Re: NAT troubleshooting

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

I dont follow...which interface are you talking about? Private interface does
not have gateway set, public does - but it needs it.

Another observation: NAT creates port mappings for the client - I can see
them in the "Show mappings" dialog. But packets do not go outside (even with
firewall disabled). Really strange...

"workinghard@xxxxxxxxxxxxxx" wrote:

Hello,

I see you have to internal NIC's on the RRAS sever. Just as a test try to
levae the gateway on that NIC with IP x.x.x.20 blank or even better disable
it. You don't really Need that NIC for NAT to work.

Cheers
"Alex Smirnoff" <AlexSmirnoff@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BF8507F9-BAF4-4EE1-8D5E-45C789786C82@xxxxxxxxxxxxxxxx
All setup has been done according to the documentation/FAQ. I can access
the
internet from the main server, I can also ping private machine IP (and
back).
DNS works. According to windump, packets arrive at the local interface but
nothing goes outside. NAT creates port mapping for the outgoing connection
(I
can see it in the public network interface properties when I try to access
a
web site from the internal network)

Nothing special about the config:

Main machine:

Windows IP Configuration
Host Name . . . . . . . . . . . . : myhost
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
#2
Physical Address. . . . . . . . . : 00-30-48-56-xx-xx

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-30-48-56-xx-xx

Ethernet adapter External.Jack1:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
Server
Adapter
Physical Address. . . . . . . . . : 00-04-23-CE-xx-xx
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : Static external ip
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : ISP gateway
DNS Servers . . . . . . . . . . . : ISP DNS


Ethernet adapter Internal.Jack2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
Server
Adapter #2
Physical Address. . . . . . . . . : 00-04-23-CE-xx-xx
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.16
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : ISP DNS

Local computer:

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : mshome.net
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-0C-29-6E-xx-xx
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.0.2.10
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . : 10.0.0.16
DHCP Server . . . . . . . . . . . : 10.0.0.16
DNS Servers . . . . . . . . . . . : 10.0.0.16
Lease Obtained. . . . . . . . . . : Wednesday, August 16, 2006 2:12:58
AM
Lease Expires . . . . . . . . . . : Wednesday, August 23, 2006 2:12:58
AM

"workinghard@xxxxxxxxxxxxxx" wrote:

Hello,

Please post your ipconfig /all here please so we can have a look at that
for
starters.

Cheers


"Alex Smirnoff" <AlexSmirnoff@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:993AFAA1-A7A8-4C0B-AE03-F5405085F536@xxxxxxxxxxxxxxxx
I have installed RRAS in very basic configuration but computers on the
private network cannot access the internet. All public/private
interfaces
are
configured properly. DNS is the only thing which is working fine from
the
inside. (I can access the internet from the primary server just fine)

tracert from the private network to any internet address doesn't even
show
first hop (it' is supposed to be default gateway) - times out.

How I can troubleshoot the problem and see why ip packets from the
private
network don't go outside? Where I can find any useful logs/traces
(firewall, NAT - anything)?

Alex







.

Relevant Pages

  • Re: NAT without DHCP? (w2k3)
    ... My guess is that you have not configured the public interface correctly. ... How does your server connect to the Internet? ... set to the private address of the NAT machine? ...
    (microsoft.public.windows.server.networking)
  • Re: NAT without DHCP? (w2k3)
    ... the private address of the NAT machine? ... I also enabled NAT tracing - may be this can help? ... right-click on my public interface, I see "Address pool" tab but it ... server, just leave the area for IP addresses blank", what do you ...
    (microsoft.public.windows.server.networking)
  • Re: VPN IP Addressing Problem
    ... block of IPs and they are used up with my public interface on the ... then the NAT for the mail server and PAT for all other traffic. ... but the ASA's external IP address is a private ... Can I just VPN to the public IP that is NATed to the LAN ...
    (comp.dcom.sys.cisco)
  • Re: PIX: NAT inside VPN tunnel (515e)
    ... > The PIX has one outside interface with a public IP address ... > administration reasons - i want to use NAT to hide my private ...
    (comp.dcom.sys.cisco)
  • RE: Running public IPs inside an RFC 1597 network
    ... > I'm running a typical Class C RFC 1597 network in my lab. ... know or care if we humans designate a subnet as public or private. ... is the absolute most general route there is for a machine. ... In a correctly configured system when you define an interface, ...
    (freebsd-questions)