Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Windows Server 2003 + NAT + DSL - ought to be easy

Posted on 2008-10-15
Medium Priority
Last Modified: 2012-05-05
This one should be easy for anyone who knows what they're doing :)

I have a machine running Windows Server 2003, which I want to be my router/dhcp server/wins server for my small network. My internet is provided by Primus Canada, which is a high speed DSL provider. The little modem that came with my internet is configured in "bridge" mode. My internet uses dynamic IPs, and dynamic DNS server IP's.

My Server is already the DHCP server and WINS server and the LAN is working perfectly. All computers can talk to each other, as well as the server.

There are two NICs in the server. One connects to my switch on the lan side (call it the LAN NIC), the other goes to the primus modem (call it the WAN NIC). The LAN NIC has a static IP, the WAN NIC has an automatic IP.

Then I added an "Internet Connection" via Add New Connection Wizard, configured it for PPPoE to connect to the internet. It connects fine.

Then I configured Routing + Remote Access, setting it up as a "NAT/VPN", and selecting the WAN NIC as the network device that has the internet. Turned it on, everything seems fine. The DHCP server is allocating IP's in preparation for VPN clients just fine.

My SERVER has the internet now, and does all the LAN based routing for my entire network just fine.

    1) The "WAN NIC" never gets an IP. Even though the internet works. Always says "Limited or no connectivity". See the code snippet, you'll see the IP is the default invalid one.

    2) Client's cannot connect to the internet. Probably because the "WAN NIC" isn't actually connected to anything, and I don't know why. Something wrong with my Routing + Remote Access settings?

    3) Primus provides two DNS servers. You can see them in the code snippet under "PPP adapter", but how do I configure DHCP to use those addresses?

Windows IP Configuration
   Host Name . . . . . . . . . . . . : quasimodo
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
Ethernet adapter LAN NIC 100mbps:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : SOHOware 10/100 PCI Network Adapter
   Physical Address. . . . . . . . . : 00-80-C6-EB-CD-2E
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . :
   Subnet Mask . . . . . . . . . . . :
   Default Gateway . . . . . . . . . :
   Primary WINS Server . . . . . . . :
Ethernet adapter WAN NIC 10mbps:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel 21041-Based PCI Ethernet Adapter (
eneric) #2
   Physical Address. . . . . . . . . : 00-E0-29-25-75-A9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Autoconfiguration IP Address. . . :
   Subnet Mask . . . . . . . . . . . :
   Default Gateway . . . . . . . . . :
PPP adapter Primus High Speed Internet:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . :
   Subnet Mask . . . . . . . . . . . :
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

Open in new window

Question by:Frosty555
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3

Assisted Solution

MrJemson earned 800 total points
ID: 22728334
1) The WAN NIC doesn't need an IP. You can set a static (private) IP on it Ie. if the limited or no connectivity message annoys you. It just needs to be plugged in to the bridge for the sake of the PPP tunnel.

2) What is the default gateway your clients are provided by DHCP?

3) You can specify this in your DHCP options. The other alternative is to setup DNS on your server, and add these to the forward lookup zone.
LVL 13

Assisted Solution

kdearing earned 1200 total points
ID: 22728377
Is the server running SBS?
Because it's REALLY not a good idea to have a public IP address on your server unless you're running ISA or something similar.
LVL 31

Author Comment

ID: 22731756
My DHCP server is sending as the default gateway. This is the IP of the server. I can verify that this is going out to the client machines properly.

KDearing: I need to host a website using IIS on the server. My modem's built in DHCP server is pathetic, you can't even change the DHCP's IP range. If you think I should put ISA on the computer, I can do that so long as you help me configure it :)

I tried hard coding the DNS servers into my DHCP server (e.g. I set the scope option so that DNS servers are and I even tried just setting up a static DNS on the client. Still no internet.

What else should I try? Or what other info do you guys need?

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

LVL 31

Accepted Solution

Frosty555 earned 0 total points
ID: 22733716
Figured it out guys.

1) You don't create a new internet connection from Control Panel->Network Connections. That applies only to the server, RRAS knows nothing about it.

If you want RRAS to use PPPoE as it's connection to the internet, you have to setup a demand-dial interface. This option was NOT provided in the config wizard to me, because I selected "VPN/NAT", and not just "NAT". When I reconfigured it using just NAT, it gave me the option.

2) When I configured demand-dial, I had to go into the security tab and select "Allow unsecured password". My ISP doesn't support that, and by default it is set to "Require secure password"

3) MrJemson, like you said, the WAN connection need only have some static IP set, and only if the "limited or no connectivity" icon bothers me. Which it does. So I changed that.
Instead, you setup RRAS to use Demand-Dial

4) The NAT settings in RRAS deployed the DNS servers for me automatically. I didn't need to specify them. They get set for me on the client computers without any intervention on my part. Yay!

Attached are some pictures, for anyone else who visits this thread with the same problem.

Looks like it's working!

LVL 31

Author Comment

ID: 22733770
KDearing, you expressed concern about exposing the computer to the internet like this.

I have configured the basic firewall, currently it doesn't let ANYTHING through. I have successfully tested that my server's FTP server, IIS (web server), filesharing, and remote desktop are not accessible from other computers on the internet, even though those services are enabled and accessible on my LAN.  Is there anything further I should be concerned about?
LVL 13

Assisted Solution

kdearing earned 1200 total points
ID: 22734115
I would prefer something other than Windows Firewall, but maybe that's just me.

One other thing...DNS

If your server is a Domain Controller, then you'll need to re-configure your DNS.
On the DC server -
  DNS forwarders set to ISP's DNS
  All NICs configured for itself,
  DHCP configured for DC as DNS only
LVL 31

Author Comment

ID: 22734753
I take back point (4) on my comment #22733716. My DHCP server had the dns settings hardcoded in. NAT doesn't do anything related to relaying dns addresses to clients.

All seems to be well, provided my DHCP server has the dns settings hard coded in. If those dns settings ever change I will have problems until I fix it, though, and that doesn't really go with the set-it-and-forget-it mentality...

I'm actually on a workgroup, but WINS server is handling my computer name resolution. Are you suggesting that Quasimodo (that's the name of my server) be a DNS server as well? Will that cause any slowdowns as far as DNS name resolution for clients on the network goes?

I'm getting my hands on ICA server 2004 now. I'll see what I can do about using it instead of Windows Firewall.
LVL 13

Expert Comment

ID: 22735315
If you're not using your server as a Domain Controller, then you're good.
LVL 31

Author Comment

ID: 22737680
Whoops, I already set it up.  But it's working well enough. Oh well.

Thank you for your help, I'm really glad I got this working finally.

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question