Internet Sharing through NAT

[Guest]

I have a 2003 server which is domain Controller. It has DNS, DHCP and RRAS
enable with NAT. There are two nics installed. one connect to an ADSL modem,
another is connected with a internal laptop. the laptop can ping external IP
but cannot browse internet. How should I do to configure NAT?

External IP: 10.0.0.1
Mask: 255.255.255.0
Gateway: 10.0.0.138

Internal IP: 192.168.1.1
Mask: 255.255.255.0

Laptop: 192.168.1.2
Mask: 255.255.255.0
Gateway: 192.168.1.1

 

[Bill Grant]

Since you are running AD, the problem is probably DNS. If you can ping
an external public IP, NAT is working.

Set the DNS on your server to forward to a public DNS service. Then set
both your server and the client laptop to use 192.168.1.1 for DNS . (The
latter step is required for AD to work properly). Check that it works by
doing an nslookup from the server and the laptop (eg nslookup
www.microsoft.com ).

 

[Guest]

Sorry Bill, maybe i didn't explain clearly, I can ping the ip address of
external nic from the laptop, which mean i can ping 10.0.0.1 from
192.168.1.2, but i can't ping any external public IP.

 

[Bill Grant]

In that case you probably haven't configured NAT correctly. Do you have
the 10.0.0.1 configured as the public interface and 192.168.1.1 configured
as the private interface in NAT?

 

[Guest]

yes, the public interface is 10.0.0.1, and 192.168.1.1 is private interface.

 

[Bill Grant]

That should be all you need. Have you tried a reboot of the server?

 

[Guest]

Yes, I rebooted my server a couple of times. i wonder if i should setup
static route or address pool?

 

[Bill Grant]

The only thing I have seen cause this was a default gateway configured
on the private NIC. Only the public NIC should have a gateway address
configured.

There is really no need for static routes. All that is necessary is that
the client uses the server's private NIC as its default gateway. All
non-local traffic will be sent to the server, and NAT should then take over
and route it to the Internet.

Using an address pool just lets you use automatic IP assignment on the
client. If you only have one or two clients you might as well configure them
manually.

Have you modified DNS to forward to a public DNS? If so, can you resolve
public URLs from the client (using nslookup)?

 

[Guest]

How to forward to a public DNS? I couldn't ping any public IP address from
internal laptop, So i don't think "nslookup" gonna work anyway.

i can ping any public IP address and browse any public websites from my
server2003. my internal laptop can access server2003, it can ping internal
nic(192.168.1.1) also can ping external nic(10.0.0.1). because NAT allow all
internal computers to share one external ip address, I don't know why it
cannot ping any public ip addresses.

 

[Bill Grant]

You configure DNS forwarding in the DNS MMC. Just type the DNS server
address in the box!