Home / server / Questions / 74662
In Process
Ryan Fernandes
Asked: 2009-10-15 20:02:57 +0800 CST

connect PCs on LAN to internet (using RRAS)

  • 772

Inventory:

  1. Multiple PCs [WinXp/2K] on LAN (192.168.10.x) [default gateway is 192.168.10.100]
  2. One DSL modem at 10.1.0.1
  3. One PC [Windows 2000 AS] (dual NIC with RRAS) with:
    a. 192.168.10.100 [connected to above LAN] and
    b. 10.1.0.2 [connected to DSL modem]

The gateway PC (point 3) can see the internet and the PCs on LAN (point 1) can ping the gateway PC. The gateway PC hosts a proxy server (squid).

Problem:
Just turning on RRAS on the PC (at point 3) doesn't work. I know I'm missing some steps here.. Can someone please help?

Edit: Long Story:
Some PCs on LAN (Point 1) need to have restricted access to the internet. Hence the Dual Nic PC (point 3)acting as a proxy (squid+squidguard). This works fine, all PCs on LAN can connect to the internet via the gateway proxy. However, some PCs on that LAN need to connect directly to the internet (they use citrix and other stuff that needs direct connectivity).

internet

3 Answers

  1. You need to get your win2k box (3.) to do Network Address Translation with RRAS. It is possible, but painful.

    I would personally either replace 3b with a DSL modem that will terminate & NAT the connection, or upgrade 3. to Windows Server 2003, which does allow NAT without so much pain.

    • 1

  2. You're trying to use a Win2K machine as a firewall, router and proxy. That's really not a good way to go, not least of which because Win2K is a clunky and unreliable version at best. I suggest you replace that with something better suited to the task. There are a number of Linux based firewalls that will fit your needs and more. My personal favourite is Smoothwall but there are others, each having their own strengths and weaknesses. All the ones I've seen are easily managed via a web browser and generally require very little, if any, prior Linux experience.

    • 0

  3. If I understand correctly you have most PCs working through the gateway (Point 3) already, but you want some to connect directly to the Internet without going through the gateway PC.

    For those PCs that need direct access, they will need to be in the same subnet as the DSL modem, or you'll need some sort of router or gateway for them. Your gateway PC is serving as a gateway between the two subnets.

    Your options are: - move some or all PCs to the DSL subnet - move DSL to the PC subnet (and any PCs that are already in that subnet) - setup a router between the subnets - i.e. if your switch supports layer 3 routing, have it route between the subnets - use the gateway PC for all routing between subnets, and work through whatever issues you have with the routing (i.e. why do you want some PCs to have direct access out?)

    • 0