DHCP & Internet Connection Sharing
Hi there,
I am setting up a small network of 3 PC's including the Server. The Server is a Windows 2000 Server machine and is the Domain Controller, DNS Server, DHCP Server and running RRAS. The clients are running Windows 98.
The Server is running DHCP and IP addresses are assigned succesfully to all workstations. Now I want to enable Internet Connection Sharing with the same server acting as the Internet Server, since it has the ISDN modem.
I realise I have 2 options, being LAN-WAN routing and ICS. I have decided for reasons of scale that ICS should be adequate. However in the process of originally trying to go for LAN-WAN routing I deleted the root DNS entry to have DNS requests forwarded to my ISP. Anyway that may not be relevant, although if it is I would like to know how to recreate the root DNS entry.
The nature of ICS is making my server act as a second DHCP Server, in which case my workstations were assigned new IP Addresses in the form of 192.168.0.x. That works fine and the workstations indeed can browse the Internet as a result. However, after rebooting the server and the workstations, the workstations can no longer get authenticated by the Server and report a "No Domain Controller was found" error. If I cancel and then try to browse the Internet with the Server already connected, the workstations can see the Internet fine, but they can't see the Server as such although they can ping it.
I can understand the mixup that is happening by having the DHCP Server and ICS fighting over issuing IP's to the network but this means I have to decide between accessing the Server or the Internet, not both at the same time.
What can I do so that:
1. Workstations can always see the Server and get authenticated at login.
2. Demand-dial works at any point after logging in on the workstation, after which workstations should be able to browse the web without screwing Server access.
I think this is pretty much a standard requirement for a small network so I'm figuring there's something I'm missing.
Thanks in advance.
I am setting up a small network of 3 PC's including the Server. The Server is a Windows 2000 Server machine and is the Domain Controller, DNS Server, DHCP Server and running RRAS. The clients are running Windows 98.
The Server is running DHCP and IP addresses are assigned succesfully to all workstations. Now I want to enable Internet Connection Sharing with the same server acting as the Internet Server, since it has the ISDN modem.
I realise I have 2 options, being LAN-WAN routing and ICS. I have decided for reasons of scale that ICS should be adequate. However in the process of originally trying to go for LAN-WAN routing I deleted the root DNS entry to have DNS requests forwarded to my ISP. Anyway that may not be relevant, although if it is I would like to know how to recreate the root DNS entry.
The nature of ICS is making my server act as a second DHCP Server, in which case my workstations were assigned new IP Addresses in the form of 192.168.0.x. That works fine and the workstations indeed can browse the Internet as a result. However, after rebooting the server and the workstations, the workstations can no longer get authenticated by the Server and report a "No Domain Controller was found" error. If I cancel and then try to browse the Internet with the Server already connected, the workstations can see the Internet fine, but they can't see the Server as such although they can ping it.
I can understand the mixup that is happening by having the DHCP Server and ICS fighting over issuing IP's to the network but this means I have to decide between accessing the Server or the Internet, not both at the same time.
What can I do so that:
1. Workstations can always see the Server and get authenticated at login.
2. Demand-dial works at any point after logging in on the workstation, after which workstations should be able to browse the web without screwing Server access.
I think this is pretty much a standard requirement for a small network so I'm figuring there's something I'm missing.
Thanks in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
AvonWyss
(And RRAS has a nice transparent demand-dial functionality which is better than the autodial ICS provides.)
ASKER
OK how do I enable NAT in RRAS?
ASKER
Although I would prefer having NAT & Routing instead of ICS I am wondering what is wrong with my setup. I agree that NAT would be sleeker but why isn't this working anyway?
ICS has its own DNS and DHCP modules. I suppose that these are interfering with the ones you did set up, or that they are using bas settings (wrong DNS server for instance).
Also only the real DHCP service does register the addresses handed out with DNS automatically; with ICS, this task would have to be done by the clients. Now, since the clients are no longer using the local DNS but rather the ISP DNS servers, the DNS records cannot be registered at all. You should see messages telling you this in the event logs.
Also only the real DHCP service does register the addresses handed out with DNS automatically; with ICS, this task would have to be done by the clients. Now, since the clients are no longer using the local DNS but rather the ISP DNS servers, the DNS records cannot be registered at all. You should see messages telling you this in the event logs.
ASKER
What a mess...
Anyway so how do I "enable NAT" ?
Anyway so how do I "enable NAT" ?
-You enable NAT by opening rras & expanding IP routing.. Right click on general & choose new routing protocol.
-Maybe I mis-read but do I understand correctly that you are not using 2 Nics ? You are using One NIC & one DUN connection ? Or does 2000 see your ISND modem as a network interface ? If so then enable it as the external device. If not you'll have to create a new demand-dial interface for tcp-udp translation & the Nic as the private interface. You'll have to create a static route with a metric of 1 and an all network destination (0.0.0.0 0.0.0.0 DOD_interface).. Open rras & read the help, its all layed out very clearly.. If you want more info ask & Ill tell you.
-Maybe I mis-read but do I understand correctly that you are not using 2 Nics ? You are using One NIC & one DUN connection ? Or does 2000 see your ISND modem as a network interface ? If so then enable it as the external device. If not you'll have to create a new demand-dial interface for tcp-udp translation & the Nic as the private interface. You'll have to create a static route with a metric of 1 and an all network destination (0.0.0.0 0.0.0.0 DOD_interface).. Open rras & read the help, its all layed out very clearly.. If you want more info ask & Ill tell you.
ASKER
That's right. I'm using 1 NIC and 1 ISDN Modem for the outbound Internet calls. I have followed your instructions and installed NAT with 2 interfaces, the NIC for the Private Network and the ISDN Modem for the Public Network and it works fine!
As a sidenote, the documentation says that I shouldn't be running DHCP or DNS if I want to use NAT. I am running DHCP and DNS on the same server that is running the RRAS NAT but it seems to be working fine. Is there a hurdle ahead I may not know of?
As a sidenote, the documentation says that I shouldn't be running DHCP or DNS if I want to use NAT. I am running DHCP and DNS on the same server that is running the RRAS NAT but it seems to be working fine. Is there a hurdle ahead I may not know of?
AFAIK NAT can be enabled to do DHCP allocation. (see properties NAT) in that case you should _not_ use another DHCP service. DHCP allocation is default if you use ICS. That's why it wouldn't work correct in your first set-up. You where not supposed to have other dhcp running.
NAT can also relay DNS queries from clients to the configurd DNS server for router (also default behaviour with ICS) The help you read probably refers to that.
NAT can also relay DNS queries from clients to the configurd DNS server for router (also default behaviour with ICS) The help you read probably refers to that.
ASKER
Yes but my internet connection is not persistent. If I'm not connected to the Internet I need DHCP to allocate addresses to my private network. Surely I can't just throw it out.
Stevennic, that's ok. What MS means is that a DC or DNS server should not be on a non-static address. There is no problem in having all these services on the same computer, but in the case that there is an external connection on a LAN card (which you don't have) the binding for the DHCP server on that interface sould be removed.
TCP/IP has the highest overhead of all roughtable protocals. It is not recommended to use Dynamic ip assignments unless you have a network consisting of more than 10 machines. If you don't see that kind of growth happening. I would use static ip addressing.
Just a recomendation. :)
- Gabe MCSE
Just a recomendation. :)
- Gabe MCSE
stevennic so you did what I said & its working fine... Is this issue resolved ?
-P.s M$ will say you should have at least 2 or 3 servers & distrabute dns, dhcp etc among the different server. They do infact support running everything on one box, but it is not the recommended configuration.
-P.s M$ will say you should have at least 2 or 3 servers & distrabute dns, dhcp etc among the different server. They do infact support running everything on one box, but it is not the recommended configuration.
fibdev, I don't see any rlation between the overhead of TCP/IP and dynamic IP assignments. Plus I don't understand your 10 computer limit to decide whether to use static or dynamic addresses. Actually, having a notebook that I want to plug into opther networks, DHCP is basically the only way to go for me when I don't want to contact the sysadmin of the networks everytime to get an address when I'm roaming - and it also takes the hassle of reconfiguring the machine all the time.
What I do is a combination of IMO the best of both: I have a DHCP server which has IP reservations for the machines which are always online. By this, the client configuration can be left alone, but the machines still are guaranteed to get the same address all the time they're in their home environment. Administration is also easier (only one machine has to be configured to manage all IP addresses), and by the combination of DHCP with automatic DNS registration you get also a reliable name service which does not rely on broadcast packets (for instance, I also connect through VPN's and get a DHCP address of my net even though broadcasts are being filtered out, and the name service still works perfectly).
What I do is a combination of IMO the best of both: I have a DHCP server which has IP reservations for the machines which are always online. By this, the client configuration can be left alone, but the machines still are guaranteed to get the same address all the time they're in their home environment. Administration is also easier (only one machine has to be configured to manage all IP addresses), and by the combination of DHCP with automatic DNS registration you get also a reliable name service which does not rely on broadcast packets (for instance, I also connect through VPN's and get a DHCP address of my net even though broadcasts are being filtered out, and the name service still works perfectly).
Housenet, right, MS recomment to have several DC's and DNS etc.; but if there are a total of "3 PC's including the Server" on the net, I guess there's no point in having more than one machine doing the jobs alltogether.
:-)
:-)
AvonWyss as I said M$ does support configurations with one DC running everything.
ASKER
Thanks for the detailed info AvonWyss! That was the solution that worked for me. Thanks to all for your comments.
I will also be posting Honorable Mention points for Housenet for your contribution and the details of NAT.
I will also be posting Honorable Mention points for Housenet for your contribution and the details of NAT.
Hi,
I had exactly the same problems as Stevennic and spent a long time trying to sort it out - unsuccessfully. Does anyone know if there is a step-by-step guide to setting up the following:-
- one Win 2K Server with two nics
- Cable modem connected to one of the nics
- two Win 2K Pro workstations
- internet connection sharing using RRAS & NAT
- IIS with multiply sites
Also if I had a domain name xxxxx.co.uk and named my server domain xxxxx.co.uk can I point the web fowarding options from my IPS to my server hosting my web app?
Thank you
TDK
I had exactly the same problems as Stevennic and spent a long time trying to sort it out - unsuccessfully. Does anyone know if there is a step-by-step guide to setting up the following:-
- one Win 2K Server with two nics
- Cable modem connected to one of the nics
- two Win 2K Pro workstations
- internet connection sharing using RRAS & NAT
- IIS with multiply sites
Also if I had a domain name xxxxx.co.uk and named my server domain xxxxx.co.uk can I point the web fowarding options from my IPS to my server hosting my web app?
Thank you
TDK
TDK, I don't have or know such a guide, but I di have a similar configuration working just fine here and may be able to help you.
AvonWyss, OK thank you, I will try this tonight.
btw - when I tried to set it up yesterday via the AD Wizard it set my server ip address to 10.10.1.1 then when I tried the routing (rras) wizard I noticed somewhere in the configuration (can't remember where) that it was trying to use 192.168.0.0? Is the latter ip address the type to use for ICS or can it be done just as well with the 10.10.1.1 type?
btw - when I tried to set it up yesterday via the AD Wizard it set my server ip address to 10.10.1.1 then when I tried the routing (rras) wizard I noticed somewhere in the configuration (can't remember where) that it was trying to use 192.168.0.0? Is the latter ip address the type to use for ICS or can it be done just as well with the 10.10.1.1 type?