|
Edited on Tue Sep-08-09 04:04 AM by lapfog_1
so please forgive me covering ground that you already know.
First, let's remove the magic box from the picture for the moment.
So, you have a computer at home (notebook) and it has at least 2 network interfaces.
One you wish to connect to "the internet" (and your work place) and the other you wish to connect to other computers inside your home. (this may NOT be what you want to end up with, but let's go with it for the moment).
IPv4 network addresses (let's ignore IPv6 for the moment as well) are made up of 4 groups of 8 bits (32 bits total). Each group can contain 256 numbers, from 0 to 255. So the total address range looks like 0.0.0.0 to 255.255.255.255 (4 billion addresses). Class "A" networks fix the first tuple to a particular number, say 61. and allow all of the rest to range from 0 to 255, i.e. 61.0.0.0 to 61.255.255.255, class "B" fix the first TWO tuples, and class "C" fix the first three. All addresses in the internet are assigned this way. Large internet backbone providers have the larger class "A" nets, and the government and the military and so on. regional ISPs have the class B networks (as part of someone else's class A, and some companies (especially those that were around 15 to 20 years ago) have their own class "C" networks.
When you look up, oh say CNN (run the command "ping www.cnn.com" in your command prompt window), have addresses like 157.166.226.26 and so on. These are called "real space addresses. They are what is used to route traffic between your house and your company. You almost never see these on any individual computer today... and the reason is that there are WAY more than 256 devices (routers, computers, smart switches, VPN boxes, hell - refrigerators and car engines, that need or could use an IP (Internet Protocol) address.
IPv6 fixes things, and it's used a great deal by larger companies and backbone ISPs, but not yet (even all these years later) by home computers and routers. We got around the limitations of IPv4 by using "fake space" addresses. These are addresses that by convention, are NEVER EVER assigned to any given internet associated device or computer. There are three "fake space" ranges, 192.168.X.X, 172.16.X.X and 10.X.X.X, and we developed two other protocols to go with this convention, namely IPNAT and DHCP. IPNAT is Internet Protocol Network address translation and DHCP is Dynamic Host Configuration Protocol. The IPNAT will translate from one IP address to some other, using an extra field in the IP protocol in case of duplications. DHCP allows a network device (router) to assign Dynamic IP addresses from a pool so that devices that aren't connected all the time don't need a fixed (non-changing) IP address.
Here is how it all fits together.
Your computer (DHCP) connects to an ISP somewhere (cable company, whatever). Usually that company HAS a real IP address or group of addresses assigned to it. Your computer connects to the router at the ISP and requests a Dynamic address for itself. The router will assign it a "fake space" address, say 192.168.1.143 (you are the 143st customer to make a connection in the last hour or so). It then uses IPNAT to map that address (along with all 142 other customers) to a single IP address assigned to that ISP. Now we have 143 devices masquerading as a single IP address, but every packet sent from each of those 143 has some magic bits of information stored in it, so that when the receiving computer (web server) wants to send something back, it simply sends to the single IP address but includes the magic bits somewhere... your ISP router then decodes that and figures out that the packet is meant for YOU and sends it along.
So, that's how almost the entire internet hangs together at this point, along with another important bit of protocol, namely one that translates names into numbers, DNS (thanks to Jon Postel, may he rest in peace).
Oh, there are lots of other things to be sure, but that's the gist of it.
Now, how does all of this apply to your problem.
You have two interfaces, one of which connects to a black box (more on this later), and the other... well you could connect it to the internet, or you could connect it to a LAN (Local Area Network) and use it to get at your printer, for example. Or vice versa (more on this option in a minute).
Here is what my system looks like (I have a solution like what I just described).
C:\Documents and Settings\Administrator>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection 8:
Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 192.168.0.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . :
Ethernet adapter Wireless Network Connection 3:
Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 192.168.1.130 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1
C:\Documents and Settings\Administrator>route print =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 1e 2a 4a 85 d7 ...... NETGEAR GA311 Gigabit Adapter - Packet Scheduler Miniport 0x3 ...00 12 17 aa ae 01 ...... Wireless-G PCI Adapter with SRX - Packet Schedul er Miniport =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.130 25 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.0.0 255.255.255.0 192.168.0.1 192.168.0.1 10 192.168.0.1 255.255.255.255 127.0.0.1 127.0.0.1 10 192.168.0.255 255.255.255.255 192.168.0.1 192.168.0.1 10 192.168.1.0 255.255.255.0 192.168.1.130 192.168.1.130 25 192.168.1.130 255.255.255.255 127.0.0.1 127.0.0.1 25 192.168.1.255 255.255.255.255 192.168.1.130 192.168.1.130 25 224.0.0.0 240.0.0.0 192.168.0.1 192.168.0.1 10 224.0.0.0 240.0.0.0 192.168.1.130 192.168.1.130 25 255.255.255.255 255.255.255.255 192.168.0.1 192.168.0.1 1 255.255.255.255 255.255.255.255 192.168.1.130 192.168.1.130 1 Default Gateway: 192.168.1.1 =========================================================================== Persistent Routes: None
C:\Documents and Settings\Administrator>
Now, I have defined two fake space class "C" networks, one (192.168.0.X) is used to communicate with my other home computers and printer, and the other (192.168.1.130) is a DHCP assigned IPNATed address that connects to the internet through a local router and ISP. Note that in the routing table that I printed, it shows Destination 0.0.0.0 using gateway 192.168.1.1 and interface 192.168.1.130, the "internal" address of my router is 192.168.1.1 and the interface I use to communicate with it is 192.168.1.130 (the DHCP assigned address). Note also that the netmask for both is 255.255.255.0 (wherever there is a "1" bit in the mask, the IP address of the destination MUST match that of the IP address of the interface. The 0.0.0.0 address is special and is used to indicate a default route for any address that DOESN'T match the netmask rules in the routing table. So, let's say I want to remote login to one of my other home computers, I use a program called ttcp to establish a connection to 192.168.0.11 (a FreeBSD machine). When ttcp tries to make a connection, the Windows routing software looks at the 192.168.0 part of the destination, finds a MATCH in the routing table when the address in only compared in the upper 24 bits (255.255.255.0 mask) with my interface 192.168.0.1. It then sends the packets to that interface, when then sends it to my Gigabit Ethernet switch, and then to my FreeBSD box.
If I send this message to DU, my computer firsts asks a name server to resolve www.democraticunderground.com, which it does and it finds that it is 216.158.54.197. That doesn't match any specific route in the routing table so the windows routing software sends it to the "default" route of 0.0.0.0 using the 192.168.1.130 interface and the "gateway" (intermediate first stop) of 192.168.1.1. When that packet arrives at my router, it wraps the packet inside another and adds the IPNAT magic bits, and then sends it to my ISP (my router's gateway), the ISP sends it to IT'S ISP and so on till it arrives at DU.
You can SEE this by using the command tracert (trace route) that will show the name (if there is one) and the real IP address of every intermediate "hop" in the packet's travel from your computer to some random web site or destination computer (this can come in handy later).
OK, so all I did to set this up was assign a fixed fake space address to my LAN connection (the 192.168.0.1) address, and make sure I have the netmask set and the gateway address set. For the other address, I let DHCP do the magic. And windows USUALLY does the right thing and sets up the route table all by itself on boot. USUALLY.
If not, you can create a script to "route delete 0.0.0.0" and "route add 0.0.0.0 mask 0.0.0.0 192.168.1.1" and run it at start up to force the correct routes. So long as my internet connection router sets up MY interface through DHCP to BE on the 192.168.1.X network, this works.
So... you COULD do things just like this.
What that means is that traffic to the web will go over your "default" connection to the black box and then to your company and then to the internet. But your local traffic (your printer in your house, other computers in your house, etc) would NOT go over the internet. In fact, with just a bit more magic, you could have your windows box act as the ISP router for all of your other home computers.
OR you could do the following.
Set up your SECOND (non-black box) interface as the "default route" and ONLY use the black box for communicating with your company HQ. Both the black box AND your second interface could share the same "WAN" connection, but only traffic destined for your office would actually go to your office computers and routers... all of your local traffic (your printer) would stay inside your house, and you web traffic would go to the web. Here is how we pull this off.
First you need to find out what the address ranges are used internally at your company. You can ping them with the set up you have now and find out... or you could ask you IT guys. You then set the interface for the black box to ONLY handle that range of address (let's guess and say it's a full class "B" subnet in the fake space of, say, 10.12.X.X). So, you add a specific route for that... "route add 10.12.0.0 mask 255.255.0.0 192.168.10.1" (where 192.168.10.1 is the address of your black box and, say, 192.168.10.103 is the assigned address of the interface that connects to it).
Then you add a default route for the second interface that bypasses the black box and connects directly to your internet WAN router (to your ISP). Make sure this on is the default or 0.0.0.0 route.
Now, so long as all of your other local devices are NOT 10.12.X.X, and traffic to them will ALSO choose the default route, and head for your router inside your house (but on the interface not connected to the black box). If that router has (as most do) a set of ports, and everything inside the house connects to one of those ports, the router will immediately route the printer traffic to the printer without you having to do anything else... no more cross country trips.
Hope this helps. If I've rambled too long here, sorry...
|