Re: newbie lost in trying to setup NAT
From: Bill Grant (not.available_at_online)
Date: 09/08/04
- Next message: Chris Wilson: "Very slow response when MDB stored on Small Business Server 2003 network share"
- Previous message: Eng: "Port Details"
- In reply to: vvu: "Re: newbie lost in trying to setup NAT"
- Next in thread: anonymous_at_discussions.microsoft.com: "Re: newbie lost in trying to setup NAT"
- Reply: anonymous_at_discussions.microsoft.com: "Re: newbie lost in trying to setup NAT"
- Reply: vvu: "Re: newbie lost in trying to setup NAT"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 8 Sep 2004 13:04:15 +1000
OK, that makes sense. That is a valid way to set up Internet access for a
home network (without AD). It really depends on how your ISP handles things.
Creating a demand-dial interface and using that as your Internet
connection is the normal situation if you use dialup or if the cable modem
is directly connected to the server. If you connect to the Internet from a
second NIC, you do not normally need to use this method. You can use the NIC
as your Internet interface.
So the first thing to work out is exactly how your Internet connection
works. Can your server connect to and browse the Internet without setting
up a demand-dial interface? If it can, you do not need to set up a
demand-dial interface. You can use the second NIC as your public interface
for NAT.
The other complication is Active Directory. The normal setup for NAT is
to use NAT to allocate addresses and other settings to LAN clients (NAT has
a built in allocator or mini-DHCP server) . NAT also acts as a DNS relay to
send DNS requests on the your ISP. This fails for AD because the clients
must use local DNS to find AD services.
To use your server as an AD server running its own DNS and DHCP, you
have to disable both of these options. You disable the allocator by not
giving it any addresses to allocate. You disable DNS relay by not ticking
the name resolution box in NAT.
When you have stopped NAT from trying to do these things, you have to
allow them to happen on your server. You have to configure DNS to forward
requests to a public DNS service (such as your ISP). You need to configure
DHCP to give clients the correct IP address and nemask, default gateway and
DNS address. You then must authorise your DHCP server in AD so that it will
operate.
If you decide this is all too much, run dcpromo again to remove AD. You
can then use NAT to give Internet access to your LAN machines, using its
built in allocator and DNS proxy.
"vvu" <anonymous@discussions.microsoft.com> wrote in message
news:725f01c494b1$d5a4b500$a501280a@phx.gbl...
> sorry if i've confused you. i dont know how to put in a
> diagram so i'll try my best to explain.
>
> ok so what i have at home is...
> -a PC running win 2003 server which runs AD, DHCP and DNS.
> -this pc has 2 NICs,1 connected to the internal network
> (via hub) and 1 connected to the cable modem.
>
> what i have done...
> -installed NAT through the 'Routing aand Remote Access
> Server Setup wizard'.(im a little unsure of how to
> configure it but this is what i've done)
> -on the first window(NAT Internet Connection), it gives 2
> options-'use this public interface to connect to the
> internet' or 'create new demand dial interface to the
> internet' i select 'create new demand dial interface to
> the internet' is that right?
> -then it asks to choose a name for this interface and
> stuff...
>
> -after thats done i go into the 'Routing and Remote
> Access' mmc.
> -expand the 'server','IP Routing' and select 'NAT/Basic
> Firewall'...in here there are 3 'Interfaces'. 1-Internal,2-
> external,3-Remote Router(which i had created in previous
> wizard).
> im not sure what im supposed to confugure here but
> according to a tutorial i found, i go into the properties
> of the 'Remote Router' interface i make sure that 'public
> interface connected to the internet' and 'enable NAT on
> this interface' and 'enable a basic firewall on this
> interface' are selected.
>
> - now i need something to foward DNS queries to the ISP
> because my DNS server cant translate internet queries(is
> that right?)
> -open up DNS via 'administrative tools' then in the
> properties of my server i go into the 'fowarders' tab.
> -here i put my ISPs DNS IPs in the 'select domain's
> fowarder IP address' and click add.
>
> thats all that i've done i dont know what to do with the
> clients,they have automatic settings for IP and DNS.
> i have tried setting the DNS setting for the clients to
> point to my win2003 server with no sucess.
>
> i really appriciate your help.thanks
>
>
> >-----Original Message----
> > I think you had better start again and tell us exactly
> how your network
> >is configured and what you are trying to achieve. A
> simple diagram would
> >help. I was under the impression that you had a router
> connected to the
> >Internet and two NICs in the server. Now you say you
> using a dialup
> >connection through a modem.
> >
> >"vvu" <anonymous@discussions.microsoft.com> wrote in
> message
> >news:6b6101c49408$d50d14b0$a301280a@phx.gbl...
> >> sorry im not too sure what you mean by.. "you cannot
> have
> >> your clients using the default DHCP settings of your
> >> router."
> >>
> >> at the moment the clients are using dynamic ip and
> >> automatic dns settings.
> >> so do you mean i should set the clients dns to point to
> >> the DC(which runs as NAT,DHCP,DNS)?
> >>
> >> this is what i have done so far with no sucess.
> >> i have installed a NAT with the "Routing and Remote
> Access
> >> Server Setup Wizard".
> >> I selected "Create a new demand dial interface to the
> >> internet" option and selected the NIC that will connect
> to
> >> the internet.
> >> then i went into 'administrative tools-Routing and
> Remote
> >> Access',expanded 'my server-IP Routing' and there are 3
> >> interfaces. there is the one that i created with the
> >> wizard and an 'internal' and 'external' one. should i
> >> confugure all of these? or should i just configure the
> one
> >> that i created?
> >>
> >> then i configured forwarders. in 'administrative tools-
> >> DNS' i right click the server then in the 'fowarders'
> tab
> >> i click on 'new' then type in the ISPs DNS IPs and
> >> click 'add'.
> >>
> >> sory if i seem a little slow in still new at this and im
> >> really eager to get this working!
> >> thanks for all your help guys.
> >>
> >> >-----Original Message-----
> >> > If you are using Active Directory, you cannot have
> >> your clients using the
> >> >default DHCP settings of your router. An Internet NAT
> >> router gives its
> >> >clients a default gateway setting of itself (which is
> >> fine) and a DNS
> >> >address of itself (which is not OK for AD).
> >> >
> >> > If you want to use the NAT router as your DHCP
> >> server, you will have to
> >> >modify it to give out your DC's IP address for DNS, not
> >> it's own IP.
> >> >
> >> > To test this, set up a client manually to have the
> >> router as its default
> >> >gateway but your DC as its DNS address.
> >> >
> >> > Can your server now access the Internet?
> >> >
> >> >"vvu" <anonymous@discussions.microsoft.com> wrote in
> >> message
> >> >news:5d3d01c49224$42efb460$a501280a@phx.gbl...
> >> >> i have now confirmed that the isp's DNS ip addresses
> are
> >> >> correct. but they still are not working.
> >> >> does it matter that the tcp/ip properties of the NIC
> >> >> (connected to the modem) are all on automatic?
> >> >> do i need to configure anything on the clients?
> >> >> the clients NIC settings are currently on auto for IP
> >> >> addressing and DNS.
> >> >> when i try to access an internet address i get an ie6
> >> >> error 'cannot find server or dns error'
> >> >>
> >> >> thanks again.
> >> >>
> >> >> >-----Original Message-----
> >> >> >"vvu" <anonymous@discussions.microsoft.com> wrote in
> >> >> >news:098c01c491c0$a1de8640$a401280a@phx.gbl:
> >> >> >
> >> >> >> Oh ok, so if I uninstall or disable DNS and DHCP
> >> will I
> >> >> >> still be able to run an Active Directory Network
> >> >> without
> >> >> >> any issues?
> >> >> >>
> >> >> >>>-----Original Message-----
> >> >> >>>"vvu" <anonymous@discussions.microsoft.com> wrote
> in
> >> >> >>>news:047a01c49081$a6c1b4b0$a401280a@phx.gbl:
> >> >> >>>
> >> >> >>>> Hi im a newbie here and any suggestion would
> help
> >> as
> >> >> i
> >> >> >> am
> >> >> >>>> confused with setting up a NAT for my home AD
> >> network.
> >> >> >>>> I have a cable connection which provides a
> dynamic
> >> >> ip.
> >> >> >> i
> >> >> >>>> have a 2003 server acting as a DNS,DHCP for the
> AD
> >> >> >> network
> >> >> >>>> and 2 client pc's.
> >> >> >>>> the server has 2 NIC's in which 1 is for the
> >> internal
> >> >> >>>> network(static ip) and the other connected to
> the
> >> >> cable
> >> >> >>>> modem(dynamic ip). im not too sure on how to
> setup
> >> a
> >> >> >> NAT
> >> >> >>>> and foward DNS queries(is that theory correct)
> but
> >> i
> >> >> >> have
> >> >> >>>> info on it. i am confused as to how would i
> >> redirect
> >> >> >>>> queries to the NIC connected to the modem if the
> >> NIC
> >> >> >>>> connected has a dynamic ip.
> >> >> >>>> can anyone assist please?
> >> >> >>>> thanks in advanced.
> >> >> >>>
> >> >> >>>If you enable Internet Connection Sharing (ICS) on
> >> the
> >> >> >> NIC that is
> >> >> >>>connected to the cable modem, you have enabled
> NAT.
> >> ICS
> >> >> >> has a built-in DHCP
> >> >> >>>and DNS server, so you don't want to deploy DNS
> and
> >> >> DHCP
> >> >> >> as well as ICS. If
> >> >> >>>you do, nothing will work correctly.
> >> >> >>>
> >> >> >>>I don't recall if you can disable DHCP and DNS in
> >> ICS,
> >> >> >> you will need to
> >> >> >>>read the Help. Otherwise you will need to disable
> or
> >> >> >> uninstall the DHCP and
> >> >> >>>DNS services on the server.
> >> >> >>>
> >> >> >>>
> >> >> >>>
> >> >> >>>--
> >> >> >>>James McIllece, Microsoft
> >> >> >>>
> >> >> >>>Please do not send email directly to this alias.
> >> This
> >> >> is
> >> >> >> my online account
> >> >> >>>name for newsgroup participation only.
> >> >> >>>
> >> >> >>>This posting is provided "AS IS" with no
> warranties,
> >> >> and
> >> >> >> confers no rights.
> >> >> >>>.
> >> >> >>>
> >> >> >
> >> >> >Talked to a couple of people over here and changed
> my
> >> >> mind about your best
> >> >> >course of action.
> >> >> >
> >> >> >Instead of using ICS for NAT, you can use NAT in
> >> Routing
> >> >> and Remote Access
> >> >> >Service (RRAS) without disabling DNS and DHCP on the
> >> >> server. See the Help
> >> >> >topic called "Deploying network address
> translation" in
> >> >> Windows Server 2003
> >> >> >Help and Support Center on your PC, or on the Web at
> >> >>
> >>
> >http://www.microsoft.com/resources/documentation/WindowsSe
> >> >> rv/2003/standard/
> >> >> >proddocs/en-
> >> >> >us/Default.asp?
> >> >>
> >>
> url=/resources/documentation/windowsserv/2003/standard/prod
> >> >> d
> >> >> >ocs/en-us/sag_rras-ch3_06d.asp.
> >> >> >
> >> >> >--
> >> >> >James McIllece, Microsoft
> >> >> >
> >> >> >Please do not send email directly to this alias.
> This
> >> is
> >> >> my online account
> >> >> >name for newsgroup participation only.
> >> >> >
> >> >> >This posting is provided "AS IS" with no warranties,
> >> and
> >> >> confers no rights.
> >> >> >.
> >> >> >
> >> >
> >> >
> >> >.
> >> >
> >
> >
> >.
> >
- Next message: Chris Wilson: "Very slow response when MDB stored on Small Business Server 2003 network share"
- Previous message: Eng: "Port Details"
- In reply to: vvu: "Re: newbie lost in trying to setup NAT"
- Next in thread: anonymous_at_discussions.microsoft.com: "Re: newbie lost in trying to setup NAT"
- Reply: anonymous_at_discussions.microsoft.com: "Re: newbie lost in trying to setup NAT"
- Reply: vvu: "Re: newbie lost in trying to setup NAT"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
