Routing Between Real and 10 network

I've recently been given the task of setting up a 10.0.0.* network within our
company to handle wireless and non-important computers. Currently we have a
netscreen firewall/router between us and the ISP and have real (Ie routable)
IP's.

With the addition of the 10 network the company has purchased a netgear
wireless firewall router.

I have it set up so that the wireless computers can connect to the internet
along with connecting to the real computers (pretty much plugged it in).
However they wish to be able to connect to the 10 network from the real
network.

I have very limited knowledge of routing, but I figure this can be done by
telling the external router (netscreen) to route all traffic back at the
netgear router. I have already added the following rule to the netscreen
device and this seems to keep the packets from leaving our space however I
don't know where they actually go to after that.
IP: 10.0.0.0/16; Gateway:NetgearRouterRealIP; Static; Metric 1; Vsys Root

What types of rules do I need to add to the netscreen router? And do I need to
add any static routes to the netgear?

Thanks,

On 26 Feb 2004 08:42:53 -0800, Cj B <black@comet.n-polk.k12.ia.us> wrote:
> I've recently been given the task of setting up a 10.0.0.* network within our
> company to handle wireless and non-important computers. Currently we have a
> netscreen firewall/router between us and the ISP and have real (Ie routable)
> IP's.
>
> With the addition of the 10 network the company has purchased a netgear
> wireless firewall router.
>
> I have it set up so that the wireless computers can connect to the internet
> along with connecting to the real computers (pretty much plugged it in).
> However they wish to be able to connect to the 10 network from the real
> network.
>
> I have very limited knowledge of routing, but I figure this can be done by
> telling the external router (netscreen) to route all traffic back at the
> netgear router. I have already added the following rule to the netscreen
> device and this seems to keep the packets from leaving our space however I
> don't know where they actually go to after that.
> IP: 10.0.0.0/16; Gateway:NetgearRouterRealIP; Static; Metric 1; Vsys Root
>
> What types of rules do I need to add to the netscreen router? And do I need to
> add any static routes to the netgear?

You did not say what model Netgear, so I can only guess that it is a
broadband router that does NAT, so your private 10.x.x.x network can
access the internet through the firewall. In that case it will only
accept traffic on its WAN side to its NetgearRouterRealIP, you cannot
directly address its LAN IPs from its WAN. You can forward specific ports
to specific private IPs, or set 1 box there as DMZ.

--
David Efflandt - All spam ignored http://www.de-srv.com/

efflandt@xnet.com (David Efflandt) wrote in message news:<slrnc3trr0.c7l.efflandt@typhoon.xnet.com>...
> You did not say what model Netgear, so I can only guess that it is a
> broadband router that does NAT, so your private 10.x.x.x network can
> access the internet through the firewall. In that case it will only
> accept traffic on its WAN side to its NetgearRouterRealIP, you cannot
> directly address its LAN IPs from its WAN. You can forward specific ports
> to specific private IPs, or set 1 box there as DMZ.

It's a netgear FWAG114. I figure that since there's an option to
assign routing tables this has to be doable. It's just a matter of me
knowing the right things to put into the routing tables.

As for the port forwarding, I haven't seen this option anywhere, can
you explain more?

Thanks!
Cj B

On 27 Feb 2004 06:30:43 -0800, Cj B <black@comet.n-polk.k12.ia.us> wrote:
> efflandt@xnet.com (David Efflandt) wrote in message news:<slrnc3trr0.c7l.efflandt@typhoon.xnet.com>...
>> You did not say what model Netgear, so I can only guess that it is a
>> broadband router that does NAT, so your private 10.x.x.x network can
>> access the internet through the firewall. In that case it will only
>> accept traffic on its WAN side to its NetgearRouterRealIP, you cannot
>> directly address its LAN IPs from its WAN. You can forward specific ports
>> to specific private IPs, or set 1 box there as DMZ.
>
> It's a netgear FWAG114. I figure that since there's an option to
> assign routing tables this has to be doable. It's just a matter of me
> knowing the right things to put into the routing tables.
>
> As for the port forwarding, I haven't seen this option anywhere, can
> you explain more?

I am not really familiar with that router, but you might check out the
Netgear hardware forum at http://www.broadbandreports.com/ alias
http://www.dslreports.com/

--
David Efflandt - All spam ignored http://www.de-srv.com/