natting in win2000

[Guest]

domain controller: Win2000 Server IP Address: 10.30.7.100 with
active directory ,no dhcp used for client,on dns forwarder has set up for
dns of isp


seperate rras server configuration:

lan card1-configured as per isp setting
ISP IP Address: 203.239.33.100 255.255.255.248
ISP Default Gateway: 203.239.33.101
dns-as per isp details given
lan card2-configured for local lan setting
ip add-10.30.7.1 255.0.0.0
gateway-203.239.33.100
dns -localdns ip +isp dns entry
ip forwarding enable from registry


for all client with static ip range 10.30.7.102-10.30.7.117
gateway for client given as 10.30.7.1

i was trying by adding static route by installing RRas service,also tried
natting
but not successful
i want to make machine as gateway also enable nattinng
How can my client access internet through gateway?
i don,t know how to do that with natting
Hope you can help me with this.i am new user
Thank you very much.

 

[Bill Grant]

Running RRAS/NAT on a domain controller is not a good idea. It can cause
all sorts of problems. The normal operation of NAT is to use the NAT router
as its own DHCP-type allocator and to use the NAT router as a DNS relay.
This won't work with Active Directory. With AD, the clients must use the
local DNS server. So you cannot use the allocator built into NAT, because it
will give the clients the wrong DNS address.

So you must remove ALL references to the ISP's DNS service from your
server NICs. The server NIC should only know about the local DNS service.
This local DNS server can handle all requests after you have set up the
forwarding. (In other words, the NAT server uses the local DNS server, just
like the LAN clients do, to access the Internet). The server public
interface should have a default route out to the Internet and the private
interface default gateway setting should be blank.

If you are not running DHCP, you will need to configure each client
manually. The client should use the server's private IP address as both the
default gateway and the DNS server address. Or you can configure DHCP to do
this for you. You just cannot use the allocator built into NAT.

So your setup should look like this.

Internet
|
203.239.33.100 dg 203.239.33.101
server
10.30.7.1 dg blank
|
workstations
10.x.x.x dg 10.30.7.1

Enable NAT in RRAS, but do not give it any addresses to allocate to
clients (as it may hand out wrong DNS addresses. It should not hand out
wrong IP addresses if you have removed the ISP DNS addresses from your
public NIC).

 

[Guest]

i am not installing RRas on domain controller ,


it is seperate machine with win2000adv memberserver with two lan card
0ne lan card configured with public ip (203.239.33.100 )and another lan
card configured for private ip(10.30.7.X)
problem is these two lan card are not communicating with each other and so
traffic is not routing from private network to public network,
how these two lan card will communicate with each other.

my domain controller using local dns service but not dhcp service because
for every client i have given static ip (10.30.7.X). i want every client and
also my domain controller should routed through my seperate RAs member
server

help me

 

[Bill Grant]

If you are not using DHCP, you will need to make sure that the clients
have the correct DNS and default gateway settings. So each client (including
your domain controller) should be set up to use the NAT router as its
default gateway. And each LAN machine should be configured to use your local
DNS server.

As long as DNS and the default gateway settings are correct on the LAN
machines, they should be able to use the NAT router.

Have you removed all DNS entries from the RRAS server (except for your
local DNS server)? Is the only default route of the RRAS server out to the
Internet from the external NIC?

Can you do an nslookup for an Internet name from a LAN machine? If not,
what sort or error do you get?

What happens if you try to contact an external Internet site? Are there
any messages in the event log?

 

[Guest]

hi
thanks for your help,natting is working fine
some problem was in configuration ,but you done great job