Solved

cannot Coonect to internet while trying to configure Nat on win 2003

Posted on 2009-04-01
12
208 Views
Last Modified: 2012-05-06
I am turning my win 2003 into a router via routing and remote access services.  I have configured everything per the instructions off of the micro soft site. ONe nic card configured with ISP  IP info and the other with my local netwrok info.Niether the machine that is the router nor the rest of my network can connect to the internet.

When opening services for people to use do I do that on the card that accesses the internet or card that access the local network ?
In opening services for everyone to use it asks for an IP address for the packets to go to.  I assume this is the cmp[uter that is the router?

Do I need to bridge the two network cards?
Do I need to provide any IP pooling or WAN info from my ISP provider.?
0
Comment
Question by:Longstreet_1861
  • 6
  • 4
  • 2
12 Comments
 
LVL 14

Accepted Solution

by:
theras2000 earned 500 total points
Comment Utility
Dude, that's very broad and you've missed a lot of necessary info.
(a) You seem to be quoting the MS guide that you're following, so how about providing a link to your document.
(b) You said you put the ISP's Ip on your external NIC, but how?  Does your ISP plug directly into the LAN port?  Surely you have another device inbetween.
(c) What are these services that you're talking about? e.g. are you hosting a web server on a computer behind the RRAS server?
(d) You may as well give us some computer names and IP addresses of your NICs, to help with the communication.
(e) What exactly have you done to setup the RRAS server?

My only suggestion thus far is to make sure your RRAS server's default gateway is set on the external NIC and pointing to the router/ISP.  Then make sure your workstations' gateways are pointing to the RRAS server's internal NIC.  For any other advice, you'll have to provide more info.
0
 

Author Comment

by:Longstreet_1861
Comment Utility
I am coming straight off the ISP modem  tHIS ONE OF the linkis  http://support.microsoft.com/kb/816581 This win box is becoming my router for the short term. Used I followed the install wizard for Win 2003 routing and remote access and created created a NAt to connect to a public network.
external nic card IP address is 70.92.192.209
                                SUBNET    255.255.255.252
                                DEFAULT  90.92.192.210
                                 DNS 68.87.68.162
Internal IP  192.168.1.2
subnet       255.255.255.0
no default
ponts to IS DNS

My moden ip 10.1.10.1
0
 
LVL 14

Expert Comment

by:theras2000
Comment Utility
OK, well we can ignore the NAT for the moment (which should be easy anyway).
If your modem is IP 10.1.10.1, it sounds like it is a router.  That means it is already doing the NAT for you.  Do you want to have the router adn your RRAS server doing NAT, or just one of them?
There's 3 ways to do this.
(1) Double-NAT.  Leave your modem as a router, make your RRAS external IP 10.1.10.2 with gateway 10.1.10.1, and then go into the router config page to forward the service ports back to the RRAS 10.1.10.2.  On the RRAS NAT, forward the service ports back to the web/server or computers that are providing the services.
(2) Router NAT only.  Leave your modem as a router, disable RRAS, let the LAN connect directly to the router, forward the service ports in the router back to the workstations you want.
(3) RRAS NAT only.  Set your RRAS server to IP 10.1.10.2 so that you can access the router config page and change the router to bridged mode.  Now you can set the RRAS server back to the public IP detaiils you listed above.  Forward the ports on the NAT back to the correct workstations.

Your workstations will need a default gateway.  Make it the RRAS internal IP for option 1 & 3.  Make it 10.1.10.1 for option 2.
Is this making sense?
0
 
LVL 14

Expert Comment

by:theras2000
Comment Utility
Sorry I missed my first bit.  I was going to say ignore the NAT part and the port forwarding part for the moment, just work on getting an internet connection to the RRAS server.  To do this, you need to config the external NIC as in option 3 and then test the connection.  Ping the modem, ping the IPS gateway, ping google etc.  Then you can decide if you want the modem/router to be a router or a bridge.
0
 

Author Comment

by:Longstreet_1861
Comment Utility
I have access the the ISP modem and all router services are turned off so I am going to go with option 3.  I understand most of it. I  have access to the ISP router and I do not see bridge option on the router. What would that look like, I have not doen that before..  Thanks
0
 

Author Comment

by:Longstreet_1861
Comment Utility
Would bridging be the same thing as creating a static route .  
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 14

Expert Comment

by:theras2000
Comment Utility
No a static route is different altogether.
Umm the only other word I could think of for bridging is perhaps transparent.  If you tell me your router model I'll find a user guide and point you to the right page/menu.
Can you see like a status page that tells you the WAN IP of the router?  I'm just curious if it has one or not.  If you're not in bridged mode yet, it should be the same public IP that you mentioned.  Although turning off routing features should mean you are in bridged mode already.

There's one other thing that concerns me.  It could be a security risk posting your actual IP settings, like you did.  I'm sorry I didn't mention it, but generally on these posts you'd give fake details.  Perhaps you could press the Request Attention button and ask a moderator to edit the settings for you.  You could even specify some fake ones of your own choosing.
0
 

Author Comment

by:Longstreet_1861
Comment Utility
the wan address of our is our static IP which was 70.91.192..209  our router is an SMC8014
0
 
LVL 10

Expert Comment

by:Korbus
Comment Utility
"My moden ip 10.1.10.1"  

But I dont think your modem should not have an IP address, or if it does, it should be the gateway address (10.1.10.1 doesn't match subnets of the other settings you gave.)

If you take a plain old computer(or your server), plug it directly into your DSL modem.
Set the PC's connected nic ip address to 70.92.192.209.
at a command prompt ping the gateway:
 ping 70.92.192.210
*this gateway IP should be the modem or ISP equipment at the far end of your dsl line.  

If this does not work, you should call your ISP and tell them that test does not work.  If your dsl modem need to be reconfigured, they will help you with that.

Are you going to use ISA, what kind of firewall do you have?
0
 
LVL 14

Expert Comment

by:theras2000
Comment Utility
Here's your manual http://www.smc.com/files/AA/MN_SMC8014-BIZ.pdf and it seems you're right, there is no bridging.  I also notice that this is cable, not DSL, and you modem is called a gateway (usually aka router).

It's possible that Korbus is right, but his directions assume that your modem would already be bridged.  I doubt that's the case, because it seems to be a router itself with the public IP on the external side and a 10.x.x.x IP on the private side.

A good test would be this ... Leave the modem on it's normal settings and put the RRAS server's external NIC into DHCP client mode ("automatically assign an IP address" on the TCP/IP settings), and see if it gets a 10.x.x.x IP from the modem.  If it does, you should actually be able to browse the net like that.

So really, we're looking at option 1.  Now all you need to do is set a static IP of 10.x.x.x on the RRAS's external NIC.  Now you need to do the port forwarding on your RRAS and on the SMC modem (see manual p16).
0
 
LVL 14

Expert Comment

by:theras2000
Comment Utility
So ... how'd you go?
0
 
LVL 10

Expert Comment

by:Korbus
Comment Utility
yeah, how'd ya fix it?
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
So, you're experiencing issues on your network and you've decided that you need to perform some tests to determine whether your cabling is good.  You're likely thinking that you may need to spend money which you probably don't have on hiring/purchas…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now