Re: NAT without DHCP? (w2k3)

How I can troubleshoot the problem and see why ip packets from the private
network don't go outside? DNS works perfectly fine but nothing else. tracert
displays timeout on the first hop.

I have no idea where else to look. Firewall allows all outgoing packets from
the main server.

Alex

"Alex Smirnoff" wrote:

My guess is that you have not configured the public interface correctly.
How does your server connect to the Internet? Does it use a PPPoE
connection?
It has direct connection with static ip. I can access the Internet from the
main server machine without any problems.


Alex Smirnoff wrote:
Yes, I finally figured it out (_really_ confusing): this property
page is located in the computer properties dialog and initially I was
looking at "nat/rras" dialog

However, it still doesn't work. This is what I have in the dialog:

Static address pool
From: 10.0.0.0
To: 10.255.255.255
Number of addresses:16,277,216
IP address: 10.0.0.0
Mask: 255.0.0.0

What is confusing this time is ip address: 10.0.0.0. Why it is not
set to the private address of the NAT machine?

I also enabled NAT tracing - may be this can help? (ipnathlp.log):

[1860] 23:53:08: DnsReadCompletionRoutine
[1860] 23:53:08: DnsProcessQueryMessage
[1860] 23:53:08: DnsProcessQueryMessage: Dns_ParseMessage succeeded!!
[1860] 23:53:08: DnsProcessQueryMessage: www.yahoo.com (FALSE)
[1860] 23:53:08: DnsProcessQueryMessage: (0x000025e5) DNS record does
not exist.
[1860] 23:53:08: DnsIsPendingQuery
[1860] 23:53:08: DnsRecordQuery
[1860] 23:53:08: DnsSendQuery
[1860] 23:53:08: DnsSendQuery: sending query 2480 interface 65543 to
xx.xx.xx.xx
[1860] 23:53:08: DnsSendQuery: sending query 2480 interface 65543 to
xx.xx.xx.xx
[528] 23:53:08: DnsWriteCompletionRoutine
[528] 23:53:08: DnsMapResponseToQuery
[528] 23:53:08: DnsWriteCompletionRoutine: sent query 2480 interface
65543 [1860] 23:53:08: DnsWriteCompletionRoutine
[1860] 23:53:08: DnsMapResponseToQuery
[1860] 23:53:08: DnsWriteCompletionRoutine: sent query 2480 interface
65543 [1860] 23:53:08: DnsReadCompletionRoutine
[1860] 23:53:08: DnsProcessResponseMessage
[1860] 23:53:08: DnsMapResponseToQuery
[1860] 23:53:08: DnsWriteCompletionRoutine
[1860] 23:53:08: DnsMapResponseToQuery
[1860] 23:53:08: DnsWriteCompletionRoutine: removing query 2480
interface 65543
[1860] 23:53:08: DnsDeleteQuery
[1860] 23:53:08: DnsReadCompletionRoutine
[1860] 23:53:08: DnsProcessResponseMessage
[1860] 23:53:08: DnsMapResponseToQuery
[1860] 23:53:11: DnspQueryTimeoutCallbackRoutine
[1860] 23:53:11: DnsLookupInterface
[1860] 23:53:11: DnsMapResponseToQuery
[1860] 23:53:11: DnspQueryTimeoutCallbackRoutine: query 2480
interface 65543 not found


"Bill Grant" wrote:

You said earlier that you enabled DNS from the tab in the NAT
properties ***.. Right alongside that tab on the properties ***
is the address allocation tab. Click that, check the box to allocate
IPs and put the IP subnet you want to use in the box (or use the
default setting of 192.168.0.0/24) .

Alex Smirnoff wrote:
Bill, I'm still confused. Can you knock me on the forehead :) and
tell where is that dialog to configure address pool for the private
network? What should I right-click first?

"Bill Grant" wrote:

That is a different address pool. That applies to your public
interface and is only used if you have been allocated a number of
public IP addresses by your ISP.

(Just to add to the confusion there is another pool of
addresses in RRAS which you can allocate to remote access clients.
You don't need to do anything with them either in your case).

Alex Smirnoff wrote:
Ok, if I right-click NAT/Basic Firewall node in the tree and then
select properties, on address assignment tab I see "Automatically
assign IP addresses by using DHCP allocator" - not what I need.
If I right-click on my public interface, I see "Address pool" tab
but it defines "range of public IP addresses assigned to you",
according to the documentation. So how that pool of internal IP
addresses is configured?

Configuring DNS was really easy - I just enabled name resolution
it in the NAT/Basic firewall properties.

"Bill Grant" wrote:

The dhcp-style allocator in NAT is not configured
automatically. If you want to use it, you configure a pool of IP
addresses for NAT to allocate to the client machines. (You do
this from the NAT Properties ***). If you do not configure any
addresses, you need to set up a DHCP server on the LAN or use
static config for the hosts. Either setup should work.

NAT is a fairly simple setup. There are really only a few
things that must be set for it to work.

1. The public interface must have a default route out to the
Interent.
2. The public and private interfaces to be used must be assigned
in NAT.
3. The client machines must use the NAT router's private
interface as their default gateway.

What are you doing about DNS? If the client uses the server's
private NIC IP address for DNS, NAT will act as a DNS relay and
forward the DNS requests to your ISP (or whatever the server's
public NIC uses).

Alex Smirnoff wrote:
When you say "But you do have to configure NAT on the RRAS
server, just leave the area for IP addresses blank", what do you
mean? NAT is enabled on the public interface of the RRAS server
already. What is this "area for IP addresses" - I just dont see
it.

"Bill Grant" wrote:

You do not have to use the DHCP-style allocator in NAT. You
can use static IPs or you can run DHCP on one of your servers.
But you do have to configure NAT on the RRAS server. Just leave
the area for IP addresses blank. As long as you set the RRAS
server's private IP as the default gateway on the second
machine (which you have done) it should work for any
10.x.x.x address.


Alex Smirnoff wrote:
Setup scenario: Windows Server 2003 R2 x64, two network cards
- one public and one private. I followed all instructions and
installed routing and remote access services, configured one
network interface as public and another as private (with IP
10.0.0.16). Everything works fine and server can access
internet.

Then I started configuring another machine on the internal
network to use first machine as router and got stuck. I dont
want to use DHCP allocator and want to assign internall
addresses manually. So I configured second machine as such (it
is another W2K3 R2 x64, if it matters):

IP Address. . . . . . . . . . . . : 10.0.2.10
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . : 10.0.0.16
DNS Servers . . . . . . . . . . . : 10.0.0.16

Again, everything works and I can ping one machine from
another. But I cannot access outside world from the second
machine. I realized that first server will not do NAT because
it doesnt know that it should do it for particular internal
IP.

So how I can the main server to do NAT for all internal
network without using DCHP?

I would really appreciate any help/advice.

Alex



.