.0.0.0 240.0.0.0 140.99.54.106 140.99.54.106 10

224.0.0.0 240.0.0.0 192.168.1.120 192.168.1.120 10

255.255.255.255 255.255.255.255 140.99.54.106 140.99.54.106 1

255.255.255.255 255.255.255.255 192.168.1.120 192.168.1.120 1

Default Gateway: 192.168.1.100

===========================================================================

Persistent Routes:

0 Kudos
9 Replies
AndreTheGiant
Immortal
Immortal
‎07-31-2009 09:48 PM

You must add a internal interface also to your webserver.

Or install a router/firewall device.

Or install the Microsoft routing service on the w2k3 server.

Andre

Andrew | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro
0 Kudos
YaoBling
Contributor
Contributor
‎08-01-2009 09:25 AM

Hi Andre,

I installed win2k3 routing. I'm not familiar with routing tables. Do I just forward all the private ips to the public interface or vice versa? Can you give instructions based on your answer with the win2k3 routing?

Thanks,

Sayhoa

0 Kudos
AndreTheGiant
Immortal
Immortal
‎08-01-2009 09:34 AM

You can simple enable the routing (is not a good idea for security, but it's just for start).

Then the internal w2k3 interface must be the default gw for the internal network.

And on the external VM your have to add a route rules to make internal network reachable from the external w2k3 interface.

Andre

Andrew | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro
0 Kudos
YaoBling
Contributor
Contributor
‎08-01-2009 10:04 AM

I only have 1 VM with 2 virtual nics attached. 1 for public and the other for private. Will that work with just the routing from win2k3? or do I need something else to rout the traffic.

Sayhoa

0 Kudos
AndreTheGiant
Immortal
Immortal
‎08-01-2009 11:23 AM

You must enable routing service on the 2 vNIC VM.

IMHO, it's more faster to add a secondo vNIC to the external VM.

The more secure solution is have (also as a virtual appliance) a firewall/routing system.

Andre

Andrew | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro
0 Kudos
YaoBling
Contributor
Contributor
‎08-02-2009 03:43 PM

Do I have to setup the routing tables if I add a external NIC to the VM? I still can't get it to work. Is there a tutorial out there for routing and how to figure it? :_|

Sayhoa

0 Kudos
AndreTheGiant
Immortal
Immortal
‎08-02-2009 08:47 PM

Do I have to setup the routing tables if I add a external NIC to the VM?

You have only to add a internal vNIC to your web server.

What's the address of your internal network?

Andre

Andrew | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro
0 Kudos
YaoBling
Contributor
Contributor
‎08-02-2009 10:56 PM

My internal network:

Vnic1: 192.168.1.120

192.168.1.121 VU

192.168.1.124 VU Connection server " authenticates"

140.99.54.105 VU Webserver

Vnic 2: 140.99.54.106

When you connect to the webserver 140.99.54.105 it will request info from the 192.168.1.124. I ran wireshark and it does not show connection between the 2 address.

Sayhoa

0 Kudos
AndreTheGiant
Immortal
Immortal
‎08-04-2009 04:53 AM

Have you add the second interface on your webserver?

On the same portgroup (label) of the internal network.

Andre

Andrew | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro
0 Kudos