routing and pinging

[Guest]

In a testing/learning environment, I have the following setup:

NAT router west --- LAN router --- NAT router east --- client east

The routers are standard-issue Win2k3 machines configured as NAT or LAN.

I can ping the external IP address of the "NAT router west" from anywhere
but the "client east."

Can somebody explain, please?

Thank you.

 

[Bill Grant]

Hard to say without details of the default routes set on each device. As
a general rule, default routing fails when you get multiple routers. You
nearly always need a static route on the "outside" routers to get the
traffic for remote subnets heading in the right direction (ie get them to a
router which knows how to handle them).

 

[Guest]

Bill,

Thank you for your reply.

Actually, the problem was caused by a paused virtual machine. Pretty silly,
ain't it?

[1]
I know the virtual pc newsgroup is the right forum to ask, but let me do it
here.

The following setup

NAT router west --- LAN router --- NAT router east --- client east

is a set of virtual machines. The NAT routers have DHCP servers on them.
When I started the "client east" VM, the "NAT router west" was already
running and it allocated an IP address to the "client east." Therefore, I
paused the "NAT router west" VM, released and renewed the IP address in the
"client east."

Question:

How do you avoid this sort of problem in a virtual machine scenario?

[2]
A question that belongs in this newsgroup:

From the "NAT router west" or "LAN router" I can't ping the "client east."

Is this normal?

[3]
Ipconfig /all on the "client east" shows
IP Routing Enabled. . . . . . . . : No

Is this normal?

[4]
If I use a DHCP server on a NAT router, should the checkbox labeled
"Automatically assign IP addresses by using the DHCP allocator" be cleared?

 

[Bill Grant]

There isn't really enough info here, but the whole setup looks dodgy to me.
What are you trying to emulate? What are the NAT routers supposed to do?

A simple description and a diagram of the network with a few IP
addresses and default gateway settings would help.

 

[Guest]

The setup:

NAT router west --- LAN router --- NAT router east --- client east

1. "LAN router" represents the Internet. On it, there's a DNS server with
records about www.west.org and www.east.com

2. "NAT router east" emulates a real Linux router/firewall in our
organization.

3. Behind the NAT router east, I'd like to have ISA2k4 and Ex2k3.

4. I'd like to test sending mail from west to east and back.

5. I probably wouldn't have to have a NAT router west, but I use it to
practice manual configuration, as opposed to wizard-driven installation on
the East side.

- - - - - - - - - - - - - - - -

IP: 192.168.1.1
SM: 255.255.255.0
DG:
DNS:
NAT router west
IP: 10.2.0.2
SM: 255.255.0.0
DG: 10.2.0.1
DNS: 10.2.0.1
|
IP: 10.2.0.1
SM: 255.255.0.0
DG:
DNS:
LAN router
IP: 10.1.0.1
SM: 255.255.0.0
DG:
DNS:
|
IP: 10.1.0.2
SM: 255.255.0.0
DG: 10.1.0.1
DNS: 10.1.0.1
NAT router east
IP: 172.16.1.1
SM: 255.255.255.0
DG:
DNS:

- - - - - - - - - - - - - - - -

1. Does this look OK to you?

2. When I do ipconfig /all on the client east, I see:
IP Routing Enabled. . . . . . . . : No

Is this normal?

Thank you.

 

[Bill Grant]

You should be able to ping the router west from a client behind the east
router (as long as NAT is configured correctly). Is the client using
172.16.1.1 as its default gateway? All traffic on the 10. network from the
client behind the east NAT router uses the server's 10.1.0 address, so if
the router can ping the west router, the clients should be able to as well.
You will not be able to connect to anything behind the west router (because
of NAT). You cannot connect to machines on the "private" side of a NAT
router from the "public" side.

A client will normally have IP routing disabled. It only needs to be on
if the machine is acting as an IP router.