Re: NAT without DHCP? (w2k3)

What it says is correct. You have selected the IP subnet 10.0.0.0 with a
subnet mask of 255.0.0.0 . That subnet contains over 16 million IP
addresses starting from 10.0.0.1 Addresses ending in zero are subnet
addresses, not individual machine addresses.

Making this change should not have made any difference to your setup,
except that you could now use NAT to give your client machine its network
config (by setting it back to obtain its IP and DNS addresses
automatically)..

My guess is that you have not configured the public interface correctly.
How does your server connect to the Internet? Does it use a PPPoE
connection?

Alex Smirnoff wrote:
Yes, I finally figured it out (_really_ confusing): this property
page is located in the computer properties dialog and initially I was
looking at "nat/rras" dialog

However, it still doesn't work. This is what I have in the dialog:

Static address pool
From: 10.0.0.0
To: 10.255.255.255
Number of addresses:16,277,216
IP address: 10.0.0.0
Mask: 255.0.0.0

What is confusing this time is ip address: 10.0.0.0. Why it is not
set to the private address of the NAT machine?

I also enabled NAT tracing - may be this can help? (ipnathlp.log):

[1860] 23:53:08: DnsReadCompletionRoutine
[1860] 23:53:08: DnsProcessQueryMessage
[1860] 23:53:08: DnsProcessQueryMessage: Dns_ParseMessage succeeded!!
[1860] 23:53:08: DnsProcessQueryMessage: www.yahoo.com (FALSE)
[1860] 23:53:08: DnsProcessQueryMessage: (0x000025e5) DNS record does
not exist.
[1860] 23:53:08: DnsIsPendingQuery
[1860] 23:53:08: DnsRecordQuery
[1860] 23:53:08: DnsSendQuery
[1860] 23:53:08: DnsSendQuery: sending query 2480 interface 65543 to
xx.xx.xx.xx
[1860] 23:53:08: DnsSendQuery: sending query 2480 interface 65543 to
xx.xx.xx.xx
[528] 23:53:08: DnsWriteCompletionRoutine
[528] 23:53:08: DnsMapResponseToQuery
[528] 23:53:08: DnsWriteCompletionRoutine: sent query 2480 interface
65543 [1860] 23:53:08: DnsWriteCompletionRoutine
[1860] 23:53:08: DnsMapResponseToQuery
[1860] 23:53:08: DnsWriteCompletionRoutine: sent query 2480 interface
65543 [1860] 23:53:08: DnsReadCompletionRoutine
[1860] 23:53:08: DnsProcessResponseMessage
[1860] 23:53:08: DnsMapResponseToQuery
[1860] 23:53:08: DnsWriteCompletionRoutine
[1860] 23:53:08: DnsMapResponseToQuery
[1860] 23:53:08: DnsWriteCompletionRoutine: removing query 2480
interface 65543
[1860] 23:53:08: DnsDeleteQuery
[1860] 23:53:08: DnsReadCompletionRoutine
[1860] 23:53:08: DnsProcessResponseMessage
[1860] 23:53:08: DnsMapResponseToQuery
[1860] 23:53:11: DnspQueryTimeoutCallbackRoutine
[1860] 23:53:11: DnsLookupInterface
[1860] 23:53:11: DnsMapResponseToQuery
[1860] 23:53:11: DnspQueryTimeoutCallbackRoutine: query 2480
interface 65543 not found


"Bill Grant" wrote:

You said earlier that you enabled DNS from the tab in the NAT
properties ***.. Right alongside that tab on the properties ***
is the address allocation tab. Click that, check the box to allocate
IPs and put the IP subnet you want to use in the box (or use the
default setting of 192.168.0.0/24) .

Alex Smirnoff wrote:
Bill, I'm still confused. Can you knock me on the forehead :) and
tell where is that dialog to configure address pool for the private
network? What should I right-click first?

"Bill Grant" wrote:

That is a different address pool. That applies to your public
interface and is only used if you have been allocated a number of
public IP addresses by your ISP.

(Just to add to the confusion there is another pool of
addresses in RRAS which you can allocate to remote access clients.
You don't need to do anything with them either in your case).

Alex Smirnoff wrote:
Ok, if I right-click NAT/Basic Firewall node in the tree and then
select properties, on address assignment tab I see "Automatically
assign IP addresses by using DHCP allocator" - not what I need.
If I right-click on my public interface, I see "Address pool" tab
but it defines "range of public IP addresses assigned to you",
according to the documentation. So how that pool of internal IP
addresses is configured?

Configuring DNS was really easy - I just enabled name resolution
it in the NAT/Basic firewall properties.

"Bill Grant" wrote:

The dhcp-style allocator in NAT is not configured
automatically. If you want to use it, you configure a pool of IP
addresses for NAT to allocate to the client machines. (You do
this from the NAT Properties ***). If you do not configure any
addresses, you need to set up a DHCP server on the LAN or use
static config for the hosts. Either setup should work.

NAT is a fairly simple setup. There are really only a few
things that must be set for it to work.

1. The public interface must have a default route out to the
Interent.
2. The public and private interfaces to be used must be assigned
in NAT.
3. The client machines must use the NAT router's private
interface as their default gateway.

What are you doing about DNS? If the client uses the server's
private NIC IP address for DNS, NAT will act as a DNS relay and
forward the DNS requests to your ISP (or whatever the server's
public NIC uses).

Alex Smirnoff wrote:
When you say "But you do have to configure NAT on the RRAS
server, just leave the area for IP addresses blank", what do you
mean? NAT is enabled on the public interface of the RRAS server
already. What is this "area for IP addresses" - I just dont see
it.

"Bill Grant" wrote:

You do not have to use the DHCP-style allocator in NAT. You
can use static IPs or you can run DHCP on one of your servers.
But you do have to configure NAT on the RRAS server. Just leave
the area for IP addresses blank. As long as you set the RRAS
server's private IP as the default gateway on the second
machine (which you have done) it should work for any
10.x.x.x address.


Alex Smirnoff wrote:
Setup scenario: Windows Server 2003 R2 x64, two network cards
- one public and one private. I followed all instructions and
installed routing and remote access services, configured one
network interface as public and another as private (with IP
10.0.0.16). Everything works fine and server can access
internet.

Then I started configuring another machine on the internal
network to use first machine as router and got stuck. I dont
want to use DHCP allocator and want to assign internall
addresses manually. So I configured second machine as such (it
is another W2K3 R2 x64, if it matters):

IP Address. . . . . . . . . . . . : 10.0.2.10
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . : 10.0.0.16
DNS Servers . . . . . . . . . . . : 10.0.0.16

Again, everything works and I can ping one machine from
another. But I cannot access outside world from the second
machine. I realized that first server will not do NAT because
it doesnt know that it should do it for particular internal
IP.

So how I can the main server to do NAT for all internal
network without using DCHP?

I would really appreciate any help/advice.

Alex


.

Loading