Re: Cannot get NAT to route in RRAS
- From: "Andrew Ward" <AndrewWard@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 25 Jul 2005 06:00:01 -0700
Thanks for the reply Bill,
Sorry, but I’ve used the wrong terminology in my first message; where I said
“dynamic dial link” I meant demand-dial. I created a demand-dial interface
called “ADSL Link” and set it as a persistent connection. When it was enabled
it connected to our ISP fine, and I could browse successfully on the server
when the link was up.
ADSL Link was set as the Public interface in NAT, and NIC1 as the internal.
The static route also adds in fine using the ADSL Link interface, but the
routing table still shows the default gateway discrepancy I described before
between the ICS and the RRAS setups.
As for DNS; I’ve left the DNS relay option in NAT unchecked as the server’s
separate DNS server handles client’s requests, and also because of AD. The
same applies to DHCP; NAT DHCP allocation is unchecked, the server’s separate
DHCP server handles client IP allocation, and I’ve checked that the DNS and
DG on clients point to the correct internal address of the server.
With RRAS running, clients are still allocated the correct IP information on
startup. And pinging external web addresses result in the name being resolved
correctly (I assume this is the DNS server happily going about its business
as it can see the internet directly from the demand-dial link) but pings
timeout because nothing is routing correctly.
I have also noticed in the server’s ipconfig info that “IP Routing Enabled”
is set to Yes for ISC, but set to No for RRAS. Could this be the problem?
Andrew
"Bill Grant" wrote:
> The basic problem is that you are using an ADSL modem on the server.
> RRAS likes to work with interfaces, and you can associate routes with
> interfaces. (W2k3 now allows you to use a PPPoE interface, but that is not
> included in W2k).
>
> I would suggest that you set up a demand-dial interface to act as the
> "public" interface in RRAS. You do not need to use "dial on demand" . This
> is optional and the server won't dial on demand if you don't put a check
> mark in the box. But the demand-dial interface gives you something to attach
> a default route to and it also gives you an interface to use as the public
> interface for RRAS/NAT.
> You can think of the demand dial interface as the symbolic name for your
> Internet connection.
>
> So set up a demand dial interface to connect to your ISP. Using the New
> Static Route wizard, create a default route using this interface (ie put
> 0.0.0.0 0.0.0.0 in the boxes and select the interface from the dropdown
> list). The system will automatically configure the default route when the
> connection is made.
>
> Since you are using AD, all the client machines and the server should be
> using your local DNS server, not one at the ISP. You can modify your local
> DNS server to resolve "foreign" URLs by setting it to forward to a public
> DNS server (such as that at your ISP).
>
> Andrew Ward wrote:
> > My current setup:
> >
> > Win2k server, SP4 (AD, DHCP server, DNS server, IIS server, Exchange
> > Server) Two NICs:
> > NIC1 on subnet 192.168.1.0/255.255.255.0 IP 192.168.1.1
> > NIC2 on subnet 192.168.0.0/255.255.255.0 IP 192.168.0.1 but disabled
> > and not connected
> > ADSL modem to ISP, using PPP dial-up, link assigns static IP
> > 83.67.xx.yy/255.255.255.255, and server IP at the other end
> > 194.106.aa.bb, as well as DNS addresses etc
> >
> > NIC1 connected to switch in turn connects to all clients which are
> > assigned IPs from 192.168.1.5 to 192.168.1.254 by DHCP server.
> >
> > Internet access to clients is achieved through ICS on the ADSL DUN
> > connection.
> >
> > This setup has worked fine so far: clients can access internet, DNS
> > server resolves external addresses for clients OK, external hosts can
> > access IIS web sites etc.
> >
> > Here are the routing tables and ipconfig info using ICS:
> >
> >
> > ***** routing table *****
> >
> > C:\>route print
> > =====================================================
> > Interface List
> > 0x1 ........................... MS TCP Loopback interface
> > 0x2 ...00 40 f4 2c 9c 19 ...... Realtek RTL8139/810x Family Fast
> > Ethernet NIC 0x41000004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP)
> > Interface =====================================================
> > Active Routes:
> > Network Destination Netmask Gateway Interface Metric
> > 0.0.0.0 0.0.0.0 83.67.xx.yy 83.67.xx.yy 1
> > 83.67.xx.yy 255.255.255.255 127.0.0.1 127.0.0.1 1
> > 83.255.255.255 255.255.255.255 83.67.xx.yy 83.67.xx.yy 1
> > 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
> > 192.168.1.0 255.255.255.0 192.168.1.1 192.168.1.1 1
> > 192.168.1.1 255.255.255.255 127.0.0.1 127.0.0.1 1
> > 192.168.1.255 255.255.255.255 192.168.1.1 192.168.1.1 1
> > 194.106.aa.bb 255.255.255.255 83.67.xx.yy 83.67.xx.yy 1
> > 224.0.0.0 224.0.0.0 83.67.xx.yy 83.67.xx.yy 1
> > 224.0.0.0 224.0.0.0 192.168.1.1 192.168.1.1 1
> > 255.255.255.255 255.255.255.255 192.168.1.1 192.168.1.1 1
> > Default Gateway: 83.67.xx.yy
> > =====================================================
> > Persistent Routes:
> > None
> >
> >
> > ***** ipconfig *****
> >
> > C:\>ipconfig /all
> >
> > Windows 2000 IP Configuration
> >
> > Host Name . . . . . . . . . . . . : server
> > Primary DNS Suffix . . . . . . . : **********
> > Node Type . . . . . . . . . . . . : Hybrid
> > IP Routing Enabled. . . . . . . . : Yes
> > WINS Proxy Enabled. . . . . . . . : No
> > DNS Suffix Search List. . . . . . : **********
> >
> > Ethernet adapter Sputnik LAN:
> >
> > Connection-specific DNS Suffix . :
> > Description . . . . . . . . . . . : Realtek RTL8139/810x
> > Family Fast Ethernet NIC
> > Physical Address. . . . . . . . . : 00-40-F4-2C-9C-19
> > DHCP Enabled. . . . . . . . . . . : No
> > IP Address. . . . . . . . . . . . : 192.168.1.1
> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
> > Default Gateway . . . . . . . . . :
> > DNS Servers . . . . . . . . . . . : 192.168.1.1
> >
> > PPP adapter ADSLBroadband:
> >
> > Connection-specific DNS Suffix . :
> > Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
> > Physical Address. . . . . . . . . : 00-53-45-00-00-00
> > DHCP Enabled. . . . . . . . . . . : No
> > IP Address. . . . . . . . . . . . : 83.67.xx.yy
> > Subnet Mask . . . . . . . . . . . : 255.255.255.255
> > Default Gateway . . . . . . . . . : 83.67.xx.yy
> > DNS Servers . . . . . . . . . . . : 194.******
> > 194.******
> > NetBIOS over Tcpip. . . . . . . . : Disabled
> >
> >
> > However, I want to allow remote access to the server, through VPN and
> > modem dial-up. So disabled ISC on ADSL DUN connection and enabled
> > RRAS, manually setting up NATs and dynamic dial link, with the
> > appropriate static route added. Link successfully connects, and can
> > browse directly on server. Clients can resolve internet names to
> > correct IPs through the DNS server but cannot browse.
> >
> > Here are the routing tables and ipconfig info for RRAS with NAT:
> >
> >
> > ***** routing table *****
> >
> > C:\>route print
> > =====================================================
> > Interface List
> > 0x1 ........................... MS TCP Loopback interface
> > 0x2 ...00 40 f4 2c 9c 19 ...... Realtek RTL8139/810x Family Fast
> > Ethernet NIC 0x1000003 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP)
> > Interface 0x43000004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP)
> > Interface =====================================================
> > Active Routes:
> > Network Destination Netmask Gateway Interface Metric
> > 0.0.0.0 0.0.0.0 194.106.aa.bb 83.67.xx.yy 1
> > 83.67.xx.yy 255.255.255.255 127.0.0.1 127.0.0.1 1
> > 83.255.255.255 255.255.255.255 83.67.xx.yy 83.67.xx.yy 1
> > 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
> > 192.168.1.0 255.255.255.0 192.168.1.1 192.168.1.1 1
> > 192.168.1.1 255.255.255.255 127.0.0.1 127.0.0.1 1
> > 192.168.1.255 255.255.255.255 192.168.1.1 192.168.1.1 1
> > 192.168.2.1 255.255.255.255 127.0.0.1 127.0.0.1 1
> > 224.0.0.0 224.0.0.0 83.67.xx.yy 83.67.xx.yy 1
> > 224.0.0.0 224.0.0.0 192.168.1.1 192.168.1.1 1
> > 255.255.255.255 255.255.255.255 192.168.1.1 192.168.1.1 1
> > Default Gateway: 194.106.aa.bb
> > =====================================================
> > Persistent Routes:
> > None
> >
> >
> > ***** ipconfig *****
> >
> > C:\>ipconfig /all
> >
> > Windows 2000 IP Configuration
> >
> > Host Name . . . . . . . . . . . . : server
> > Primary DNS Suffix . . . . . . . : ********
> > Node Type . . . . . . . . . . . . : Hybrid
> > IP Routing Enabled. . . . . . . . : No
> > WINS Proxy Enabled. . . . . . . . : No
> > DNS Suffix Search List. . . . . . : ********
> >
> > Ethernet adapter Sputnik LAN:
> >
> > Connection-specific DNS Suffix . :
> > Description . . . . . . . . . . . : Realtek RTL8139/810x
> > Family Fast Ethernet NIC
> > Physical Address. . . . . . . . . : 00-40-F4-2C-9C-19
> > DHCP Enabled. . . . . . . . . . . : No
> > IP Address. . . . . . . . . . . . : 192.168.1.1
> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
> > Default Gateway . . . . . . . . . :
> > DNS Servers . . . . . . . . . . . : 192.168.1.1
> >
> > PPP adapter {43EF4B9F-EF8B-4947-8662-20124EAE5B7B}:
> >
> > Connection-specific DNS Suffix . :
> > Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
> > Physical Address. . . . . . . . . : 00-53-45-00-00-00
> > DHCP Enabled. . . . . . . . . . . : No
> > IP Address. . . . . . . . . . . . : 83.67.xx.yy
> > Subnet Mask . . . . . . . . . . . : 255.255.255.255
> > Default Gateway . . . . . . . . . : 194.106.aa.bb
> > DNS Servers . . . . . . . . . . . : 194.********
> > 194.*********
> > NetBIOS over Tcpip. . . . . . . . : Disabled
> >
> > PPP adapter RAS Server (Dial In) Interface:
> >
> > Connection-specific DNS Suffix . :
> > Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
> > Physical Address. . . . . . . . . : 00-53-45-00-00-00
> > DHCP Enabled. . . . . . . . . . . : No
> > IP Address. . . . . . . . . . . . : 192.168.2.1
> > Subnet Mask . . . . . . . . . . . : 255.255.255.255
> > Default Gateway . . . . . . . . . :
> > DNS Servers . . . . . . . . . . . : 127.0.0.1
> >
> >
> > I have spent weeks troubleshooting this problem and I think I have
> > tracking the problem down to the default gateway assigned to the ADSL
> > dynamic link.
> >
> > When ICS is running and the ADSL link is established, you can see
> > that the default gateway is set to 83.67.xx.yy, same as the assigned
> > IP, which is understandable, it's a two host subnet, the client end
> > and server end, anything will route to the 194.106.aa.bb address.
> > Which is true, routing works with ICS.
> >
> > But with RRAS, NAT and a dynamic connection, you can see that the
> > default gateway is set to the 194.106.aa.bb address, the server end
> > address, not the client assigned address.
> >
> > Am I on the right track? Is this the problem? And if so, how do I
> > change the default gateway? It's non-settable in RRAS because it's a
> > dynamic link. Is there an entry I can add to the routing table? If
> > so, what and how?
> >
> > Thanks a million in advance for an advice and help, this is really
> > frustrating.
> >
> > Andrew.
>
>
>
.
- Follow-Ups:
- Re: Cannot get NAT to route in RRAS
- From: Bill Grant
- Re: Cannot get NAT to route in RRAS
- References:
- Cannot get NAT to route in RRAS
- From: Andrew Ward
- Re: Cannot get NAT to route in RRAS
- From: Bill Grant
- Cannot get NAT to route in RRAS
- Prev by Date: Re: where to enable RRAS
- Next by Date: Port stuck in "calling back" mode.
- Previous by thread: Re: Cannot get NAT to route in RRAS
- Next by thread: Re: Cannot get NAT to route in RRAS
- Index(es):
Relevant Pages
|
