Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Windows 2003 Server NAT Configuration

Windows 2003 Server NAT Configuration 8 years 1 month ago #27707

  • derk
  • derk's Avatar
  • Offline
  • Frequent Member
  • Posts: 41
  • Karma: 0
Hello Everybody!

I'm having a problem with my Windows 2003 Server (NAT Configuration). The host server can connect to the internet but the private machines cannot connect to the internet. The private machines although can ping the internet gateway but still cannot browse the internet nor ping yahoo.

Pls help!!
The administrator has disabled public write access.

Re: Windows 2003 Server NAT Configuration 8 years 1 month ago #27711

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
Since I'm not sure how did you initially configure it. I would first try a neat tutorial on doing it: www.helpline4it.com/lab_practices-d152.html

Please ask us if you have further trouble.
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.

Re: Windows 2003 Server NAT Configuration 8 years 1 month ago #27722

  • KiLLaBeE
  • KiLLaBeE's Avatar
  • Offline
  • Expert Member
  • Posts: 466
  • Karma: 0
I had to enter routing entries on the server (and the routers) to resolve this when I experienced it.

If you have the primate machines connected directly to the server, make sure the private machines have default gateways setup. If there are routers in between the machines and the server, you'll need to setup a default gateway on the routers as well. The server's default gateway should be the border router/firewall.

The basic issue I observed when I had this issue was that, the computers "knew" how to route traffic to the server because they had a routing table entry that told them how to, but they had no clue how to route traffic anywhere else (that wasn't defined on the routing table) because they didn't know where to send the traffic to.
The administrator has disabled public write access.

Re: Windows 2003 Server NAT Configuration 8 years 1 month ago #27733

  • derk
  • derk's Avatar
  • Offline
  • Frequent Member
  • Posts: 41
  • Karma: 0
Thanks for the reply guys..

I've been to the link Solo but still I my host can't connect to the internet. I've even deleted my NAT/Basic Firewall and re-installed it again based on that link but to no avail., but to no avail.

By the way, here is the setup to add some ideas

a b c d
HOST
SERVER
DSL

>>interface a : is a private address with gateway and DNS set to interface b

>>interface b : is a private address with no gateway and no DNS

>>interface c : is a public address with gateway set to interface d and with 2 DNS server address

>>interface d : is the DSL router connected to the internet; I can't access/configure this equipment since it's the ISP who does it

>>route print command shows that there is one default route
network destination : 0.0.0.0
netmask : 0.0.0.0
gateway : interface d
interface : interface c
metric : 20

should I add more routes thru "route add" to connect my host to the internet?

am i missing some services here to facilitate host connection?

thanks n pls help
The administrator has disabled public write access.

Re: Windows 2003 Server NAT Configuration 8 years 1 month ago #27734

  • derk
  • derk's Avatar
  • Offline
  • Frequent Member
  • Posts: 41
  • Karma: 0
by the way, my host can ping until interface c.
The administrator has disabled public write access.

Re: Windows 2003 Server NAT Configuration 8 years 1 month ago #27737

  • KiLLaBeE
  • KiLLaBeE's Avatar
  • Offline
  • Expert Member
  • Posts: 466
  • Karma: 0
Remove the default gateways from all the NICs (and let interface d keep its dynamically assigned default gateway). You don't need more than one default gateway -- you'll just present routing problems. Think of it like this: the default gateway is supposed to be the "default" network that a router can send traffic that it doesn't know where else to send. When you define multiple default gateways, you're kinda telling your computer to send the traffic to any of multiple locations.....you're defeating the purpose. You probably also got a message from Windows [that you ignored :-P } when you were adding the default gateways

There shouldn't be a problem with the assignments of IP addresses, except when you added the public IP addresses, Windows probably automatically created routing table entries to those public IP networks. What I *think* will happen when you try to access a website or an Internet resource whose FQDN resolves to an IP address in the network that your public IP address is in, your computer will route the request to "itself" and you won't be able to access the request. As a best practice, use private IP addresses internally, especially since your network is not operating correctly, you want to do things in a "standard" way to simplify the complexity.

There aren't any issues with the DNS server IP address assignments......although it's unnecessary to assign the IP address of another NIC as the DNS server to one NIC. Since the server has the DNS role installed on it, all the NICs will be accessing the same server (and the same resource records) so you can just assign 127.0.0.1 as the DNS server IP address to all the NICs (except interface d, since that one dynamically receives its DNS IP address from the ISP).

Try this out:
Remove the default gateways, leaving interface d untouched, and set the DNS IP addresses appropriately -- if the DNS server is on the local server, put 127.0.0.1 instead of the IP address. Restart the server. When the server comes back up, it'll build itself the routing table again (which will basically mean that it'll know how to route traffic between the different networks that it is a part of. You may want to use the pathping and tracert utilities to determine exactly where traffic is stopping. You mentioned that you can ping up to interface c...that tells me that either the host forwarded the traffic to the wrong place to begin with or interface c doesn't know what to do with the network afterwards.

Another thing, are you statically assigning the IP addresses to the hosts? I'll assume that you're assigning the hosts IP addresses in the same subnet as their respective networks and that their default gateways will be the IP addresses of the NICs of their respective networks.

By the way, how are you trying to ping, by IP address or by name? If DNS isn't setup correctly, you won't be able to ping anything by host name. If you're using Windows Server 2003's DNS role, you'll need to setup a DNS server to forward queries to in case your DNS server can't resolve a name. Also, is this a domain environment or workgroup?


After pondering over these questions, read this:
www.windowsnetworking.com/articles_tutor...-Routing-Tables.html

I had to read it a few times to fully understand routing tables.
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.086 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup