Re: Firewalls, PC static routes, gateways

From: Rodney van den Oever (RvdOeverat_private)
Date: Mon Jan 03 2000 - 17:06:38 PST

Next message: David LeBlanc: "RE: Help, some one's hacked into my home computer"

Previous message: John F. Appel: "RE: Firewalls, PC static routes, gateways"
Maybe in reply to: Randy Witlicki: "Firewalls, PC static routes, gateways"
Next in thread: Ben Nagy: "RE: Firewalls, PC static routes, gateways"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Randy Witlicki wrote:
> 
>    I'm wondering if anybody has come up with a reasonable
> solution to static routes for Windows 95/98/NT laptop users
> in networks with a firewall and *another* gateway.
>    If we have a setup where:
>     - The default route points to the firewall on the local
> network, and;
>     - You need an additional route to point to a gateway for
> some private network (either via VPN or a private (leased line
> or frame relay) link).
>     (e.g.: the route to 0.0.0.0 is 10.0.0.1 and the route to
> 172.16.0.0/16 is 10.0.0.2)

Either:

1. set the default route to the internal router and make sure that one
has a default route pointing to the inside interface of the firewall and
has knowledge of other networks within the VPN.

2. Use DHCP anyway and add a batchfile to add a static route. Be aware
that you can't add static routes via DHCP (at least Windows won't accept
any). 

Just add some batchfile to the startup-group e.g.:

bash$ cat routeadd.bat

@echo off
rem DHCP:
ipconfig /release 0
ipconfig /renew 0

rem @Work
route delete 0.0.0.0 mask 0.0.0.0       x.x.x.x
route add    0.0.0.0 mask 0.0.0.0       10.0.0.1
route add 172.16.0.0 mask 255.255.0.0   10.0.0.2  

3. If you add a default route to 10.0.0.1 on the VPN-router and you
enable ICMP-redirects (probably by default enabled), this router will
send an ICMP-redirect to the clients telling them there's a better path
to the outside world via 10.0.0.1. This oughta work with Windows.

>    - If you have a "route add" in a startup .BAT file on a 95 or
> 98 PC or a "route add -p" on an NT PC, if it is a laptop and that
> laptop travels to the remote network the "route add" is pointing
> at, then you need a .BAT file to reverse the startup .BAT file.
> I assume you might have similar problems with a *nix laptop.
>     Is there a way to get one of these systems to listen to
> RIP or something similar ?

In case the user connects to another network, the batchfile just won't
work because of the different interface address, but's that no probem.

--
Rodney van den Oever / PGP Key ID 0x0A6CCE53
'Hit any user to continue.' - Erich Meijer

Next message: David LeBlanc: "RE: Help, some one's hacked into my home computer"
Previous message: John F. Appel: "RE: Firewalls, PC static routes, gateways"
Maybe in reply to: Randy Witlicki: "Firewalls, PC static routes, gateways"
Next in thread: Ben Nagy: "RE: Firewalls, PC static routes, gateways"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:56:34 PDT