NAT Problems :(

[-=Woodzy=-]

I know this is a tad long winded sorry

I am having great difficulty in getting something to work and am at my wits
end after several days at it, so am hoping that some of you may be able to
help.

- on a win2k3 server machine I have 2 nics 1 with a pubic IP (203.x.x.x) and
the other on a private range IP (192.168.1.1)

- I have setup DHCP and DNS and enabled "Routing and remote access" using
the wizard to allow "NAT". at this point all works well and a machine on the
private side of the lan can access the Inet and ping both nic IP's etc.
UNTIL.....

- I tried following Mark's Minasi's instructions as per his book (windows
2000 server pages 281-283) with regards to adding a pool of IP's.
the result is supposed to be that I can "map" my public assigned IP's to any
of my chosen private IP's

-
\administrative tools\routing and remote access
-
<server>\IP routing\Nat/basic firewall\<isp connection or
nic>\properties\address pool tab


as soon as the addresses are added and applied the internal machines can no
longer access the Inet or ping the public side nic address.

when the addresses are removed and applied from the box the private machines
are back to normal.

- for further information to help with anyone's diagnoses of my problem.....

Pub IP assigned by ISP (connection)is bridged using modem to nic1
(x.x.131.x)
Pub IP pool (x.x.132.1 - x.x.132.7 mask 255.255.255.248)
Priv IP 192.168.1.1 assigned to nic2
Scope set in DHCP is 192.168.1.1 - 192.168.1.253 with exclusion of
192.168.1.1

NB: I notice that the section seems to be omitted from marks book on 2k3
server and porting seems to be more in favour.

thanx to anyone in advance that may be able to help please don't hesitate to
email me with any q's or advice

Cheers
Woodzy

 

[Sandeep Rikhi [MSFT]]

Woodzy
I tried simulating your scenario in my lab but had no luck in seeing this
issue.

192.168.X.X 203.X.Y.Z
Pvt-Machine1============ NAT =============== Public-Network

So, As per my understanding from your mail, once you reserve one of the
public IP Address (203.P.Q.R) The private machine is not able to communicate
with external world. Can you please check if you have any filter settings.
Can you share "tracert -d" output? That may help investigation further
Do you see any interesting info in netmon captures ?.

Thanks,
--
Sandeep

When replying, please post to GROUP so that everyone can benefit from the
knowledge.

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

 

[-=Woodzy=-]

Thanks to a fine techie, THANKS MATHEW!, at Westnet (Australian ISP) with
the patience to help me with a problem not related to any issue or ISP
related problem.

I found finally that it was an issue where IP forwarding was not enabled by
default KB article 323339.

As soon as this edit was done everything worked perfectly.

I am disappointed to find that I was unable to be pointed to that article
directly from MS until I agreed to part with my $297AU

To my way of thinking, if TCP/IP forwarding is not going to be enabled
automatically and there is no warning that it will need to be corrected when
you enable the NAT setting/s on the Routing and Remote Access interface it
is not a "feature" but a flaw to the end user

I thank you Sandeep for atleast replying to me and taking some of your
valuable time to try and simulate the scenario.

please note though that I could not even get to the point of reservation
prior to enabling the TCP/IP forwarding because as soon as I added the
address range the "private" machine had no to the www and as soon as I
removed the address pool and clicked apply all was right again.............
I spent several days re-installing and un-installing trying to sort this out
and prove that I did something wrong but it seemed to all be righting with
that one little regedit that should have been done when I told the RRAS what
I wanted to do beit though the wizards or manually.

Thanks again Sandeep, I hope that this will help ALL those ppl I found out
there in forums everywhere that had similar problems and couldn't find any
solutions and my credit this time goes with a BIG thanks to MATHEW @ westnet

Cheers
Woodzy