We help IT Professionals succeed at work.

Sharing Internet with RAS client

Kong
Kong asked
on
Medium Priority
406 Views
Last Modified: 2013-12-23
Hi experts,

I have Win 2000 Server using straight ICS with local LAN.
I've set up RRAS for remote dialup connections and I am able to connect to the server and join the LAN, however, I cannot access the internet from the dialup client going through the server.

The server is currently allowing dialup clients to specify their own IPs (since using the default DHCP started by ICS did not specify the correct gateway of 192.168.0.1) so the client is specifying (in their dialup adapter TCP/IP settings):

IP: 192.168.0.X
Net Mask: 255.255.255.0
Gateway: 192.168.0.1

I must have missed one small checkbox somewhere, because I can ping the gateway from the dialup client and access the LAN...

Thanks!
Comment
Watch Question

Commented:
can you tracert past the box to a known ip address such as 208.231.27.26

I would also try using an IP address in the browser address field as it is often easy to get the DNS settings wrong
KongAWS Certified Solutions Architect - Professional
CERTIFIED EXPERT

Author

Commented:
Toby, I can't ping the internet, eg yahoo.com.

Hmmm, I haven't set up the DNS, I thought this would be resolved at the gateway...

Commented:
did you try pinging from both the gateway and client
KongAWS Certified Solutions Architect - Professional
CERTIFIED EXPERT

Author

Commented:
Toby, I can't ping the internet, eg yahoo.com.

Hmmm, I haven't set up the DNS, I thought this would be resolved at the gateway...

KongAWS Certified Solutions Architect - Professional
CERTIFIED EXPERT

Author

Commented:
Sorry for the duplicate...
Yes, pinging from the gateway (my server) works fine.

Commented:
so i presume that you have 192.168.100.1 and the the port number set up as the proxy address in IE?
go to the command line and paste in the results from
route print

for both boxes

KongAWS Certified Solutions Architect - Professional
CERTIFIED EXPERT

Author

Commented:
I can't do that here at the moment, I'll paste it later. btw what's the syntax for tracert?

Thanks again.

Commented:
all you really need to do is

tracert www.domainname.com
or
tracert ip address
to test the issue at hand I would do a simple test with an IP not domain name
KongAWS Certified Solutions Architect - Professional
CERTIFIED EXPERT

Author

Commented:
Thanks tobyk, I'll try it out later and keep you posted.
Sounds like tobyk is on the right track. Id try to ping an ip address outside your network, if this is successful, then try to ping a domain name.  This would clearly indicate a DNS problem.
KongAWS Certified Solutions Architect - Professional
CERTIFIED EXPERT

Author

Commented:
Hi Tobyk,

This is the result of a trace from a LAN client:

E:\>tracert yahoo.com

Tracing route to yahoo.com [216.115.108.245]
over a maximum of 30 hops:

  1   <10 ms   <10 ms   <10 ms  MYSERVER [192.168.0.1]
  2   <10 ms    10 ms    10 ms  10.201.114.1
  3   <10 ms    10 ms    10 ms  r1-pos6-0-0.blktn1.nsw.excitehome.net.au [203.164.3.133]
  4   <10 ms    10 ms    10 ms  c1-pos1-1.rdc1.nsw.excitehome.net.au [203.164.3.21]
  5    10 ms   <10 ms    10 ms  bb2-gige5-0.rdc1.nsw.excitehome.net.au [203.164.3.166]
  6   180 ms   190 ms   190 ms  bb1-pos5-1.sanjs1.ca.excitehome.net.au [203.164.3.61]
  7   180 ms   190 ms   190 ms  bb2-15gigvl10.sanjs1.ca.excitehome.net.au [203.164.2.221]
  8   190 ms   190 ms   190 ms  c2-pos5-2.snjsca1.home.net [24.7.70.233]
  9   230 ms   220 ms   241 ms  pos6-3.core1.SanJose1.Level3.net [209.245.146.129]
 10   220 ms   221 ms   230 ms  gigabitethernet9-0.ipcolo1.SanJose1.Level3.net [64.159.2.35]
 11   230 ms   230 ms   231 ms  cust-int.level3.net [63.209.15.226]
 12   230 ms   241 ms   230 ms  ge-1-0-0.msr1.pao.yahoo.com [216.115.100.142]
 13   221 ms   230 ms   230 ms  vl20.bas1.snv.yahoo.com [216.115.100.225]
 14   230 ms   231 ms   230 ms  img5.yahoo.com [216.115.108.245]

Trace complete.

E:\>
KongAWS Certified Solutions Architect - Professional
CERTIFIED EXPERT

Author

Commented:
This is the output from my server (MYSERVER):

C:\>tracert yahoo.com

Tracing route to yahoo.com [216.115.108.245]
over a maximum of 30 hops:

  1    10 ms    20 ms   <10 ms  10.201.114.1
  2   <10 ms    10 ms    10 ms  r1-pos6-0-0.blktn1.nsw.excitehome.net.au [203.164.3.133]
  3   <10 ms    10 ms    10 ms  c1-pos1-1.rdc1.nsw.excitehome.net.au [203.164.3.21]
  4   <10 ms    10 ms    10 ms  bb2-gige5-0.rdc1.nsw.excitehome.net.au [203.164.3.166]
  5   190 ms   190 ms   181 ms  bb1-pos5-1.sanjs1.ca.excitehome.net.au [203.164.3.61]
  6   190 ms   190 ms   191 ms  bb2-15gigvl10.sanjs1.ca.excitehome.net.au [203.164.2.221]
  7   180 ms   180 ms   191 ms  c2-pos5-2.snjsca1.home.net [24.7.70.233]
  8   230 ms   230 ms   231 ms  pos6-3.core1.SanJose1.Level3.net [209.245.146.129]
  9   220 ms   220 ms   221 ms  gigabitethernet9-0.ipcolo1.SanJose1.Level3.net [64.159.2.35]
 10   230 ms   231 ms   240 ms  cust-int.level3.net [63.209.15.226]
 11   220 ms   241 ms   230 ms  ge-1-0-0.msr1.pao.yahoo.com [216.115.100.142]
 12   230 ms   231 ms   230 ms  vl20.bas1.snv.yahoo.com [216.115.100.225]
 13   231 ms   230 ms   230 ms  img5.yahoo.com [216.115.108.245]

Trace complete.
KongAWS Certified Solutions Architect - Professional
CERTIFIED EXPERT

Author

Commented:
Hmmm, actuall from the dialup client, I can't ping anything after the connection is made...

Ok, I might have to start from scratch again... Do you know where I went wrong?

I can see MYSERVER from the dialup client, but when I try to access it, it prompts for the password for:

\\MYSERVER\\IPC$

Is there a default password for this? I've added a network share on MYSERVER and given the dialup user full access to that share...

Help...

Commented:
Are you really using ICS or the RRAS NAT? The latter does allow what you're trying to do and fully supports everything you will need. ICS, however, was designed as a pretty easy but also not very configurable approach to do internet sharing.
KongAWS Certified Solutions Architect - Professional
CERTIFIED EXPERT

Author

Commented:
Hi Avon, I'm using straight ICS - I know it's very basic, is it possible to share LAN + Internet with dialup user using basic ICS?

Commented:
it is but if you are looking at changing the ip addresses assigned to the local network you will need to use NAT from memory. I would do this as it is very simple to set up
KongAWS Certified Solutions Architect - Professional
CERTIFIED EXPERT

Author

Commented:
Thanks for your comments toby and Avon,

I don't want to change the IPs of the LAN, they're assigned upon connection to the server by the default DHCP service started on the internal LAN NIC (192.168.0.1) when I selected the basic ICS.

I have set up NAT before, but I would rather not make so many changes if it is possible to achieve my goal using basic ICS.

Thanks again guys.

Commented:
sorry just noticed the following comment from you
hence the confusion about the ip thing

>The server is currently allowing dialup clients to >specify their own IPs (since using the default DHCP
>started by ICS did not specify the correct gateway of >192.168.0.1) so the client is specifying (in their
>dialup adapter TCP/IP settings):
>
>IP: 192.168.0.X
>Net Mask: 255.255.255.0
>Gateway: 192.168.0.1

Why in dialup adapter? you would normally connect to the 2000 server using a domain account and using a standard NIC. What type of clients are you using?
If they are nt/win2k paste the results of ipconfig /all into here

If they are 98 i guess you can manually make a list of the settings


KongAWS Certified Solutions Architect - Professional
CERTIFIED EXPERT

Author

Commented:
Hi Toby,

This is a remote client, so connection to the server is through the dialup adapter (added by default when you install a modem).

The client is a Win98 machine.

Ok, it sounds like I've confused you, here's my setup:

WIN2K Server with name: MYSERVER
1 NIC - attached to internet
1 NIC - attached to internal LAN (assigned an IP of 192.168.0.1 by using basic ICS)

Client machines on the internal LAN have IP assigned automatically upon connection to 192.168.0.1

Dialup client machine does not have NIC, only has modem, is able to connect to MYSERVER but after connection is not able to ping the internet nor 192.168.0.1

I just (sounds so easy doesn't it =) need the dialup client to see the internal LAN, and access internet through MYSERVER.

Thanks.

Commented:
what is the ip address assigned to the dial up computer......

you will not be able to route to 192.168.100.1
it is a private ip.....that is the point of it
KongAWS Certified Solutions Architect - Professional
CERTIFIED EXPERT

Author

Commented:
Toby, I wish that was the solution, but the IP address I specified for the dialup computer is 192.168.0.3 and it's not clashing with any other PCs.

Thanks for the prompt replies, it's great!

Commented:
what is the routing table like to for the ICS server.
It won't know where to send packets (you didn't do a tracert from dialup client) it thinks that network 192.168.0.0/24 can be reached through the internal card yet that is not the case with the dialup client so you'd have a routing loop
KongAWS Certified Solutions Architect - Professional
CERTIFIED EXPERT

Author

Commented:
Hi Toby,

tracert from the dialup client shows that the ping times out.

I'm confused about 192.168.0.0/24 - where did you get these IPs from? I don't see it on the routing tables...

The ICS server is MYSERVER, I've pasted the tracert for that, how do I get information on its routing table?

Commented:
>tracert from the dialup client shows that the ping times >out.

at which hop

>I'm confused about 192.168.0.0/24 - where did you get >these IPs from? I don't see it on the routing
>tables...



192.16.0.0 is your network as you told me and a subnet mask of 24 bits is 255.255.0.0

>The ICS server is MYSERVER, I've pasted the tracert for >that, how do I get information on its routing
>table?

goto command line and type:
route print


KongAWS Certified Solutions Architect - Professional
CERTIFIED EXPERT

Author

Commented:
Toby, the tracert from client shows time outs for all hops. I will run the route print command and show you the output when I get home - 5hrs from now. 8-/

Thanks
KongAWS Certified Solutions Architect - Professional
CERTIFIED EXPERT

Author

Commented:
Actually, do you know how I can configure the default DHCP service started by ICS?

Do you think the IP of 192.168.0.1 (on MYSERVER's internal LAN NIC) is the correct gateway address for dialup clients to use since they can go through MYSERVER's NIC that is attached to internet...
KongAWS Certified Solutions Architect - Professional
CERTIFIED EXPERT

Author

Commented:
So really, the gateway for dialup clients to use is the IP address of the NIC going out to the internet... right?

Commented:
you can't configure DHCP with ICS

Commented:
you can't configure DHCP with ICS
KongAWS Certified Solutions Architect - Professional
CERTIFIED EXPERT

Author

Commented:
Really? So the only way is through NAT 8-/
CERTIFIED EXPERT
Top Expert 2007

Commented:


   - The lan NIC will be changed by ICS to IP address 192.168.0.1. It also installs a mini DHCP service.
      Clients then use "dynamic IP" and are assigned 192.168.0.2, etc., with gateway 192.168.0.1.  But you
      can set the client's IP address statically if you prefer. Just remember it's 192.168.0.2 (or higher),
          mask 255.255.255.0 and gateway 192.168.0.1.

The should be NO DNS entry on the Internal LAN NIC , so that it will automatically forward thru ICS.

I hope this helps !
Commented:
you can't configure DHCP with ICS
KongAWS Certified Solutions Architect - Professional
CERTIFIED EXPERT

Author

Commented:
Thanks SysExpert and tobyk,

For dialup clients, should they still use a gateway of 192.168.0.1 - since they're connecting to the dialup adapter on the server side (installed by default when modem is installed), wouldn't you specify either the server's dialup adapter's IP or the NIC connected to the internet as the gateway?

Well my reasoning is this:

Server (MYSERVER):
NIC1 connected to internet with IP 10.201.114.1
NIC2 connected to LAN with defaulted IP 192.168.0.1
dialup adapter IP = (haven't checked)

LAN client (LANCLIENT):
NIC1 connected to LAN with assigned IP and gateway of 192.168.0.1
Internet packets can route to the gateway and then the internet - as shown in the first tracert...

So... to make a guess, I would say that the dialup client would use MYSERVER's dialup adapter's IP address as the gateway to the internet and the internal LAN right?

Commented:
the gateway should be 192.168.0.1
the client should be able to arp and find that interface and it knows how to get to the internet

Commented:
when you are in the routing and remote access console do you see any headings for routing intefaces and ip routing. If so what do they show?

Commented:
make sure that under the routing and remote access console when you look at your server properties under the general tab that both the Remote Access Server and Router boxes are ticked with the LAN and demand dial ticked under Router
KongAWS Certified Solutions Architect - Professional
CERTIFIED EXPERT

Author

Commented:
Sorry guys, I couldn't access EE for a while...

The client is able to dial up the server, but it asks for the DOMAIN along with the username and password. So... doing a little research, I think you need to set up Active Directory and make the W2K server a DOMAIN controller if you are going to use RRAS. What I want is to connect a dialup client to a SERVER in a WORKGROUP. This can be done by just adding an INCOMING CONNECTION under Dialup Networking -> Add New Connection.

Ok, I got this work work and DIALUP clients ARE able to ping BOTH NICs on the server however, they can't access the internet 8-(

Oh, another problem: on the DIALUP clients (win98), it is only able to connect when I only added the modem and no networking clients/protocols. When I add Client for MS Networks and/or File Sharing, I cannot establish a connection with the server giving: Unable to connect to server due to network settings...

Commented:
The DOMAIN should hold the name of the server you're connecting to if you're not in a domain. There is no NEED to make the server a DC, even though this has other advantages for centralized user management.

In order to allow your clients to use the NAT, you have two possibilities:

1. for every client which may connect to the RRAS server, add a Dial-On-Demand interface in the server's RRAS (as if you were to dial TO the Win9x machine). As name for this interface, specify EXACTLY (!) the username that the Win9X machein is going to use during dial-in.

Then add this interface to the NAT as private interface. Note that this implies that you will not have multiple DUN connections which are using the same username simultaneously.

2. Using NETSH, you can add the internal "pseudo-adapter" as private NAT interface, and it will do NAT for any client connecting automatically:

netsh routing ip nat add interface name="Internal" mode=private

(Note thast the interface name may differ if you have a localized Windows version. In the RRAS console, the interface is listed, use the name shown there. After doing this step, close and re-open the RRAS console and go to NAT to look if the interface has properly been added.)

Of course, I assume that the rest of the settings are set correctly (DHCP, DNS, RRAS).
Asta CuTechnical consultant & graphic design
CERTIFIED EXPERT
Top Expert 2004

Commented:
Hopefully you've already been helped with this question, but thought you'd appreciate knowing this.

WindowsUpdate has new updates for .NET users; Details follow - Microsoft .NET Framework
The .NET Framework is a new feature of Windows. Applications built using the .NET Framework are more reliable and secure. You need to install the .NET Framework only if you have software that requires it.

For more information about the .NET Framework, see http://www.microsoft.com/net. (This site is in English.)

System Requirements
The .NET Framework can be installed on the following operating systems:
Windows 98
Windows 98 Second Edition (SE)
Windows Millennium Edition (Windows Me)
Windows NT 4.0® (Workstation or Server) with Service Pack 6.0a
Windows 2000 with the latest service pack installed (Professional, Server, Datacenter Server, or Advanced Server)
Windows XP (Home Edition and Professional)
You must be running Internet Explorer version 5.01 or later for all installations of the .NET Framework.

To install the .NET Framework, your computer must meet or exceed the following software and hardware requirements:

Software requirements for server operating systems:
MDAC 2.6
Hardware requirements:
For computers running only a .NET Framework application, Pentium 90 mHz CPU with 32 MB memory or the minimum CPU and RAM required by the operating system, whichever is higher.
For server operating systems, Pentium 133 mHz CPU with 128 MB memory or the minimum CPU and RAM required by the operating system, whichever is higher.
Recomended software:
MDAC 2.7 is recommended.
Recommended hardware: For computers running only a .NET Framework application, Pentium 90 MHz CPU with 96 MB memory or the minimum CPU and RAM required by the operating system, whichever is higher.
For server operating systems, Pentium 133 MHz CPU with 256 MB memory or the minimum CPU and RAM required by the operating system, whichever is higher.

How to use -> Restart your computer to complete the installation. No other action is required to run .NET Framework applications. If you are developing applications using the .NET Framework, you can use the command-line compilers or you can use a development environment, such as Visual Studio .NET, that supports using the .NET Framework.

How to uninstall
To uninstall the .NET Framework: Click Start, point to Settings, and then click Control Panel (In Windows XP, click Start and then click Control Panel.).
Click Add/Remove Programs.
Click Microsoft .NET Framework (English) v1.0.3705 and then click Change/Remove.
More here  http://www.microsoft.com/net/

The .NET topic is being considered for addition to our All Topics link soon, so this may interest you as well:
http://www.experts-exchange.com/newtopics/Q.20276589.html

EXPERTS POINTS are waiting to be claimed here:  http://www.experts-exchange.com/commspt/Q.20277028.html

":0)
Asta


KongAWS Certified Solutions Architect - Professional
CERTIFIED EXPERT

Author

Commented:
Sorry for neglecting this question all.

Thank you for all your inputs!

You are right tobyk, I will most likely need a more flexible approach - using RRAS.

Cheers,
Kong
Thanks, Kong, for returning and finalizing this.
Moondancer - EE Moderator

Explore More ContentExplore courses, solutions, and other research materials related to this topic.