Re: RRAS Win2003: Cannot reach public IP reserved hosts behind our NAT
From: Phillip Windell (_at_.)
Date: 08/02/04
- Next message: Phillip Windell: "Re: DHCP Question - Two interfaces; two scopes"
- Previous message: Phillip Windell: "Re: RRAS Win2003: Cannot reach public IP reserved hosts behind our NAT"
- In reply to: Phillip Windell: "Re: RRAS Win2003: Cannot reach public IP reserved hosts behind our NAT"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 2 Aug 2004 09:22:43 -0500
If you want some reference material on this issue look in this article about
two-thirds the way down under the heading called "14120 Errors"
[Those are underscores, not spaces between the words]
14120 Errors; Discussion and Solution
http://www.isaserver.org/articles/14120_Errors_Discussion_and_Solution.html
-- Phillip Windell [MCP, MVP, CCNA] www.wandtv.com "Phillip Windell" <@.> wrote in message news:uJ6rRuJeEHA.1764@TK2MSFTNGP10.phx.gbl... > "Nick" <Nick@discussions.microsoft.com> wrote in message > news:1A20D5E0-1056-4D97-9687-19DBCFAD2B5B@microsoft.com... > > The problem is, we are unable to access them by their public IP address > from our intranet. From within our intranet we can access the machines by > their private addresses (10.x.x.x) just fine, as these packets are not > routed to our RRAS box. > > Since you are accessing by IP# there isn't any DNS involved here (sorry, > guys). What you describe is exactly the way it is supposed to behave if you > are "reverse-NATting" (Static NATing) from publich IP#s bound to the > external Interface of the Router back to these machines on your internal > LAN. > > Contrary to popular misconception, Ethernet runs on MAC addresses not on > IP#s. The role of the IP# in Ethernet is only to provide a Layer3 routing > mechanism and to provide a means to resolve the MAC address (ARP). The > reason intranet host must use the private addresses to access the servers is > because NAT can't make "u-turns". When you send a packet to the external > IP# the "NAT" process takes it and creates a situation where the source and > destination MAC addresses in the packet headers are the same address. It > can't go from itself to istself and shoots itself in the head. > > These types of situations will work with other types of "processing" like > the "Web Publishing" or "Server Publishing" features of ISA & Proxy2 because > the internal methodology is different, but it will not work with a NAT > Device. > > So when outside your system use the public IP# and when inside the system > use the private IP#. If you want to access by "FQDN" then make sure your > DNS functions properly to resolve to the proper IP# as the other guys are > describing. > > -- > > Phillip Windell [MCP, MVP, CCNA] > www.wandtv.com > >
- Next message: Phillip Windell: "Re: DHCP Question - Two interfaces; two scopes"
- Previous message: Phillip Windell: "Re: RRAS Win2003: Cannot reach public IP reserved hosts behind our NAT"
- In reply to: Phillip Windell: "Re: RRAS Win2003: Cannot reach public IP reserved hosts behind our NAT"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
