Configuring Static Routes Question

Lery

Distinguished
Jul 20, 2010
7
0
18,510
Hello and thank you for taking the time to read this post. Here is my situation:

Physical server configured with one NIC card. IP address is: 192.168.1.136

Physical server is acting as the domain controller and running DNS services.

Physical server is running Windows Server 2012 and utilizing the Hyper-V Feature.

Hyper-V virtual switch has two virtual switches created. They're as follows:

10.10.10.2
10.10.20.2

I have numerous virtual machines working off of these two virtual switches without issue.

The physical server has Routing and Remote Access configured and working for NAT traffic for these virtual switches. All virtual guests are able to access the internet without a problem.

The problem comes in when I try to use my workstation PC. This is also a physical computer configured with one NIC as follows:

IP: 192.168.1.116
Subnet: 255.255.255.0
Gateway: 192.168.1.1 (This is the IP of the Linksys Router)

I'm trying to use this workstation PC to access my virtual guests running on 192.168.1.136. I understand that when I try to connect to something like 10.10.10.4, the Linksys router has no idea where this is. Therefore, I've configured a static route. Unfortunately, the static route is not working as I expected. Here is how I have the static route setup:

Destination LAN IP: 10.10.10.0
Subnet Mask: 255.255.255.0
Gateway: 192.168.1.136

Destination LAN IP: 10.10.20.0
Subnet Mask: 255.255.255.0
Gateway: 192.168.1.136

When I ping 10.10.10.4 from my 192.168.1.116 workstation, it's unable to reach it. I'm not sure what I could missing and any help would be appreciated. I can of course ping the physical server 192.168.1.136 without issue.

I did try changing the Destination LAN IP from 10.10.10.0 to 10.10.0.0 just to see if that would work. It did not. I also tried using the Linksys IP address for the gateway and that does not accept as a valid route.
 
The static routes you made on your workstation pc are fine, most likely the firewall of your guests are blocking ICMP from public networks, try making a rule to allow ICMP from outside networks.

Alternatively you could try to directly access to some service those virtual machines already host (like www, ssh or remote desktop) since their firewalls should already allow those services you should get access with no problem.
 
Are you sure it is the router and not the server that is not passing the traffic.

Instead of using the router put in a ROUTE command in your end PC that routes those two subnets directly to the server. You can verify with wireshark that it is actually sending the data to the correct mac address or not. It almost can't not work.

If this works then the router needs something else. Otherwise I would suspect the server is getting the traffic and somehow blocking the response.

....after rereading this did you just bridge those networks directly to the physical nic. This is the same as having 3 vlans and you need a router to transfer data if the server does not provide that function.

You can test this by putting a secondary IP address on you PC in the other subnets and see if you can ping directly. This would mean you have overlapped the broadcast domains. This is not a bad thing if it is by design but you still would need a way to get the traffic to cross unless you put multiple ip on all machines.
 
To address RaDiKal_'s response. I did not make the static routes on the workstation (192.168.1.116). I made the static routes on the Linksys router. Since 192.168.1.116 is using that Linksys router as its gateway. Next, firewalls are all disabled. From 192.168.1.136 I can ping the 10.10.10.x machines and the 10.10.20.x machines. I'm trying RDP from my workstation PC and that is not working either.

bill001g, I'm not sure I followed everything you said. The physical server (192.168.1.136) only has one nic. With Hyper-V you can create as many virtual switches as you want. On the physical server these switches are created as NIC's. You simply give them an IP address with a subnet, leaving the gateway and DNS entries blank. After installing Routing and Remote Access on the physical server (192.168.1.136), it will handle routing the traffic for you. Works great.
 
So go into your PC and put in

ROUTE ADD 10.10.10.0 mask 255.255.255.0 192.168.1.136.

This should now send all this traffic directly to the server ignoring the router. This means that the PC will now build packets destined for any device in the subnet of 10.10.10.x and send it to the mac address associated with 192.168.1.136. Since you can ping 192.168.1.136 this means these packets will now get to the server. If you get no response then the problem resides within the server.

Of course if this does work then you need to see what the linksys is doing wrong.
 


I did that and it said OK!. I tried pinging 10.10.10.4 and got no reply. Request timed out specifically. I verified I still cannot RDP into 10.10.10.4. So if that means the problem is on the physical server, 192.168.1.136, I'm wondering what I can do? Maybe something in Routing and Remote Access?
 
does it let you ping 10.10.10.2 ie the virtual switch address on the server. Sometime it will allow you to ping the devices address itself but nothing behind it. This would indicate the server knows about the network but will not route stuff that is beyond it. Tends to be the way a default dual nic machine responds without something like ICS when it is run on a end user machine.

Once you get into virtual stuff on a microsoft box you are outside my area of expertise.
 
I guess your virtual switches are set as "external" already in Hyper-V options, but verify that just in case.

Try a tracert from both ends, one from the v-machine to your workstation and another from the workstation to the v-machine, make sure your laptop firewall is off, my guess is the tracert originated in the v-machine will reach your laptop because you can get it to the internet, if i'm correct the trace started on your laptop will fail meaning there's something else to enable on your server, let's see how this test goes before going with any further indication.
 
bill001g, yes from the physical server, with IP address of 192.168.1.136 I can ping the virtual machines this server host. From the virtual machines I can ping the physical server with IP address 192.168.1.136. From the workstation PC, with IP address 192.168.1.116 I can ping the physical server and vice versa.

RaDiKal_, no, they're not set to external. They can't be set to external because they would need an available NIC. One switch is set to use the external and the other switches with 10.10.10.0/24 subnets are internal.