|
|
| Author |
Message |
Tav
Toomuchtimeonhands
Joined: 11 Oct 2002
Posts: 894
|
 Posted: 12/06/04 - 12:51 Post subject: Advanced Network Config question - asking here cuz I'm lazy!
|
|
|
Relates to PC IP Routing
Here's the scenario:
PC on Corporate network connected to enterprise network with DHCP IP.
Default Gateway given to provide connectivity to remote resources across Wide Area Network.
2nd NIC (Wireless GPRS to the Internet) on PC - Connected to the Internet (to bypass corporate content filter).
It's given an IP address from the Internet provider.
Now, how do I setup routing on the PC to send all internet traffic through the GPRS NIC and to send corporate traffic to the Default Gateway of the LAN connection?
google is next! 
|
|
|
Back to top
|
|
|
|
 |
Celestra
RealPoor Master of Posts
Joined: 11 Oct 2002
Posts: 6929
|
|
Posted: 12/06/04 - 12:52 Post subject:
|
|
|
omg, so lazy. 
|
|
|
Back to top
|
|
|
|
|
Frashii
Sir Postalot
Joined: 11 Oct 2002
Posts: 1329
Location: Anchorage, AK
|
|
Posted: 12/06/04 - 14:46 Post subject:
|
|
|
Plz to learn about the route command.
you will want to have one interface set to have a default route, and the other one not to.
The easiest way to do this would be to install a VPN client that allows split tunneling, define (or bribe your IP guy for the SPF and/or route table) the 'corporate' subnets and allow it to do the dirty work.
You can do it manually, but getting the routes and/or subnet definitions is the trick.
Caveat: Most IT organizations take a VERY dim view of external ingress/egress points on the network, expecially non-secured wireless.
My recommendation:
Hook a laptop up to the wireless. Surf, stroke and make sure you use and encrypted filesystem so that if they take it, they cannot get the content without work.
|
|
|
Back to top
|
|
|
|
|
Tav
Toomuchtimeonhands
Joined: 11 Oct 2002
Posts: 894
|
|
Posted: 12/06/04 - 15:49 Post subject:
|
|
|
| Frashii wrote: | Plz to learn about the route command.
you will want to have one interface set to have a default route, and the other one not to.
The easiest way to do this would be to install a VPN client that allows split tunneling, define (or bribe your IP guy for the SPF and/or route table) the 'corporate' subnets and allow it to do the dirty work.
You can do it manually, but getting the routes and/or subnet definitions is the trick.
Caveat: Most IT organizations take a VERY dim view of external ingress/egress points on the network, expecially non-secured wireless.
My recommendation:
Hook a laptop up to the wireless. Surf, stroke and make sure you use and encrypted filesystem so that if they take it, they cannot get the content without work. |
I do know the "route" command.
What I tried, is added 3 routes for the subnets that belong to our enterprise network, and specified my LAN default gateway for the routes.
I tested this by pinging the remote LANs and also pinging some web pages.
It worked for about 2 minutes and then stopped again.
No idea what caused it to stop. I'm thinking it was still something to do with local routing because I can remove the routes, re-add them, and they'll work again for a short time.
|
|
|
Back to top
|
|
|
|
|
kemble
RealPoor Sensei
Joined: 14 Oct 2002
Posts: 1912
Location: MI
|
|
Posted: 12/06/04 - 17:47 Post subject:
|
|
|
|
what operating system is being used?
|
|
|
Back to top
|
|
|
|
|
Tav
Toomuchtimeonhands
Joined: 11 Oct 2002
Posts: 894
|
|
Posted: 12/06/04 - 19:07 Post subject:
|
|
|
| kemble wrote: | | what operating system is being used? |
Windows XP... and I figured it out.
In case anyone is wondering, I had to give my LAN NIC an IP address without a Default Gateway. (the default gateway is a global IP setting and can s***w up static routes)
I then connected to the ISP and that was set as the Default Gateway.
I then added the static routes for the LANs on the Enterprise network.
Able to split traffic that way and direct Internet to where I wanted and also communicate with enterprise resources.
|
|
|
Back to top
|
|
|
|
|
khrath
RealPoor Master of Posts
Joined: 11 Oct 2002
Posts: 8750
|
|
Posted: 12/06/04 - 19:13 Post subject:
|
|
|
|
wouldn't it be easier to do that with a router, so you only have one nic in your pc? and every additional pc that needs access to both?
|
|
|
Back to top
|
|
|
|
|
Frashii
Sir Postalot
Joined: 11 Oct 2002
Posts: 1329
Location: Anchorage, AK
|
|
Posted: 12/06/04 - 21:28 Post subject:
|
|
|
| Tav wrote: | | Frashii wrote: | Plz to learn about the route command.
you will want to have one interface set to have a default route, and the other one not to.
The easiest way to do this would be to install a VPN client that allows split tunneling, define (or bribe your IP guy for the SPF and/or route table) the 'corporate' subnets and allow it to do the dirty work.
You can do it manually, but getting the routes and/or subnet definitions is the trick.
Caveat: Most IT organizations take a VERY dim view of external ingress/egress points on the network, expecially non-secured wireless.
My recommendation:
Hook a laptop up to the wireless. Surf, stroke and make sure you use and encrypted filesystem so that if they take it, they cannot get the content without work. |
I do know the "route" command.
What I tried, is added 3 routes for the subnets that belong to our enterprise network, and specified my LAN default gateway for the routes.
I tested this by pinging the remote LANs and also pinging some web pages.
It worked for about 2 minutes and then stopped again.
No idea what caused it to stop. I'm thinking it was still something to do with local routing because I can remove the routes, re-add them, and they'll work again for a short time. |
Sorry Tav, didn't mean for that to come across like that 
yeah. if you look at the second line of my post, I mentioned the only one card with default route. if you set both, your machine turns into router mode and will choose the shortest path with the routes getting 'costed' and such.
I shake and shiver at the thought of Windows XP doing a Microsoft version of SPF and or BGP.
|
|
|
Back to top
|
|
|
|
|
Tav
Toomuchtimeonhands
Joined: 11 Oct 2002
Posts: 894
|
|
Posted: 12/07/04 - 12:27 Post subject:
|
|
|
| Frashii wrote: | | Tav wrote: | | Frashii wrote: | Plz to learn about the route command.
you will want to have one interface set to have a default route, and the other one not to.
The easiest way to do this would be to install a VPN client that allows split tunneling, define (or bribe your IP guy for the SPF and/or route table) the 'corporate' subnets and allow it to do the dirty work.
You can do it manually, but getting the routes and/or subnet definitions is the trick.
Caveat: Most IT organizations take a VERY dim view of external ingress/egress points on the network, expecially non-secured wireless.
My recommendation:
Hook a laptop up to the wireless. Surf, stroke and make sure you use and encrypted filesystem so that if they take it, they cannot get the content without work. |
I do know the "route" command.
What I tried, is added 3 routes for the subnets that belong to our enterprise network, and specified my LAN default gateway for the routes.
I tested this by pinging the remote LANs and also pinging some web pages.
It worked for about 2 minutes and then stopped again.
No idea what caused it to stop. I'm thinking it was still something to do with local routing because I can remove the routes, re-add them, and they'll work again for a short time. |
Sorry Tav, didn't mean for that to come across like that
yeah. if you look at the second line of my post, I mentioned the only one card with default route. if you set both, your machine turns into router mode and will choose the shortest path with the routes getting 'costed' and such.
I shake and shiver at the thought of Windows XP doing a Microsoft version of SPF and or BGP. |
NP Frash... I honestly didn't take offense.
|
|
|
Back to top
|
|
|
|
|
Tav
Toomuchtimeonhands
Joined: 11 Oct 2002
Posts: 894
|
|
Posted: 12/07/04 - 12:42 Post subject:
|
|
|
| khrath wrote: | | wouldn't it be easier to do that with a router, so you only have one nic in your pc? and every additional pc that needs access to both? |
Because the solution isn't for everybody, just me. I want to bypass the logging efforts of our corporate IT snoop team (special group of IT in the organization just responsible for easy shit like Proxy).
Also, we have a routing network in place so me adding a 2nd router wouldn't work.
As for 2 nics in the PC one is a GPRS card but is seen by XP as a NIC.
|
|
|
Back to top
|
|
|
|
|
sinrakin
RealPoor Master of Posts
Joined: 11 Oct 2002
Posts: 7044
|
|
Posted: 12/07/04 - 12:54 Post subject:
|
|
|
| Frashii wrote: | | I shake and shiver at the thought of Windows XP doing a Microsoft version of SPF and or BGP. |
Did you know that a lot of computer games used the SPF (Dykstra) algorithm for monster AI to path them from room to room? That always struck me as a cool. The guy who wrote the OSPF RFC (Moy) used to always tease me about playing too many computer games, so I'd use that as my excuse
|
|
|
Back to top
|
|
|
|
|
kemble
RealPoor Sensei
Joined: 14 Oct 2002
Posts: 1912
Location: MI
|
|
Posted: 12/07/04 - 16:41 Post subject:
|
|
|
| Tav wrote: | | khrath wrote: | | wouldn't it be easier to do that with a router, so you only have one nic in your pc? and every additional pc that needs access to both? |
Because the solution isn't for everybody, just me. I want to bypass the logging efforts of our corporate IT snoop team (special group of IT in the organization just responsible for easy shit like Proxy).
Also, we have a routing network in place so me adding a 2nd router wouldn't work.
As for 2 nics in the PC one is a GPRS card but is seen by XP as a NIC. |
Sounds like your IT team needs help if they feel the need to have a content filter, yet allow normal users to install hardware and software on company computers.....
|
|
|
Back to top
|
|
|
|
|
Tav
Toomuchtimeonhands
Joined: 11 Oct 2002
Posts: 894
|
|
Posted: 12/07/04 - 19:17 Post subject:
|
|
|
| kemble wrote: | | Tav wrote: | | khrath wrote: | | wouldn't it be easier to do that with a router, so you only have one nic in your pc? and every additional pc that needs access to both? |
Because the solution isn't for everybody, just me. I want to bypass the logging efforts of our corporate IT snoop team (special group of IT in the organization just responsible for easy shit like Proxy).
Also, we have a routing network in place so me adding a 2nd router wouldn't work.
As for 2 nics in the PC one is a GPRS card but is seen by XP as a NIC. |
Sounds like your IT team needs help if they feel the need to have a content filter, yet allow normal users to install hardware and software on company computers..... |
I'm part of IT, and not a "normal" user.
Our environment is large enough to have a shared services team. Internet gateway / proxy / firewall falls under administration of that group.
At any rate, the content filter is for ALL of our users, including that of IT. Although there are some back doors, I don't want my backdoor usage logged.
|
|
|
Back to top
|
|
|
|
|
Frashii
Sir Postalot
Joined: 11 Oct 2002
Posts: 1329
Location: Anchorage, AK
|
|
Posted: 12/07/04 - 20:18 Post subject:
|
|
|
Tav,
Does your firewall team monitor 'sustained port 22 traffic' ?
I have ssh running on my freebsd box and it is running squid which allows me to proxy surf.
I run it on port 22,23,81 and 442 
To the monitor nazis' this looks like normal ssl based https traffic...
|
|
|
Back to top
|
|
|
|
|
Nictathan
RealPoor Master of Posts
Joined: 11 Oct 2002
Posts: 5531
Location: here... where I am... not with you
|
|
Posted: 12/07/04 - 20:29 Post subject:
|
|
|
| Frashii wrote: | Tav,
Does your firewall team monitor 'sustained port 22 traffic' ?
I have ssh running on my freebsd box and it is running squid which allows me to proxy surf.
I run it on port 22,23,81 and 442
To the monitor nazis' this looks like normal ssl based https traffic... |
Nice Frashii
|
|
|
Back to top
|
|
|
|
|
|
|
