Default Gateway or No Default Gateway?

Discussion in 'Networking Issues' started by gopherhockey, Jan 21, 2007.

  1. gopherhockey

    gopherhockey LI Guru Member

    I have 5 static public IP addresses but only one ISP. I have 2 Linksys routers - one servicing one external domain, and one another.

    The problem I have is that I can't seem to get my routing straight.

    The two routers are at: and

    I have everything set to default gateway

    Doing this, communication through from the internet doesn't work. For example, smtp mail hits my internal Exchange server and I assume it tries to get back out through If I set my exchange server to use it works, but then breaks on th router.

    Is there a way to tell each router about each other? Both are WRT54GS routers.

    Lets make it even more complex. There are times when I set up a vmware environment that runs its own internal Active Directory and Exchange environments, usually with an ISA server facing my internal network, which is a 10.2.1.X network.

    Inside the vmware environment I will have a 10.3 and a 10.4 with virtual routers between them. I normally have to add static routes on my linksys hubs to get routing correct.

    The big question.. would removing the default gateway from all my internal systems (as much of a huge pain that would be) be the way to go? And if I did, how to my systems know how to get out to the internet etc?

    Perhaps I'm using the wrong routers?

    I tried removing the default gateway on just my Exchange server, but that did not work.
  2. HennieM

    HennieM Network Guru Member

    Several ways to achieve that, depending on your "domains" being covered.

    1) Specify both gateways/routers on your local devices as gateways - the preferred one first/as default. You can/should also enable RIP, which is "automatic routing" on the gateways/routers, and that may solve your problem. I think however, that for this auto-routing to work effectively, your other devices such as your M$ exchange box, etc, would also have to run RIP.

    2) If you serve 2 external domains, I assume this means something like external IP x.y.z.11 comes in via, while external IP x.y.z.12 comes in via

    If so, to manually specify the routes (and thus be sure of where what goes), add a routing command like this to all your local devices:

    route add host x.y.z.11 gateway
    route add host x.y.z.12 gateway

    I think I screwed the routing commands above a bit, but you'll hopefully get the idea. Type route -h or route -? to get the proper parameters.

    3) Alternatively, you can set up the manual routing commands in (2) on one of your routers only, say on, and specify that ( as the default gateway to all other local devices. This way, all packets will go to, but when a packet gets to, and it sees it's a packet for a net/host on, it'll forward to the other router.

    4) You can also set up the manual routing in (2) on one of your local machines, say your exchange box. You the specify the exchange box as the default gateway to all other local devices, and the exchange box would then forward the packet to the correct gateway. For this to work however, you should enable routing on the exchange box.

    I don't know about vmware, AD, ISA, and all the other fancies, but routing is usually just routing, virtual or real...
  3. gopherhockey

    gopherhockey LI Guru Member

    Hmmm.. thanks for the suggestions, although nothing seems to be working.

    Let me walk through an example.

    Lets say a host, is trying to email through router 2 ( to email server (

    166.x talks to the public IP of my 2nd router ( which tells it to forward all port 25 traffic to internally. gets the traffic from what IP address? I assume he "hears" it from and wants to talk directly back. This means that my Exchange server needs to know to route that IP back through the 2nd router. As is, it seems to want to go through router1, which is that servers default gateway.

    Since is talking to a public IP (assumption) building manual route tables wouldn't really work on the machines or the routers themselves, because we're talking the route that is usually mask

    I tried telling to route all traffic to through but that didn't work. I told my first router to do the same, that didn't work. I think its because the email server sees it as being from the public IP, not an internal address.

    It i likely I'm not following your advice properly, however... although I'm trying ;)
  4. Fast_Eddy

    Fast_Eddy LI Guru Member

    I'm probably missing something here but if you have two routers and one ISP, how are they actually wired on the WAN (public side)? A network diagram would be handy right about now...

    Two routers would normally indicate two independent paths to the Internet. OSPF (open shortest path first) would kick in and determine the the best route out of your private network.

    If you can, give us a text "picture" of the network. IP addresses on both the public and private side of the routers. And what the interconnects are.
  5. gopherhockey

    gopherhockey LI Guru Member

    Yup, I apologize for not doing that sooner - thought maybe I could talk it through.

    Real quick on the WAN side, the WAN comes in to a switch where the two routers also plug in. Each router is assigned its own static IP and both point to the gateway IP that I was given by my ISP, FTTH.

    I'll get a diagram posted tomorrow for sure. Thanks for the help..
  6. ifican

    ifican Network Guru Member

    Your going to have a heck of a time trying to get this to work the way you want with your current set up. Nat breaks when you only have a one way connection (which is what you have when you try to bring in the connection over one router and send it out the other).

    Ok as you have asked above, the host at 166.x.x.x sends to the domain in question via router 2. The server for that domain sees the packet sourced and 166.x.x.x and thats all it cares about. When it sends the packet back to 166.x.x.x because it does not know where that host lives it sends it to the default gateway (router 1). Because this is a one way nat (came in router 2 being sent back out router 1) its not going to work as you have noticed. If you did the same test and used router 2 for the default gateway in the above example data would flow fine. I unfortunately am out of time at the moment but i will give this more thought later. Though HennieM's suggestion is a good one that will allow for redundancy if one of the routers were to go down. The biggest issue for you in that regard though is going to be getting the traffic policy routed on the way in to ensure that the the traffic you want going to each router, goes to the router in question.
  7. gopherhockey

    gopherhockey LI Guru Member

    Ok, some have asked for a network diagram and some probably understand what I'm doing. Here it is (very quick and dirty/simplified - vmware environment removed etc.) :

  8. gopherhockey

    gopherhockey LI Guru Member

    Ok, it sounds like I at least am understanding what I'm up against just fine and that there are no magical fixes that can be done on the Linksys devices.

    I'm not against adding more equipment to get it to work. I'd rather do that than start building routes etc. I don't know if Linksys has something that would fix this.. perhaps a RV042, but that doesn't solve wanting to have two different "paths" for port 80 on two different domains.

    Perhaps the thing to do is carve off an entirely separate network rather than trying to keep the inside all together, then add some kind of router between the linksys routers (gateways) and the internal side.
  9. HennieM

    HennieM Network Guru Member

    Ahhh..., now I understand better...

    If you have 2 of everything, i.e. 2 x exchange boxes, 2 x web boxes, etc., with each set of boxes serving ONE of the incoming domains, you are sorted - say for ext IP ...101 ( forward www requests to, and set's default (and only) gw as Do the same for www requests on .102 -- .2 -- .16, and duplicate this for your 2 mail servers.
    This is just about the same as physically seperating your network into 2 LANs.

    If any of the boxes serves any domain, i.e. you have a sort of clustering/load sharing setup, you probably have to look VLANs. I know too little about VLANs to give real advice, but the principle is that e.g. you setup say to have a virtual IP of, and to have a virtual IP of, and a virtual IP of The virtual IPs are in addition to the real IPs. Now you route on its "own LAN", and you route on it's own LAN.
    You then differentiate on your web servers by IP virtual host (is the request for or for Exchange can probably do something similar. If you run your WRT54GSs with 3rd party firmware which allows virtual LANs, this should be possible.

    Another possibility, which takes the whole routing issue out of play, is to have only one router, and have your ISP route requests for both ...101 and ...102 to this single router. Your www boxes, similar to the "IP virtual host" mentioned above, now differentiate by NAME virtual host (i.e. is the request for or for, and thus serve different webs, and exchange serves mail for or for (I would think exchange can do this).
  10. gopherhockey

    gopherhockey LI Guru Member

    I actually think I tried what you are suggesting. I set my 2nd web and exchange servers default gateways to the 2nd router - However, when doing that I could no longer connec to them from my PC, and active directory started to throw a fit because there was no communication happening.

    Perhaps what I ought to do is simplify things by splitting the two into separate networks. Take everthing I want to answer to and make it something like 10.3.X.X.

    Then, I could add static routes to all machines internally. If its a machine with a 10.2.X.X. I add a route that tells it to use (router 2, now on new network) as its default gateway for all traffic on that network.

    I could probably do this on one network if I subnet correctly but I'm not *that* much of a network person - I'm more a wintel person.

    I was hoping to find a device that woudl do all this for me without adding static routes. What I really should do is go back to using a real firewall, which can easily handle multiple WAN IPS and map them to multiple internal IPs and manage as many burbs as I have network adapters. I just like the simplicity of the linksys devices.

    I'll look into the vlan option. This sounds like another possibility.

    In the meantime I also posed the question to linksys support not from the angle of using 2 routers like I am, but one of "what do I do if I want two different domains using port 80 hitting two different internal servers". I coudl do the host header thing, but in this case they are actually front-end email servers (web access) and I don't know that those work very well using host headers but I can check. I could also set one of the servers to use another port, say 81... but that too is somethign I wanted to avoid.

    Thanks for the suggesions. If anyone else has any let me know.

    I was hoping maybe Linksys had the one magic device that would do all of this. I think its the lack of power in their forwarding rules that is the kicker. If they had the ability to map multipe WAN IPs to multipe internal LAN IPs this would have all been easy to fix.
  11. gopherhockey

    gopherhockey LI Guru Member

    Interesting. I walked over to our network team and asked one of the guys this question. (a different guy than I normally talk too).

    He claims that I should be able to point the second server's default gateway to the second router and still be able to talk internally between all systems. He says this is a layer2 action vs. a layer1 and that the switches will take care of the communcation before the default gateway is used.

    In other words, web server 1's default gateway is and web server 2's is, but if a PC that is talks to the second web server, the switch should take care of the communcation link, not the default gateway of the PC or that server.

    I am not sure why I lost communcation to the servers I tested with when I did this. I need to check to be sure they are either all on the same switch, or that the cable between is connected properly... which it should if it works at all. (imagine my drawing above, but there are actually 3 different switches internally all with different servers or PCs on them).
  12. ifican

    ifican Network Guru Member

    That is correct as far as the internal network goes, however you are still going to have an issue with connections made from the outside.
  13. gopherhockey

    gopherhockey LI Guru Member

    So far what i am seeing is a problem if I want to forward a port from router1 to a system that doesn't have router1 as its default gateway.

    For example, I was able to set a web server to default gateway to router2 and was able to get port 80 to work through domain2 and router2. I can still reach the web server internally and there appears to be no errors caused by this.

    However, if I try to forward port 25 from router2 to an email server that uses router1 as its default gateway, it fails. (of course)

    So I have patched the problem temporarily, but still not found the ultimate solution. Close though...
  14. ifican

    ifican Network Guru Member

    Well the biggest issue is going to be controlling which router the data gets sourced from. If you can control that then you can make this work the way you want too. I am not sure exactly what you are trying to do with your setup, but if you used 1 router as a primary and the second as a backup then you can make it work all the time.
  15. gopherhockey

    gopherhockey LI Guru Member

    Here is what I got back from Linksys support (below). My reply was to clarify if this meant I could map multiple WAN IPs (even from the same ISP) and if so, is there a limit. Also, I don't think one to one NAT is exactly what I want, since I may want port 80 to go one place and port 25 to go another...

    I thought I saw a link somewhere here where you could run the interface in simulated mode to get an idea of what was available.. that would be helpful.
  16. gopherhockey

    gopherhockey LI Guru Member

    I thought I'd also provide a practical example of why I'm trying to do what I'm trying to do.

    Much of my work involves architecture of systems such as email. Testing of new systems is often required and much easier to do at home.

    I currently have an Exchange 2003 server set up along side an Exchange 2007 server, as well as an outlook web access server for 2003 and one for 2007.

    I want to point OWA2003 (port80) to its appropriate internal front-end server, and OWA2007 (also port80) to its appropriate internal front-end server.

    This changes over time - sometimes I'm pointing port 80 elsewhere to test something else.

    Port 25 (smtp email) I typically want to hit just one of my internal servers, which breaks under the solution I have in place now. I can't point port 25 from router2 to the same internal server that is servicing port 25 from router1.
  17. HennieM

    HennieM Network Guru Member

    Your "different guy" mentioned in post #12 is exactly right. Switches do ARP routing, while routers do IP routing. Put differently, switches make "same subnet" calls, while routers make "different subnet" calls. (And that switch can even be the 4-port switches on your WRTs).

    Not that that bit of useless info will help you with your problem.... ;-)
  18. gopherhockey

    gopherhockey LI Guru Member

    I kind of cross posted this same question in a different forum coming at it from another angle... but basically It looks like I found a router that can solve my problems without using multiple gateway etc.

    The Netopia 3387WG model has this standard. I'm surprised that linksys doesn't have one similar. Talking to linksys support back and forth they are quite confused as to why NAT alone isn't sufficient.

    here is the model in case anyone is interested:

    This page tells exactly what I want:

    From the bottom of the page:

  19. HennieM

    HennieM Network Guru Member

    It seems like your Netopia is the Enterprize version - not the device, just the firmware - but it's all about the firmware manipulating the routing/NAT tables. Linksys' Enterprize brother is Cisco, and I'm sure you'll find something with similar firmware functionality from Cisco (at an elevated price most likely).

    However, with the Netopia (or something else), it seems you'll have to go to 1 incoming line, but the Netopia will apply different forwarding rules depending on the incoming IP address. Is this correct?

    If so, you can probably duplicate that on a WRT running Thibor15c or similar 3rd party firmware that allows you to manipulate the NAT tables based on the incoming IP address. Since you have now taken the "2 different routers" out of the equation, your end devices, such as your web- or mail- servers don't have to route intelligently to different gateways no more.
  20. gopherhockey

    gopherhockey LI Guru Member

    Yup, all I do have is one incoming line anyway, so this is fine. one line, 5 static IPs. Should work great.

    I know that the Cisco PIX firewall can do this, but I didn't want to go that route and wanted something a little less $ and also a little more user friendly. I had a Cisco guy at our company do a search and he wasn't finding anything, but he has some small office VPN boxes we might try.

    I had two routes to solve this... multiple gateways/routers or one that could do port forwarding from multiple WAN IPs. I might either try the firmware you suggest or go with the Netopia device... <sigh> We'll see what other Cisco routers we find next week that might do this.

    I guess I'm actually kind of surprised that this doesn't seem like a common practice. Most home networks must be simple enough not to need multiple WAN IP port forwarding, or if so people are fine using NAT to a few internal boxes and thats it. When I try test so many things like this I guess it makes sense that I need more of an eneterprise level device... I just didn't want to pay enterprise level money. :wink:
  21. gopherhockey

    gopherhockey LI Guru Member

    Just for fun, I did a quick mock-up of what i really would have liked to see in a Linksys router.. the left IP being a drop-down that would pull in any WAN IP address registered in the setup page. (whcih would also have to be altered to allow for more than one WAN IP entry of course) In addition, there would have to be more than just 10 port forwarding rules allowed.. thats a real small number they have currently.

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice