Internal Interface used in NAT - what is it?

[mike.james]

I've set up NAT routing and there is an additional interface called
"Internal"
which gets an IP from the DCHP server.
What is this used for?
I thought that Internal was used by RAS?
mikej

 

[Steven L Umbach]

This is normal when you enable Remote Access. The link below explains
his. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;241398

 

[mike.james]

This is normal when you enable Remote Access. The link below explains
is. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;241398

Thanks for the link but this only makes me more confused.
It says that Internal represents all RAS devices - which is fine but I'm not
wanting to use RAS just a NAT router.
Am I to suppose that NAT routing uses some part of RAS?
mikej

 

[Steven L Umbach]

Yes NAT is part of Remote Access. You need to enable Remote Access to enable
NAT. --- Steve

 

[mike.james]

Yes NAT is part of Remote Access. You need to enable Remote Access to
enable
NAT. --- Steve

Ok so I need it if I'm using NAT - this brings me to the real part of the
question.
The IP address it grabs ends up registered in DNS - ok I managed to stop it
doing this but I can't stop
it from registering in WINS and taking part in broadcast resolution under
NetBIOS.
As the NAT router is also the PDC the result is that we have lost network
browsing.
Its a matter of chance which IP address for the PDC the client gets - if
they get the Internal Interface then they
don't get a browse list.

Any thoughts?
mikej

 

[Steven L Umbach]

I don't know if this will help or not but on your external adapter make sure
file and print sharing, Client for Microsoft Networks, and netbios over
tcp/ip are all disabled and any wins records deleted/tombstoned for that
adapter. Also in network connections go to advanced/advanced settings and
make sure the internal network adapter is at the top of the list. Having a
multihomed domain controller or using a domain controller as a Remote Access
Server is not a good idea and should be avoided if at all possible as
conflicts will arise particularly for the pdc fsmo which also is the domain
master browser. A NAT router device would allow you to eliminate that
problem from your domain controller. --- Steve

http://support.microsoft.com/defaul...port/kb/articles/q135/4/04.asp&NoWebContent=1

 

[mike.james]

--
Please note our change of email address. All addresses of the form
(e-mail address removed) should be changed to (e-mail address removed)

I don't know if this will help or not but on your external adapter make
sure file and print sharing, Client for Microsoft Networks, and netbios
over tcp/ip are all disabled and any wins records deleted/tombstoned for
that adapter.

I've tried this and it doesn't solve the problem

Also in network connections go to advanced/advanced settings and make sure
the internal network adapter is at the top of the list.

Haven't tried this - looking into it now.

Having a multihomed domain controller or using a domain controller as a
Remote Access Server is not a good idea and should be avoided if at all
possible as conflicts will arise particularly for the pdc fsmo which also
is the domain master browser. A NAT router device would allow you to
eliminate that problem from your domain controller. --- Steve

I've heard the advice before but I think its just an admission of falure.
What is says - translated into plain English is - if you have a PDC that is
also acting
as a router then your network browsing will stop working.
A lot of small networks have just a single Win 2003 server that does exactly
both jobs.
As it happens I've got a NAT router in a box ready for when I give up trying
to get Win 2003 to do a job
it should be capable of :-(

Thanks for the advice though - I'll let you (and the group know) if I manage
to get it work.
mikej

 

[mike.james]

Haven't tried this - looking into it now.

It doesn't solve the problem.
The internal IP address slowly but surely adds itself to the WINS
registrations for the PDC and associated entries.
As long as it isn't registered domain browsing works fine.
I've even thought of writing a script to delete it from the WINS server ever
few minutes - this wouldn't stop it from joining in broadcast resolution but
it would make everything work most of the time.

This is a very silly "feature" of Windows 2000/2003 - is there really no
better solution than "don't do it".
mikej

 

[Steven L Umbach]

The following link may be helpful if it your domain controller is also a
wins server. It does not specifically mention NAT but it does show a
registry entry that may help. Another option may be to disable the computer
browser service on your domain controller and then another server or
computer in the network would pick up that role. If you do such try to find
a computer that will be on all the time and give it priority to be a master
browser, otherwise you could end up with frequent browser elections. ---
Steve

http://support.microsoft.com/kb/q292822/
http://www.windowsnetworking.com/kb...istryTips/Network/PreferredMasterBrowser.html
--- how to configure preferred master browser.

 

[mike.james]

--
Please note our change of email address. All addresses of the form
(e-mail address removed) should be changed to (e-mail address removed)

The following link may be helpful if it your domain controller is also a
wins server. It does not specifically mention NAT but it does show a
registry entry that may help. Another option may be to disable the
computer browser service on your domain controller and then another server
or computer in the network would pick up that role. If you do such try to
find a computer that will be on all the time and give it priority to be a
master browser, otherwise you could end up with frequent browser
elections. --- Steve

I think I've finally solved the problem - but there might be undesirable
effects so tell me if you think there is a problem.

All I did, and why I didn't try this sooner I have no idea, is to add a
static record for the PDC and one for the Workgroup with the single valid
IP. The WINS server then created a couple of more static records that I
didn't ask it to using the same IP. Since then the IP associated with the
internal interface hasn't appeared. Its now 24 hours and everything seems to
be working fine.

Clearly the rule about replication not over writing a static by a dynamic
WINS record applies to registration.

I know that static records in WINS can be a problem but given that the PDC
has to have a fixed IP (the only machine in the network that does) then I
can't see any problem with assigning it a static WINS record is any more of
a problem than manually creating a DNS record for it (say).


Any references to the use of static WINS records that might help me see what
is happening more clearly?

mikej

 

[Steven L Umbach]

If that works then I would not worry about it as long as using static IP
address. I thought that those records had existed all along and that the
"internal" adapter was adding additional records causing the problem. ---
Steve

 

[mike.james]

--
Please note our change of email address. All addresses of the form
(e-mail address removed) should be changed to (e-mail address removed)

If that works then I would not worry about it as long as using static IP
address. I thought that those records had existed all along and that the
"internal" adapter was adding additional records causing the problem. ---
Steve

Those records had indeed existed all along but as dynamic records.
The internal adaptor was able to add its IP address to the records for the
PDC so making it "multi-homed" and causing all the problems.
As WINS doesn't seem to change static records with a single correct IP
address in this seems to solve the problem.

Its two days since I made the change and the WINS directory seems to be fine
with no sign of the internal adaptor's IP and network browsing has been
stable for that time.
If it really is this easy I can't understand why the KB doesn't have it as a
simple fix instead of all the dire warnings about "don't do it".
mikej