Re: Cannot get NAT to route in RRAS
- From: "Bill Grant" <not.available@online>
- Date: Tue, 26 Jul 2005 14:08:12 +1000
If the server can browse the Internet, the clients should be able to do
the same using NAT. Do the clients have 192.168.1.1 as their default
gateway? What happens if you do a tracert to a remote site from a LAN client
machine?
Andrew Ward wrote:
> Thanks for the reply Bill,
>
> Sorry, but I've used the wrong terminology in my first message; where
> I said "dynamic dial link" I meant demand-dial. I created a
> demand-dial interface called "ADSL Link" and set it as a persistent
> connection. When it was enabled it connected to our ISP fine, and I
> could browse successfully on the server when the link was up.
>
> ADSL Link was set as the Public interface in NAT, and NIC1 as the
> internal. The static route also adds in fine using the ADSL Link
> interface, but the routing table still shows the default gateway
> discrepancy I described before between the ICS and the RRAS setups.
>
> As for DNS; I've left the DNS relay option in NAT unchecked as the
> server's separate DNS server handles client's requests, and also
> because of AD. The same applies to DHCP; NAT DHCP allocation is
> unchecked, the server's separate DHCP server handles client IP
> allocation, and I've checked that the DNS and DG on clients point to
> the correct internal address of the server.
>
> With RRAS running, clients are still allocated the correct IP
> information on startup. And pinging external web addresses result in
> the name being resolved correctly (I assume this is the DNS server
> happily going about its business as it can see the internet directly
> from the demand-dial link) but pings timeout because nothing is
> routing correctly.
>
> I have also noticed in the server's ipconfig info that "IP Routing
> Enabled" is set to Yes for ISC, but set to No for RRAS. Could this be
> the problem?
>
> Andrew
>
>
> "Bill Grant" wrote:
>
>> The basic problem is that you are using an ADSL modem on the
>> server. RRAS likes to work with interfaces, and you can associate
>> routes with interfaces. (W2k3 now allows you to use a PPPoE
>> interface, but that is not included in W2k).
>>
>> I would suggest that you set up a demand-dial interface to act
>> as the "public" interface in RRAS. You do not need to use "dial on
>> demand" . This is optional and the server won't dial on demand if
>> you don't put a check mark in the box. But the demand-dial interface
>> gives you something to attach a default route to and it also gives
>> you an interface to use as the public interface for RRAS/NAT.
>> You can think of the demand dial interface as the symbolic name for
>> your Internet connection.
>>
>> So set up a demand dial interface to connect to your ISP. Using
>> the New Static Route wizard, create a default route using this
>> interface (ie put
>> 0.0.0.0 0.0.0.0 in the boxes and select the interface from the
>> dropdown list). The system will automatically configure the default
>> route when the connection is made.
>>
>> Since you are using AD, all the client machines and the server
>> should be using your local DNS server, not one at the ISP. You can
>> modify your local DNS server to resolve "foreign" URLs by setting it
>> to forward to a public DNS server (such as that at your ISP).
>>
>> Andrew Ward wrote:
>>> My current setup:
>>>
>>> Win2k server, SP4 (AD, DHCP server, DNS server, IIS server, Exchange
>>> Server) Two NICs:
>>> NIC1 on subnet 192.168.1.0/255.255.255.0 IP 192.168.1.1
>>> NIC2 on subnet 192.168.0.0/255.255.255.0 IP 192.168.0.1 but disabled
>>> and not connected
>>> ADSL modem to ISP, using PPP dial-up, link assigns static IP
>>> 83.67.xx.yy/255.255.255.255, and server IP at the other end
>>> 194.106.aa.bb, as well as DNS addresses etc
>>>
>>> NIC1 connected to switch in turn connects to all clients which are
>>> assigned IPs from 192.168.1.5 to 192.168.1.254 by DHCP server.
>>>
>>> Internet access to clients is achieved through ICS on the ADSL DUN
>>> connection.
>>>
>>> This setup has worked fine so far: clients can access internet, DNS
>>> server resolves external addresses for clients OK, external hosts
>>> can access IIS web sites etc.
>>>
>>> Here are the routing tables and ipconfig info using ICS:
>>>
>>>
>>> ***** routing table *****
>>>
>>> C:\>route print
>>> =====================================================
>>> Interface List
>>> 0x1 ........................... MS TCP Loopback interface
>>> 0x2 ...00 40 f4 2c 9c 19 ...... Realtek RTL8139/810x Family Fast
>>> Ethernet NIC 0x41000004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP)
>>> Interface =====================================================
>>> Active Routes:
>>> Network Destination Netmask Gateway Interface Metric
>>> 0.0.0.0 0.0.0.0 83.67.xx.yy 83.67.xx.yy 1
>>> 83.67.xx.yy 255.255.255.255 127.0.0.1 127.0.0.1 1
>>> 83.255.255.255 255.255.255.255 83.67.xx.yy 83.67.xx.yy
>>> 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
>>> 192.168.1.0 255.255.255.0 192.168.1.1 192.168.1.1 1
>>> 192.168.1.1 255.255.255.255 127.0.0.1 127.0.0.1 1
>>> 192.168.1.255 255.255.255.255 192.168.1.1 192.168.1.1 1
>>> 194.106.aa.bb 255.255.255.255 83.67.xx.yy 83.67.xx.yy 1
>>> 224.0.0.0 224.0.0.0 83.67.xx.yy 83.67.xx.yy 1
>>> 224.0.0.0 224.0.0.0 192.168.1.1 192.168.1.1 1
>>> 255.255.255.255 255.255.255.255 192.168.1.1 192.168.1.1
>>> 1 Default Gateway: 83.67.xx.yy
>>> =====================================================
>>> Persistent Routes:
>>> None
>>>
>>>
>>> ***** ipconfig *****
>>>
>>> C:\>ipconfig /all
>>>
>>> Windows 2000 IP Configuration
>>>
>>> Host Name . . . . . . . . . . . . : server
>>> Primary DNS Suffix . . . . . . . : **********
>>> Node Type . . . . . . . . . . . . : Hybrid
>>> IP Routing Enabled. . . . . . . . : Yes
>>> WINS Proxy Enabled. . . . . . . . : No
>>> DNS Suffix Search List. . . . . . : **********
>>>
>>> Ethernet adapter Sputnik LAN:
>>>
>>> Connection-specific DNS Suffix . :
>>> Description . . . . . . . . . . . : Realtek RTL8139/810x
>>> Family Fast Ethernet NIC
>>> Physical Address. . . . . . . . . : 00-40-F4-2C-9C-19
>>> DHCP Enabled. . . . . . . . . . . : No
>>> IP Address. . . . . . . . . . . . : 192.168.1.1
>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>> Default Gateway . . . . . . . . . :
>>> DNS Servers . . . . . . . . . . . : 192.168.1.1
>>>
>>> PPP adapter ADSLBroadband:
>>>
>>> Connection-specific DNS Suffix . :
>>> Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
>>> Physical Address. . . . . . . . . : 00-53-45-00-00-00
>>> DHCP Enabled. . . . . . . . . . . : No
>>> IP Address. . . . . . . . . . . . : 83.67.xx.yy
>>> Subnet Mask . . . . . . . . . . . : 255.255.255.255
>>> Default Gateway . . . . . . . . . : 83.67.xx.yy
>>> DNS Servers . . . . . . . . . . . : 194.******
>>> 194.******
>>> NetBIOS over Tcpip. . . . . . . . : Disabled
>>>
>>>
>>> However, I want to allow remote access to the server, through VPN
>>> and modem dial-up. So disabled ISC on ADSL DUN connection and
>>> enabled RRAS, manually setting up NATs and dynamic dial link, with
>>> the appropriate static route added. Link successfully connects, and
>>> can browse directly on server. Clients can resolve internet names to
>>> correct IPs through the DNS server but cannot browse.
>>>
>>> Here are the routing tables and ipconfig info for RRAS with NAT:
>>>
>>>
>>> ***** routing table *****
>>>
>>> C:\>route print
>>> =====================================================
>>> Interface List
>>> 0x1 ........................... MS TCP Loopback interface
>>> 0x2 ...00 40 f4 2c 9c 19 ...... Realtek RTL8139/810x Family Fast
>>> Ethernet NIC 0x1000003 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP)
>>> Interface 0x43000004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP)
>>> Interface =====================================================
>>> Active Routes:
>>> Network Destination Netmask Gateway Interface Metric
>>> 0.0.0.0 0.0.0.0 194.106.aa.bb 83.67.xx.yy 1
>>> 83.67.xx.yy 255.255.255.255 127.0.0.1 127.0.0.1 1
>>> 83.255.255.255 255.255.255.255 83.67.xx.yy 83.67.xx.yy
>>> 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
>>> 192.168.1.0 255.255.255.0 192.168.1.1 192.168.1.1 1
>>> 192.168.1.1 255.255.255.255 127.0.0.1 127.0.0.1 1
>>> 192.168.1.255 255.255.255.255 192.168.1.1 192.168.1.1 1
>>> 192.168.2.1 255.255.255.255 127.0.0.1 127.0.0.1 1
>>> 224.0.0.0 224.0.0.0 83.67.xx.yy 83.67.xx.yy 1
>>> 224.0.0.0 224.0.0.0 192.168.1.1 192.168.1.1 1
>>> 255.255.255.255 255.255.255.255 192.168.1.1 192.168.1.1
>>> 1 Default Gateway: 194.106.aa.bb
>>> =====================================================
>>> Persistent Routes:
>>> None
>>>
>>>
>>> ***** ipconfig *****
>>>
>>> C:\>ipconfig /all
>>>
>>> Windows 2000 IP Configuration
>>>
>>> Host Name . . . . . . . . . . . . : server
>>> Primary DNS Suffix . . . . . . . : ********
>>> Node Type . . . . . . . . . . . . : Hybrid
>>> IP Routing Enabled. . . . . . . . : No
>>> WINS Proxy Enabled. . . . . . . . : No
>>> DNS Suffix Search List. . . . . . : ********
>>>
>>> Ethernet adapter Sputnik LAN:
>>>
>>> Connection-specific DNS Suffix . :
>>> Description . . . . . . . . . . . : Realtek RTL8139/810x
>>> Family Fast Ethernet NIC
>>> Physical Address. . . . . . . . . : 00-40-F4-2C-9C-19
>>> DHCP Enabled. . . . . . . . . . . : No
>>> IP Address. . . . . . . . . . . . : 192.168.1.1
>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>> Default Gateway . . . . . . . . . :
>>> DNS Servers . . . . . . . . . . . : 192.168.1.1
>>>
>>> PPP adapter {43EF4B9F-EF8B-4947-8662-20124EAE5B7B}:
>>>
>>> Connection-specific DNS Suffix . :
>>> Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
>>> Physical Address. . . . . . . . . : 00-53-45-00-00-00
>>> DHCP Enabled. . . . . . . . . . . : No
>>> IP Address. . . . . . . . . . . . : 83.67.xx.yy
>>> Subnet Mask . . . . . . . . . . . : 255.255.255.255
>>> Default Gateway . . . . . . . . . : 194.106.aa.bb
>>> DNS Servers . . . . . . . . . . . : 194.********
>>> 194.*********
>>> NetBIOS over Tcpip. . . . . . . . : Disabled
>>>
>>> PPP adapter RAS Server (Dial In) Interface:
>>>
>>> Connection-specific DNS Suffix . :
>>> Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
>>> Physical Address. . . . . . . . . : 00-53-45-00-00-00
>>> DHCP Enabled. . . . . . . . . . . : No
>>> IP Address. . . . . . . . . . . . : 192.168.2.1
>>> Subnet Mask . . . . . . . . . . . : 255.255.255.255
>>> Default Gateway . . . . . . . . . :
>>> DNS Servers . . . . . . . . . . . : 127.0.0.1
>>>
>>>
>>> I have spent weeks troubleshooting this problem and I think I have
>>> tracking the problem down to the default gateway assigned to the
>>> ADSL dynamic link.
>>>
>>> When ICS is running and the ADSL link is established, you can see
>>> that the default gateway is set to 83.67.xx.yy, same as the assigned
>>> IP, which is understandable, it's a two host subnet, the client end
>>> and server end, anything will route to the 194.106.aa.bb address.
>>> Which is true, routing works with ICS.
>>>
>>> But with RRAS, NAT and a dynamic connection, you can see that the
>>> default gateway is set to the 194.106.aa.bb address, the server end
>>> address, not the client assigned address.
>>>
>>> Am I on the right track? Is this the problem? And if so, how do I
>>> change the default gateway? It's non-settable in RRAS because it's a
>>> dynamic link. Is there an entry I can add to the routing table? If
>>> so, what and how?
>>>
>>> Thanks a million in advance for an advice and help, this is really
>>> frustrating.
>>>
>>> Andrew.
.
- References:
- Cannot get NAT to route in RRAS
- From: Andrew Ward
- Re: Cannot get NAT to route in RRAS
- From: Bill Grant
- Re: Cannot get NAT to route in RRAS
- From: Andrew Ward
- Cannot get NAT to route in RRAS
- Prev by Date: Port stuck in "calling back" mode.
- Next by Date: Re: VPN - Mapping
- Previous by thread: Re: Cannot get NAT to route in RRAS
- Next by thread: Partial solution
- Index(es):
Relevant Pages
|
