Link to home
Start Free TrialLog in
Avatar of wilcosw
wilcoswFlag for South Africa

asked on

Windows Server 2003 acting as a router

I am trying to setup a Windows Server 2003 server to act as a software router.

It has 2 NIC's:
NIC1 is the Private Network, with static IP, and null Gateway.
NIC2 is the Public Network, with static IP, DNS, Gateway etc.
I also runs DNS and DHCP services, along with AD (and aware of all the security issues...)

I have run the RRAS wizard, and selected both private and public interface for NAT, as in http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html
The problem is that only the server is successfully connecting with outside world, while clients cannot access outside addresses.
A ping of external site, by a clients, results in the address being shown of the site, and no reply.
It is as if all incomming connings are blocked, or not correctly routed.

What am I missing here ?
Avatar of dfxdeimos
dfxdeimos
Flag of United States of America image

Uninstall / Disable RRAS.

Follow this article: http://articles.techrepublic.com.com/5100-10878_11-5844624.html

Make sure all clients are pointing towards the LAN NIC for their default gateway.

Make sure that they arepointing toward the LAN NIC for their DNS (on same server, right?).
I am sorry, you don't want just LAN routing. Replace the link I posted above with this one: http://www.windowsnetworking.com/articles_tutorials/Configuring-Windows-Server-2003-act-NAT-router.html

Sorry
Avatar of wilcosw

ASKER

Hi,
All clients are already set up to point their default gateway and DNS to the ip of the LAN NIC.
And I have used the Wizard as explained in your post to configure the NAT.
Anything else I can have a look at?
So if you go to a client, open a cmd prompt, and type "ping google.com" it doesn't come back with an IP address for your query? This would indicate that something is amiss besides your RRAS configuration.

Could you take a couple of screen shots of your RRAS console in the NAT and Routing Menu and post them up?

Avatar of wilcosw

ASKER

Hi,
All clients and server is able to resolve external addresses.
Attached is some images.
RRAS.zip
Have you disabled the firewall on the Private Interface?

Can your clients on the inside ping the OUTISDE interface?

Can you list your Static Routes?

Have you enabled RIP on any of the interfaces?

Try disabling both firewalls for now.
Avatar of wilcosw

ASKER

No firewalls are on, as firewalling is turned of as a service, when NAT is turned on.
How do I view the static routes ? (Under static routes, tere is none present ?)
I did not specifilly enable the RIP protococl, how do I check ?
I think we have found your problem. You need routes in order for the traffic to pass from one interface to the next and on to the internet.

You can expand IP Routing, right click on General and select new Protocol. Then choose RIP v2 in there. It may take several minutes to update the routing information.
Avatar of Lee W, MVP
I set this up all the time - I have two systems in my office that act as routers and I have 4 clients that do the same thing.  I have NEVER set up RIP.

I usually name the connections "WAN" as in Wide Area Network and "LAN" as in local network.  Would be helpful if you can post the properties of the WAN and LAN connection (the properties from a right-click/properties when you are in the NAT section).

You should have "Enable NAT on this interface" checked on the "Public" or "WAN" connection

In addition, I'm a little confused by why your public and private addresses are virtually identical... You appear to have them on the same network... Public is 10.50.136.5/255.255.255.224 and your private is 10.50.136.6/255.255.255.224 - both these addresses are private (non-routable) IPs... so IF this is actually correct and your ISP is providing a 10.x.x.x address, then you are doing DOUBLE NAT here.
Avatar of wilcosw

ASKER

Thanks I'll have a look at the RIP, what does the settings need to be for the RIP?

The reason why the IP's are all within the same range is because we tested to see if IP range can have an invleunce on the routing. They are all publically routables ip's as provided by our SP.
Normally the local network range will be in the range 192.169.0.x, with the statis local ip of 192.168.0.3.
RIP is an alternative to setting up static routes.

The fact that you have IPs on the same subnet on both interfaces (as leew pointed out) could be causing the router confusion. I would remedy this before you move forward.
AND I've never had to set static routes.  

Set your Public IP in the correct range and set the private IPs in the correct ranges.  Then post the screen shots I requested.
Avatar of wilcosw

ASKER

Hi,
I changed the internal nic to static 192.168.10.3, with DHPC range 192.168.10.x.
Public NIC is still the same, only now the DNS shows to the new internal address 192.168.10.3.

Firewall is off on private interface.
Clients can ping outside interface successfully.
No static routes are defined(yet ?)
No RIP enabled (yet)
All Firewalling is of.
No filters are defined.

DHCP Router(Option3) set to 192.168.10.3
DHCP DNS Server(Option6) set to 192.168.10.3

DNS Interfaces set to 'ALL'
DNS Forwarders set to ISP DNS1 and DNS2

Clients are unable to ping ISP DNS1 and DNS2, although server can.

Should we have a look at RIP2 then and what do the settings need to be.
Images attached.






NAt2.zip
Avatar of wilcosw

ASKER

Here is my mapping using 'route print':

Mappings.JPG
You don't have to use NAT. You can, but I see little advantage here.
Because the WAN adapter is a private address I assume it is behind a router, or combined modem/router device. If so it can be assigned a DHCP address by that device, or use a static address. It must have a default gateway. DNS on the WAN adpter is optional, but should point to the LAN adpter's IP if any. ISP's DNS should only be added as a forwarder.

The server's LAN NIC should be static, point to itself ONLY for DNS, and have no gateway.

The client machines should point to the server's LAN NIC for their gateway and DNS (ONLY), and of course be in the same subnet as the LAN adppter.

Enable RRAS and all you need is LAN routing enabled. Static routes or RIP are only needed for subnets with which the server is not familiar (not connected to) and are not to be sent to the default gateway. As a result you need neither.

If you have DNS issues make sure in the DNS management console that DNS is "listening" on the LAN adpter.
Avatar of wilcosw

ASKER

Thanks for the response,
All information as layed out above, is true, and setup as you stated.
They only reason why we are using a static IP on the public side, is because it was given to us by the ISP, it can however also be set to dhcp, but will still receive the same address, as it is linked to our MAC-address.
The public nic does have a default gateway, and dns points to the internal dns.
Clients point to lan nic and dns, and is on the same subnet.
No static routes are assigned, and lan routing is enabled.

DNS is listening to both internal and external LAN, might this be an issue ?
>>"DNS is listening to both internal and external LAN, might this be an issue ?"
Should be just the LAN, though I doubt it is related to your problem.

Did you remove NAT?

Can a client machine access a web page using the IP such as Google:
http://64.233.187.99/
Avatar of wilcosw

ASKER

NAT is still active.
Client machines cannot access any IP directly, except for the private IP on NIC.
Have you tried removing NAT? It shouldn't be necessary.
ASKER CERTIFIED SOLUTION
Avatar of wilcosw
wilcosw
Flag of South Africa image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
There shouldn't be any problem running all of those services on the same box, except you cannot use a DHCP relay agent. However, glad to hear you have resolved.