Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Kerio WinRoute Firewall as gateway
  •  
Angel Tsankov

Messages: 21
Karma: 0
Send a private message to this user
I have 2 PC's: PC1 runs Kerio WinRoute Firewall and connects to the internet
through a gateway which runs on a machine, to which I do not have access.
PC2 does not have any access to the internet except via Kerio on PC1. How do
I configure PC1 to act as gateway for PC2?



  •  
Martyx

Messages: 14
Karma: 0
Send a private message to this user
Assuming PC1 has two network interfaces and is setup correctly to browse the internet via a Gateway (NAT).

Set PC1 other network interface to a manual IP address, something like 192.168.234.1, Subnet 255.255.255.0, No Gateway or DNS.

Set PC2 to manual IP address, 192.168.234.2, Subnet 255.255.255.0, Gateway 192.168.234.1, DNS 192.168.234.1

On Kerio, use the Traffic Policy Wizard and specify (this is using KWF 6.0.2):

Page2: Ethernet, DSL, cable modem or other.
Page3: Should choose the internet access NIC automatically.
Page4: Allow access to all services (no limitations)
Page5: No
Page6: As Defaults
Page7: Enable NAT

That should work!
  •  
Martyx

Messages: 14
Karma: 0
Send a private message to this user
To also reduce confusion, you could go into the "Interfaces" configuration and you will notice all the NICs listed.

Check their IP addresses, and you can give them friendly names.

For example, my server has 2 NICs - one for network, and one connected to the ADSL router. I have simply named them "xLAN" and "xADSL".
So when you view the traffic policies, its easier to understand whats going where!
  •  
Angel Tsankov

Messages: 21
Karma: 0
Send a private message to this user
PC1 (the PC that should act as gateway) has a single network interface. PC2
also has a single NIC. PC1 and PC2 are both in the same LAN. It is possible
that PC2 use the same gateway as PC1 uses to connect to the internet, but I
want not to do so. I want PC2 to use PC1 as gateway. Is this possible under
these circumstances?



  •  
Martyx

Messages: 14
Karma: 0
Send a private message to this user
I don't think it would be possible as the minimum requirements for KWF are "2 network interfaces"...

But you could try this...

Both PCs would have to have fixed IP addresses. I'll use 192.168.1.x subnet as an example.

PC1 IP 192.168.1.250, Subnet 255.255.255.0, Gateway [Whatever was originally specified], DNS [Whatever was originally specified]

PC2 IP 192.168.1.251, Subnet 255.255.255.0, Gateway 192.168.1.250, DNS 192.168.1.250

Again, due to KWF's minimum requirements - I don't know how the setup would cope with that, but it's worth a shot!
  •  
Angel Tsankov

Messages: 21
Karma: 0
Send a private message to this user
OK, here are the IP addresses and masks:
PC1 (that should be gateway for PC2): 10.0.52.207, mask: 255.255.254.0
PC2: 10.0.53.207, mask: 255.255.254.0

I also did what you suggested, and now I can browse web pages on PC2 (which
is fine).

Then I executed tracert www.yahoo.com on PC2:

Tracing route to www.yahoo.akadns.net [216.109.117.110]
over a maximum of 30 hops:

1 1 ms <1 ms <1 ms [10.0.52.207]
2 1 ms 2 ms 1 ms 172.16.1.1
3 * * * Request timed out.

On the first hop a reply from PC1 is received (10.0.52.207 is PC1's IP
address). PC2's gateway is 10.0.52.202 and a reply from it should be
received on the second hop, but this is not the case. The reply from
172.16.1.1 should come after the reply from 10.0.52.202. That is,
10.0.52.207 (PC1) routes ICMP packets directly to 172.16.1.1, bypassing its
own gateway. What is wrong here?



Previous Topic: Help: Can't play Starcraft Battle.net
Next Topic: Winroute vs Dynamic Routing !
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Oct 01 01:53:50 CEST 2014

Total time taken to generate the page: 0.03422 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.