Page 1 of 1 1
Topic Options
#185618 - 2008-02-22 04:57 PM Add routes NT4
Niels2008 Offline
Just in Town

Registered: 2008-02-22
Posts: 4
Hi,

We have a NT4 server with KIX login script. Now I want to add routes (network range) to the clients by using the login script. The problem is that the users don't have admin right in order to add a route...

Anyone an idea?

Thanks
N.


Edited by Niels2008 (2008-02-22 04:57 PM)

Top
#185620 - 2008-02-22 05:24 PM Re: Add routes NT4 [Re: Niels2008]
Gargoyle Offline
MM club member
*****

Registered: 2004-03-09
Posts: 1597
Loc: Valley of the Sun (Arizona, US...
Why would you not add routes at the default gateway instead of trying to modify every desktop?
_________________________
Today is the tomorrow you worried about yesterday.

Top
#185621 - 2008-02-22 05:28 PM Re: Add routes NT4 [Re: Niels2008]
Witto Offline
MM club member
*****

Registered: 2004-09-29
Posts: 1828
Loc: Belgium
Welcome to the board Niels2008
Like Gargoyle suggested:
you really do not have a router or L3 switch in your network?
Maybe explain your problem a bit more.
Can the "route" command help you? (don't know if elevated privileges are required)

Top
#185622 - 2008-02-22 06:29 PM Re: Add routes NT4 [Re: Witto]
Niels2008 Offline
Just in Town

Registered: 2008-02-22
Posts: 4
Thanks for your replies.

I use the run Route Add command in the Kix script.

We have 2 gateways in our lan. One is going to the internet, the other is going to our other company located in the UK through the WAN connection. Some traffic in our lan has to go through the UK. We installed a Watchguard Firebox firewall but this device hasn't got the ability to act as a router.

Hope this gives you some more info.

N.

Top
#185623 - 2008-02-22 07:00 PM Re: Add routes NT4 [Re: Niels2008]
BradV Offline
Seasoned Scripter
****

Registered: 2006-08-16
Posts: 686
Loc: Maryland, USA
Hi,

If I correctly understand your situation, you want your default route to point to your Internet gateway, but would like to add a static route to each workstation pointing to the Watchguard which would then encapsulate and forward the traffic on to your corporate network.

If you are using DHCP, you can simply add a static route on your DHCP server. The clients will then pick this up when they renew their license. You can force this on each workstation with an

ipconfig /renew

If you are not using DHCP, you will have to add the static route to each workstation with something like:

route -p add network_address_of_company mask netmask_of_company Watchguard_gateway metric 1

You may or may not need the metric part.

You could also write it directly to the registry at:

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes

it goes in as a REG_SZ value with the name being network,mask,gateway,metric and no data.

Of course the normal user can't do this. Hopefully, you are using DHCP. \:\)

Regards,

Brad

Top
#185628 - 2008-02-22 11:44 PM Re: Add routes NT4 [Re: BradV]
Witto Offline
MM club member
*****

Registered: 2004-09-29
Posts: 1828
Loc: Belgium
I would presume you can always add routes to a firewall (?)
Watchguard Firebox System Configuration Guide
 Quote:

Configuring Routes
A route is the sequence of devices through which network traffic must go to get from its source to its
destination. A router is the device in a route that finds the subsequent network point through which to
send the network traffic to its destination. Each router is connected to a minimum of two networks. A
packet can go through a number of network points with routers before it gets to its destination.
The Firebox lets you create static routes to send traffic from its interfaces to a router. The router can then
send the traffic to the applicable destination in the specified route.
For more information about network routes and routers, refer to:
http://www.watchguard.com/support/AdvancedFaqs/general_routers.asp
Adding a network route
Add a network route if you have a full network behind a router on your local network. Type the network
IP address, with slash notation.
1 From Policy Manager, click Network > Routes.
The Setup Routes dialog box appears.
2 Click Add.
The Add Route dialog box appears.
3 To the right of Route to, click Net.
4 In the Network Address text box, type the network IP address. Use slash notation.
For example, type 10.10.1.0/24. This is the 10.0.1.0 network with subnet mask 255.255.255.0.
5 In the Gateway text box, type the IP address of the router.
Make sure that you enter an IP address that is on one of the networks that you find on a Firebox interface. The
Gateway for the route can not be in the destination network.
6 Click OK to close the Add Route dialog box.
The Setup Routes dialog box shows the configured network route.
7 Click OK again to close the Setup Routes dialog box.
Firebox interface speed and duplex
66 WatchGuard System Manager
Adding a host route
Add a host route if there is only one host behind the router or you only want traffic to go to one host.
Type the IP address of that specified host, with no slash notation. From Policy Manager:
1 Click Network > Routes.
The Setup Routes dialog box appears.
2 Click Add.
The Add Route dialog box appears.
3 To the right of Route to, click Host.
4 In the Network Address text box, type the network IP address. Use slash notation.
5 In the Gateway text box, type the IP address of the router.
Make sure that you enter an IP address that is in one of the networks that you find on a Firebox interface.
6 Click OK to close the Add Route dialog box.
The Setup Routes dialog box shows the configured host route.
7 Click OK against to close the Setup Routes dialog box.

Top
#185630 - 2008-02-23 09:36 AM Re: Add routes NT4 [Re: Witto]
Niels2008 Offline
Just in Town

Registered: 2008-02-22
Posts: 4
Thanks Witto. You are right, the firebox should do this as well... but this is what I posted on the Watchguard forum a view days ago:
---------------------
Hi, Hope some of you could help me out.

We are configuring a firebox 55e for our office in the Netherlands to replace our existing Mandrake MNF firewall.

We have got one connection to the internet and one connection to our LAN (192.168.24.xxx).

Our lan is connected to our other office in the UK. On the Mandrake firewall I have therefore created routes to our other offices (for example 192.168.100.0/24 and 172.16.4.0/24 both with gateway 192.168.24.2). This is working fine. When we replaced the Mandrake with the Firebox we also added the existing routes in the Network->Routes menu.
Unfortunately this isn't working correctly. When we want to do a telnet session to 172.16.4.16 we can't connect. When we first do a ping to this IP we get a successful reply and suddenly we are able to do a telnet session to this machine as well.

Can someone tell me what's happening and how to solve this problem. (I've allready tried to add a static route to the machines in the login script. We still use NT4 with KIK32 and this won't let me do this because of the users doesn't have admin rights....)

Please help.

Many thanks
Niels Jansen
---------------------------------

Top
#185632 - 2008-02-23 05:15 PM Re: Add routes NT4 [Re: Niels2008]
Gargoyle Offline
MM club member
*****

Registered: 2004-03-09
Posts: 1597
Loc: Valley of the Sun (Arizona, US...
How is your local lan connected to the remote lan? Based upon your description you have 3 networks to worry about. 192.168.100.0 172.16.4.0 and 0.0.0.0.

Assuming that it is a physical connection you have to have a router with 3 interfaces to route this traffic.

From what I saw on the Watchgaurd site, all of the appliances have at 6 interfaces, so you should have one connected to the Internet one to the Inside (local lan) and one to your remote site.

If it is a logical interface where you are connecting through the Internet and using an IPSEC tunnel, then you just route to the logical interface.
_________________________
Today is the tomorrow you worried about yesterday.

Top
#185634 - 2008-02-23 06:28 PM Re: Add routes NT4 [Re: Gargoyle]
Niels2008 Offline
Just in Town

Registered: 2008-02-22
Posts: 4
Our local lan is connected to the remote lan via a cisco router.

192.168.24.0 is our local lan
172.16.4.0 is our remote lan

The firebox has an interface going to the internet modem and an interface connected to one of our switches.

Top
#185636 - 2008-02-23 10:04 PM Re: Add routes NT4 [Re: Niels2008]
Witto Offline
MM club member
*****

Registered: 2004-09-29
Posts: 1828
Loc: Belgium
Make your Cisco router the default gateway for your workstations via DHCP.
Set on your cisco router a default route to your firewall.

Top
#185637 - 2008-02-24 12:21 AM Re: Add routes NT4 [Re: Witto]
Gargoyle Offline
MM club member
*****

Registered: 2004-03-09
Posts: 1597
Loc: Valley of the Sun (Arizona, US...
As Witto suggests..

It should look like one of these.
 Code:
Local Lan -> Cisco Router -> Remote Lan
                  |
                  V
               FireWall -> Internet

 Code:
Local Lan -> Firewall -> Cisco Router -> Internet
                              |
                              V
                          Remote Lan


Dependent on if you "trust" your Remote Lan, then all of your clients have a single default gateway and the Cisco Router is then doing as it is designed - routing.
_________________________
Today is the tomorrow you worried about yesterday.

Top
#185641 - 2008-02-24 09:24 AM Re: Add routes NT4 [Re: Gargoyle]
Witto Offline
MM club member
*****

Registered: 2004-09-29
Posts: 1828
Loc: Belgium
This is how I presume it is now:
 Code:
Local Lan -> FireWall -> Internet
                  |
                  V
               Cisco Router -> Remote Lan

I would suggest to use the first "code" you wrote, Gargoyle
I presume the Cisco Router is 192.168.24.2 and the firewall is 192.168.24.1
I would try to set the Cisco as the default gateway via DHCP
The routes on the Cisco would look like this
 Code:
ip route 192.168.100.0 255.255.255.0 "NextHop"
ip route 172.16.4.0 255.255.255.0 "NextHop"
ip route 0.0.0.0 0.0.0.0 192.168.24.1

Top
#185696 - 2008-02-26 02:41 AM Re: Add routes NT4 [Re: Witto]
lukeod Offline
Getting the hang of it

Registered: 2008-01-11
Posts: 70
Loc: Australia
If for some reason you cannot sort it out with the far superior solutions using the Cisco as the Default Gateway and Registry/routes on clients are the only way, you could do it via Startup or Shutdown scripts wich run as a SYSTEM account (administrative privilges). Do not know enough about Pre-XP / server 2000/2003 environments to know how the group policy's work, but in 2000/2003 you can set a startup/shutdown script(s) via group policy.

Make sure that if it points toward a script on a server, that the share and NTFS permissions have read access for 'Domain Computers'.

Luke

Top
Page 1 of 1 1


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 366 anonymous users online.
Newest Members
Timothy, Jojo67, MaikSimon, kvn317, kixtarts2025
17874 Registered Users

Generated in 0.064 seconds in which 0.023 seconds were spent on a total of 13 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org