Firewall Wizards mailing list archives
Re: Firewalls, PC static routes, gateways
From: Rodney van den Oever <RvdOever () chello nl>
Date: Tue, 04 Jan 2000 02:06:38 +0100
Randy Witlicki wrote:
I'm wondering if anybody has come up with a reasonable solution to static routes for Windows 95/98/NT laptop users in networks with a firewall and *another* gateway. If we have a setup where: - The default route points to the firewall on the local network, and; - You need an additional route to point to a gateway for some private network (either via VPN or a private (leased line or frame relay) link). (e.g.: the route to 0.0.0.0 is 10.0.0.1 and the route to 172.16.0.0/16 is 10.0.0.2)
Either: 1. set the default route to the internal router and make sure that one has a default route pointing to the inside interface of the firewall and has knowledge of other networks within the VPN. 2. Use DHCP anyway and add a batchfile to add a static route. Be aware that you can't add static routes via DHCP (at least Windows won't accept any). Just add some batchfile to the startup-group e.g.: bash$ cat routeadd.bat @echo off rem DHCP: ipconfig /release 0 ipconfig /renew 0 rem @Work route delete 0.0.0.0 mask 0.0.0.0 x.x.x.x route add 0.0.0.0 mask 0.0.0.0 10.0.0.1 route add 172.16.0.0 mask 255.255.0.0 10.0.0.2 3. If you add a default route to 10.0.0.1 on the VPN-router and you enable ICMP-redirects (probably by default enabled), this router will send an ICMP-redirect to the clients telling them there's a better path to the outside world via 10.0.0.1. This oughta work with Windows.
- If you have a "route add" in a startup .BAT file on a 95 or 98 PC or a "route add -p" on an NT PC, if it is a laptop and that laptop travels to the remote network the "route add" is pointing at, then you need a .BAT file to reverse the startup .BAT file. I assume you might have similar problems with a *nix laptop. Is there a way to get one of these systems to listen to RIP or something similar ?
In case the user connects to another network, the batchfile just won't work because of the different interface address, but's that no probem. -- Rodney van den Oever / PGP Key ID 0x0A6CCE53 'Hit any user to continue.' - Erich Meijer
Current thread:
- Firewalls, PC static routes, gateways Randy Witlicki (Jan 03)
- Re: Firewalls, PC static routes, gateways Csiri (Jan 03)
- Re: Firewalls, PC static routes, gateways Bill Pennington (Jan 03)
- Re: Firewalls, PC static routes, gateways Rodney van den Oever (Jan 03)
- <Possible follow-ups>
- RE: Firewalls, PC static routes, gateways Ben Nagy (Jan 03)
- RE: Firewalls, PC static routes, gateways John F. Appel (Jan 03)
- FW: Firewalls, PC static routes, gateways dave . goldsmith (Jan 04)