Solved

Windows Server 2003 + NAT + DSL - ought to be easy

Posted on 2008-10-15
9
935 Views
Last Modified: 2012-05-05
This one should be easy for anyone who knows what they're doing :)

I have a machine running Windows Server 2003, which I want to be my router/dhcp server/wins server for my small network. My internet is provided by Primus Canada, which is a high speed DSL provider. The little modem that came with my internet is configured in "bridge" mode. My internet uses dynamic IPs, and dynamic DNS server IP's.

My Server is already the DHCP server and WINS server and the LAN is working perfectly. All computers can talk to each other, as well as the server.

There are two NICs in the server. One connects to my switch on the lan side (call it the LAN NIC), the other goes to the primus modem (call it the WAN NIC). The LAN NIC has a static IP, the WAN NIC has an automatic IP.

Then I added an "Internet Connection" via Add New Connection Wizard, configured it for PPPoE to connect to the internet. It connects fine.

Then I configured Routing + Remote Access, setting it up as a "NAT/VPN", and selecting the WAN NIC as the network device that has the internet. Turned it on, everything seems fine. The DHCP server is allocating IP's in preparation for VPN clients just fine.

My SERVER has the internet now, and does all the LAN based routing for my entire network just fine.

PROBLEMS:
    1) The "WAN NIC" never gets an IP. Even though the internet works. Always says "Limited or no connectivity". See the code snippet, you'll see the IP is the default invalid one.

    2) Client's cannot connect to the internet. Probably because the "WAN NIC" isn't actually connected to anything, and I don't know why. Something wrong with my Routing + Remote Access settings?

    3) Primus provides two DNS servers. You can see them in the code snippet under "PPP adapter", but how do I configure DHCP to use those addresses?

IPCONFIG /ALL
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : quasimodo
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
 
Ethernet adapter LAN NIC 100mbps:
 
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : SOHOware 10/100 PCI Network Adapter
   Physical Address. . . . . . . . . : 00-80-C6-EB-CD-2E
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.200
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   Primary WINS Server . . . . . . . : 192.168.1.200
 
Ethernet adapter WAN NIC 10mbps:
 
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel 21041-Based PCI Ethernet Adapter (
eneric) #2
   Physical Address. . . . . . . . . : 00-E0-29-25-75-A9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Autoconfiguration IP Address. . . : 169.254.242.156
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
 
PPP adapter Primus High Speed Internet:
 
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 202.102.35.161
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 216.254.141.13
                                       209.90.160.220
   NetBIOS over Tcpip. . . . . . . . : Disabled

Open in new window

0
Comment
Question by:Frosty555
  • 5
  • 3
9 Comments
 
LVL 8

Assisted Solution

by:MrJemson
MrJemson earned 200 total points
ID: 22728334
1) The WAN NIC doesn't need an IP. You can set a static (private) IP on it Ie. 10.0.0.1 if the limited or no connectivity message annoys you. It just needs to be plugged in to the bridge for the sake of the PPP tunnel.

2) What is the default gateway your clients are provided by DHCP?

3) You can specify this in your DHCP options. The other alternative is to setup DNS on your server, and add these to the forward lookup zone.
0
 
LVL 13

Assisted Solution

by:kdearing
kdearing earned 300 total points
ID: 22728377
Is the server running SBS?
Because it's REALLY not a good idea to have a public IP address on your server unless you're running ISA or something similar.
0
 
LVL 31

Author Comment

by:Frosty555
ID: 22731756
My DHCP server is sending 192.168.1.200 as the default gateway. This is the IP of the server. I can verify that this is going out to the client machines properly.

KDearing: I need to host a website using IIS on the server. My modem's built in DHCP server is pathetic, you can't even change the DHCP's IP range. If you think I should put ISA on the computer, I can do that so long as you help me configure it :)

I tried hard coding the DNS servers into my DHCP server (e.g. I set the scope option so that DNS servers are 216.254.141.13 and 209.90.160.220. I even tried just setting up a static DNS on the client. Still no internet.

What else should I try? Or what other info do you guys need?

0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 31

Accepted Solution

by:
Frosty555 earned 0 total points
ID: 22733716
Figured it out guys.

1) You don't create a new internet connection from Control Panel->Network Connections. That applies only to the server, RRAS knows nothing about it.

If you want RRAS to use PPPoE as it's connection to the internet, you have to setup a demand-dial interface. This option was NOT provided in the config wizard to me, because I selected "VPN/NAT", and not just "NAT". When I reconfigured it using just NAT, it gave me the option.

2) When I configured demand-dial, I had to go into the security tab and select "Allow unsecured password". My ISP doesn't support that, and by default it is set to "Require secure password"

3) MrJemson, like you said, the WAN connection need only have some static IP set, and only if the "limited or no connectivity" icon bothers me. Which it does. So I changed that.
Instead, you setup RRAS to use Demand-Dial

4) The NAT settings in RRAS deployed the DNS servers for me automatically. I didn't need to specify them. They get set for me on the client computers without any intervention on my part. Yay!

Attached are some pictures, for anyone else who visits this thread with the same problem.

Looks like it's working!


rras1.jpg
rras2.jpg
rras3.jpg
rras4.jpg
0
 
LVL 31

Author Comment

by:Frosty555
ID: 22733770
KDearing, you expressed concern about exposing the computer to the internet like this.

I have configured the basic firewall, currently it doesn't let ANYTHING through. I have successfully tested that my server's FTP server, IIS (web server), filesharing, and remote desktop are not accessible from other computers on the internet, even though those services are enabled and accessible on my LAN.  Is there anything further I should be concerned about?
0
 
LVL 13

Assisted Solution

by:kdearing
kdearing earned 300 total points
ID: 22734115
I would prefer something other than Windows Firewall, but maybe that's just me.

One other thing...DNS

If your server is a Domain Controller, then you'll need to re-configure your DNS.
On the DC server -
  DNS forwarders set to ISP's DNS
  All NICs configured for itself, 192.168.1.200
  DHCP configured for DC as DNS only
0
 
LVL 31

Author Comment

by:Frosty555
ID: 22734753
I take back point (4) on my comment #22733716. My DHCP server had the dns settings hardcoded in. NAT doesn't do anything related to relaying dns addresses to clients.

All seems to be well, provided my DHCP server has the dns settings hard coded in. If those dns settings ever change I will have problems until I fix it, though, and that doesn't really go with the set-it-and-forget-it mentality...

I'm actually on a workgroup, but WINS server is handling my computer name resolution. Are you suggesting that Quasimodo (that's the name of my server) be a DNS server as well? Will that cause any slowdowns as far as DNS name resolution for clients on the network goes?

I'm getting my hands on ICA server 2004 now. I'll see what I can do about using it instead of Windows Firewall.
0
 
LVL 13

Expert Comment

by:kdearing
ID: 22735315
If you're not using your server as a Domain Controller, then you're good.
0
 
LVL 31

Author Comment

by:Frosty555
ID: 22737680
Whoops, I already set it up.  But it's working well enough. Oh well.

Thank you for your help, I'm really glad I got this working finally.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Moving your enterprise fax infrastructure from in-house fax machines and servers to the cloud makes sense — from both an efficiency and productivity standpoint. But does migrating to a cloud fax solution mean you will no longer be able to send or re…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question