I'm trying to make it possible to access a webserver on another network (A) from my local network (C).
They have a router on our end which I cannot access directly to make any changes, If I connect the cable(B) from this router to a pc I'm able to access the webserver with proper IP configuration. But obviously I cannot connect the (B) to main switch as it needs IP configuration.
I want the whole local network to be able to access this webserver (B).
Access I mean as in through browser. Internal proxy is running fedora with squid which is connected to the internet, and only means of access to the external webserver is through (B).
I hope it's clear, with that super diagram and all.
EDIT: Let me know if it's possible by editing router configuration too, it's a juniper.
Thank you guys, great community!
You state in the diagram that the router has a 10.1.35.235 IP address; but a router should have TWO addresses, one for each network it's connected to.
Does the router have two network interfaces (I suppose so)?
What is its IP address on network A? Is this that 10.1.35.235 you mentioned?
What is its IP address on the other interface, the one you should connect to network C? Does it have one? Is it appropriate for network C?
If 10.1.35.235 is the router's address on network A, and it has (or you can give it) a proper address on network C, such as 10.1.36.42, then what you need is adding a route to machines on network C, in order to tell them they can talk to network A through that router; on Windows, the command would be
You can also use ROUTE -p ADD [etc.] to make the setting permanent (i.e. surviving machine reboots).
Another (better) option would be adding the route to the main gateway for network C, which will thus be able to route packets directed to network A through the other router; this is a lot simpler to manage than adding the route to each and every machine on network A.
Ok, so you can connect a single device to that "router", and it gets a single IP address on the remote network. Looks bad, maybe it's just acting as a bridge. Whatever.
You can use your own router, then; buy one (or get a PC with two network cards and your favourite OS) and give it that IP address on the remote network, then use it to let your own network talk to the remote one.
You'll need NAT, because you can't use plain routing here; computers in the remote network would never know how to reach yours. So you need to setup a NAT router (quite easy with both Windows RRAS or Linux IPTABLES) which has your own LAN as its internal/private network and a cross-link to the other router as its external/public one; configure it for NAT, and add a route to your main router stating that you can reach the remote network through this new router.
A little example (can't draw diagrams now):
The thing in the middle is your NAT device; it has two interfaces, and the NAT direction is towards the 10.1.35 network; so it gets 10.1.35.235 on its "public" interface; its "private" one is connected to your LAN. Then add a route to your main router (the default gateway for your network) stating "to reach 10.1.35, go through 10.1.36.42". Done.
If you are not able to change any configuration on the router and the port on cable B only allows/has one IP address, I would say you have to configure SNAT on a device between the router and the switch to be able to use this single IP by many client behind this SNAT device.
create a new vlan on your switch with the matching ip range of the router then enable ip routing. this will only work if your switch is layer 3.
so the end will be you will have 2 vlans on your switch, the first will be your original network and the second will be on a single port connected to this 3rd party router.
In essence your switch will act like a router between the 2 networks.
Stuart
If your internal proxy server has multiple network interfaces, you could dual-home it to both your internal network and the provider hand-off. You could then configure the routing table on the proxy as follows:
Alternatively, if your proxy only has a single interface, you could install another router facing off to the provider router. It's a little difficult to specify a configuration without knowing the rest of your network topology. For example, does the proxy you mention also need to provide internet connectivity to your workstations? Or is it only used for proxying internal connections?
I guess I'm confused as to what the problem is...you've got hosts on 10.1.36/24 that you want to access a webserver on 10.1.35/24? Does traffic normally flow this direction? Where is your internet connection? Is 10.1.35/24 directly attached to the router or is it located across the internet connection (if that's the case, a VPN will likely be necessary)?
Is 10.1.35.235 your only assigned address and you need help NAT'ing outbound requests? Or is it the inside address on the router (default gateway?) Is the proxy server also on 10.1.36/24?
Probably superfluous information, but it's not necessarily true that you can't connect the outbound connection directly to the switch. As a matter of standard process, I attach my routers and firewalls to matching VLANs on a switch so that I can move them around if the need arises. Example: