Re: natting in win2000
From: Bill Grant (not.available_at_online)
Date: 09/18/04
- Previous message: Bill Grant: "Re: Connection by ISDN"
- In reply to: sushama: "natting in win2000"
- Next in thread: sushama: "Re: natting in win2000"
- Reply: sushama: "Re: natting in win2000"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 18 Sep 2004 11:49:55 +1000
Running RRAS/NAT on a domain controller is not a good idea. It can cause
all sorts of problems. The normal operation of NAT is to use the NAT router
as its own DHCP-type allocator and to use the NAT router as a DNS relay.
This won't work with Active Directory. With AD, the clients must use the
local DNS server. So you cannot use the allocator built into NAT, because it
will give the clients the wrong DNS address.
So you must remove ALL references to the ISP's DNS service from your
server NICs. The server NIC should only know about the local DNS service.
This local DNS server can handle all requests after you have set up the
forwarding. (In other words, the NAT server uses the local DNS server, just
like the LAN clients do, to access the Internet). The server public
interface should have a default route out to the Internet and the private
interface default gateway setting should be blank.
If you are not running DHCP, you will need to configure each client
manually. The client should use the server's private IP address as both the
default gateway and the DNS server address. Or you can configure DHCP to do
this for you. You just cannot use the allocator built into NAT.
So your setup should look like this.
Internet
|
203.239.33.100 dg 203.239.33.101
server
10.30.7.1 dg blank
|
workstations
10.x.x.x dg 10.30.7.1
Enable NAT in RRAS, but do not give it any addresses to allocate to
clients (as it may hand out wrong DNS addresses. It should not hand out
wrong IP addresses if you have removed the ISP DNS addresses from your
public NIC).
"sushama" <sushama@discussions.microsoft.com> wrote in message
news:2D7CF661-F6C8-474E-91D4-D8E624F75861@microsoft.com...
>
> domain controller: Win2000 Server IP Address: 10.30.7.100 with
> active directory ,no dhcp used for client,on dns forwarder has set up for
> dns of isp
>
>
> seperate rras server configuration:
>
> lan card1-configured as per isp setting
> ISP IP Address: 203.239.33.100 255.255.255.248
> ISP Default Gateway: 203.239.33.101
> dns-as per isp details given
> lan card2-configured for local lan setting
> ip add-10.30.7.1 255.0.0.0
> gateway-203.239.33.100
> dns -localdns ip +isp dns entry
> ip forwarding enable from registry
>
>
> for all client with static ip range 10.30.7.102-10.30.7.117
> gateway for client given as 10.30.7.1
>
> i was trying by adding static route by installing RRas service,also tried
> natting
> but not successful
> i want to make machine as gateway also enable nattinng
> How can my client access internet through gateway?
> i don,t know how to do that with natting
> Hope you can help me with this.i am new user
> Thank you very much.
>
- Previous message: Bill Grant: "Re: Connection by ISDN"
- In reply to: sushama: "natting in win2000"
- Next in thread: sushama: "Re: natting in win2000"
- Reply: sushama: "Re: natting in win2000"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
