I'm having a problem with my Windows 2003 Server (NAT Configuration). The host server can connect to the internet but the private machines cannot connect to the internet. The private machines although can ping the internet gateway but still cannot browse the internet nor ping yahoo.
Re: Windows 2003 Server NAT Configuration
9 years 10 months ago #27711
I had to enter routing entries on the server (and the routers) to resolve this when I experienced it.
If you have the primate machines connected directly to the server, make sure the private machines have default gateways setup. If there are routers in between the machines and the server, you'll need to setup a default gateway on the routers as well. The server's default gateway should be the border router/firewall.
The basic issue I observed when I had this issue was that, the computers "knew" how to route traffic to the server because they had a routing table entry that told them how to, but they had no clue how to route traffic anywhere else (that wasn't defined on the routing table) because they didn't know where to send the traffic to.
Re: Windows 2003 Server NAT Configuration
9 years 10 months ago #27733
Remove the default gateways from all the NICs (and let interface d keep its dynamically assigned default gateway). You don't need more than one default gateway -- you'll just present routing problems. Think of it like this: the default gateway is supposed to be the "default" network that a router can send traffic that it doesn't know where else to send. When you define multiple default gateways, you're kinda telling your computer to send the traffic to any of multiple locations.....you're defeating the purpose. You probably also got a message from Windows [that you ignored :-P } when you were adding the default gateways
There shouldn't be a problem with the assignments of IP addresses, except when you added the public IP addresses, Windows probably automatically created routing table entries to those public IP networks. What I *think* will happen when you try to access a website or an Internet resource whose FQDN resolves to an IP address in the network that your public IP address is in, your computer will route the request to "itself" and you won't be able to access the request. As a best practice, use private IP addresses internally, especially since your network is not operating correctly, you want to do things in a "standard" way to simplify the complexity.
There aren't any issues with the DNS server IP address assignments......although it's unnecessary to assign the IP address of another NIC as the DNS server to one NIC. Since the server has the DNS role installed on it, all the NICs will be accessing the same server (and the same resource records) so you can just assign 127.0.0.1 as the DNS server IP address to all the NICs (except interface d, since that one dynamically receives its DNS IP address from the ISP).
Try this out:
Remove the default gateways, leaving interface d untouched, and set the DNS IP addresses appropriately -- if the DNS server is on the local server, put 127.0.0.1 instead of the IP address. Restart the server. When the server comes back up, it'll build itself the routing table again (which will basically mean that it'll know how to route traffic between the different networks that it is a part of. You may want to use the pathping and tracert utilities to determine exactly where traffic is stopping. You mentioned that you can ping up to interface c...that tells me that either the host forwarded the traffic to the wrong place to begin with or interface c doesn't know what to do with the network afterwards.
Another thing, are you statically assigning the IP addresses to the hosts? I'll assume that you're assigning the hosts IP addresses in the same subnet as their respective networks and that their default gateways will be the IP addresses of the NICs of their respective networks.
By the way, how are you trying to ping, by IP address or by name? If DNS isn't setup correctly, you won't be able to ping anything by host name. If you're using Windows Server 2003's DNS role, you'll need to setup a DNS server to forward queries to in case your DNS server can't resolve a name. Also, is this a domain environment or workgroup?