[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 441
  • Last Modified:

Can't access internet from RRAS client on local network

Hi
I Can't access the internet from any client on local network.
I can access / browse from the server.
2 Nic's on server running RRAS: 1 Internal 10.10.1.2; One external connected to a Zylex router which I cannot interfere with. Client's are set up via DHCP to use 10.10.1.2 as defalut route.
External NIC on server uses the IP address of the Zylex router.
I have NAT and basic firewall setup on External NIC.

Is there any reason I can connect to NET via server and not from local clients?
Also I can ping external IP from client machines?

Many thanks
Marty
0
martinmcsharry
Asked:
martinmcsharry
  • 5
  • 5
1 Solution
 
JFrederick29Commented:
If you can ping external IP's, check to make sure the clients have proper DNS settings.  What DNS servers are the clients using?  If pointed to the server, is it running DNS? have forwarders to your ISP's DNS servers?

Does this work from a client web browser?

http://74.125.95.147

Do you get Google's page?
0
 
martinmcsharryAuthor Commented:
Yes DNS is fine as i'm pinging the DNS name, e.g. microsoft.com and it resolves the IP address.
I can even browse my server via its UNC address, \\server but cant access it via HTTP.

DNS and DHCP are running on the server and the local client is pointing towards them. I'm not using DHCP within RRAS.
The correct forwarder is in place in the DNS server.
0
 
JFrederick29Commented:
So you can resolve the DNS hostname but can't HTTP to it, right?  Can you ping it?  What does a tracert to the IP of microsoft.com look like?  Is the Firewall on the RRAS server blocking anything?  You are sure it is NAT'ing the LAN traffic?
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
martinmcsharryAuthor Commented:
Thanks

It now won't resolve DNS from client even though it is pointing at the server's DNS server 10.10.1.2.
i.e. [tracert microsoft.com
Unable to resolve target system name microsoft.com.]

When I ping [server1] it resolves the external NIC xxx.159.81.253 and  not 10.10.1.2.  Is thisa significant?

How can i test if it is NAT'ing the LAN traffic?

I've attached some more info:

Many thanks
CLIENT NIC
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : perfectum.local
   Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controll
r
   Physical Address. . . . . . . . . : 00-15-C5-3A-FC-E9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.10.1.11(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 03 November 2008 19:32:44
   Lease Expires . . . . . . . . . . : 13 November 2008 11:19:45
   Default Gateway . . . . . . . . . : 10.10.1.2
   DHCP Server . . . . . . . . . . . : 10.10.1.2
   DNS Servers . . . . . . . . . . . : 10.10.1.2
   Primary WINS Server . . . . . . . : 10.10.1.2
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
SERVER NIC 1
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #2
   Physical Address. . . . . . . . . : 00-1E-C9-46-9E-ED
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.10.1.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 10.10.1.2
 
SERVER NIC 2
 
Ethernet adapter Internet:
 
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-10-18-32-0F-28
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : xxx.159.81.253
   Subnet Mask . . . . . . . . . . . : 255.255.255.248
   Default Gateway . . . . . . . . . : xxx.159.81.249
                                       xxx.159.81.249
   DNS Servers . . . . . . . . . . . : xxx.159.13.49
                                       xxx.159.13.50
 
TRACE from local client
Tracing route to 74.125.95.147 over a maximum of 30 hops
 
  1    <1 ms    <1 ms    <1 ms  SERVER1 [10.10.1.2]
  2     1 ms    <1 ms    <1 ms  xxx.159.81.249 (my router)
  3    23 ms    27 ms    29 ms  195.166.128.53
  4    23 ms    23 ms    23 ms  84.92.3.93
  5    23 ms    23 ms    23 ms  212.159.1.106
  6    23 ms    23 ms    23 ms  195.66.224.125
  7    23 ms    23 ms    24 ms  72.14.239.90
  8    96 ms    92 ms    91 ms  72.14.236.216
  9   118 ms   117 ms   118 ms  216.239.46.48
 10   127 ms   125 ms   200 ms  72.14.232.141
 11   125 ms   132 ms   128 ms  209.85.241.27
 12   140 ms   128 ms   138 ms  209.85.240.45
 13   127 ms   126 ms   128 ms  74.125.95.147
 
Trace complete.
 
ROUTE TABLe from Client
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0        10.10.1.2       10.10.1.11     10
        10.10.1.0    255.255.255.0         On-link        10.10.1.11    266
       10.10.1.11  255.255.255.255         On-link        10.10.1.11    266
      10.10.1.255  255.255.255.255         On-link        10.10.1.11    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link        10.10.1.11    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link        10.10.1.11    266
===========================================================================
Persistent Routes:
  None

Open in new window

0
 
JFrederick29Commented:
Okay, so the tracert from the client is reaching the destination on the Internet (Google).  This means that NAT and routing are working fine and most likely DNS is the culprit.  Is the server running a DNS server?  If so, change the servers external NIC's DNS settings to only point to itself.  Make sure in the DNS server settings, you have forwarders setup and pointing to xxx.159.13.49 and xxx.159.13.50.  If the server is not running DNS, be sure to distribute xxx.159.13.49 and xxx.159.13.50 to your clients via DHCP for DNS.
0
 
martinmcsharryAuthor Commented:
Thanks, but still the same.
What should the Default Gateway of the internal and external NIC's be on the server?
Should the DNS server listen on both NIC's

http://74.125.95.147/ still doesn't work on the client machine (does this mean that it may not purely be a DNS issue?)
Thanks again
0
 
JFrederick29Commented:
Hmm, yeah if you can't browse by IP address something else is going on like ICMP is allowed but HTTP is not.  As far as the NAT configuration on the server, are you doing PAT?  There should be no default gateway on the internal NIC and only a default gateway on the external NIC via the router.  Your NIC's look fine on the server.  The DNS server only needs to listen on the internal NIC.  Do you have any Firewall rules on the server?  Can you temporarily disable the Firewall until you get it working.
0
 
martinmcsharryAuthor Commented:
The only filewall I'm using is RRAS Basic Firewall and I haven't changed it from the default setup.
It can't be a firewall issue beyond my external NIC as the seerver can browse without a problem.
I think you're right. Somehow TCP traffice is hampered between the client and the server.
Windows firewall is off on both the client and  the server??

Is there any log I can check of the client or server that might help find the problem?

Thanks
0
 
martinmcsharryAuthor Commented:
What is PAT?
0
 
JFrederick29Commented:
Port Address Translation or Many to one NAT.  I'm not sure how it is phrased in RRAS (sorry).  It looks to me like routing and NAT is working since you can tracert to the Internet from the client.  In RRAS, under NAT/Basic Firewall, do you have any outbound filters configured?  On one of the client PC's, open a command prompt and try this:

telnet 74.125.95.147 80

Do you get a connection timed out message or a blank screen?

From the server, if you browse to http://whatismyip.com do you see the external NIC IP on the server or the router IP?

Can you post a "route print" from the server.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now