Trouble configuring Windows Server Enterprise as a NAT router

I recently upgraded my home server to Windows Server 2008 Enterprise R2 Beta.
As I was setting it up, I got the bright idea to replace my router with the
server. So I got to work installing a second NIC, disabling DHCP/DNS on my
router, etc. All went well--until I tested it. I cannot, for the life of
me, get NAT to work. I have two NICs in my server: one for LAN, another for
WAN. The WAN NIC is connected via ethernet to a standard broadband modem and
works fine; I can successfully access the internet from the server. The LAN
NIC is connected (also via ethernet) to a wireless and wired router. The
router was already configured to behave as a standard switch, as I had
previously used the modem as the DHCP/DNS server (it's one of those
modem-router combos--can't complain, it was free). DHCP is a go: anything
that connected wirelessly to the network gets a proper IP, with the server
marked as the Def.GW and DNS server. Now, here's where the problems
start--that's the only thing that works. I can ping the server just fine,
but DNS requests fail (they work locally on the server, which is configured
to use 127.0.0.1 as the primary DNS server with 4.2.2.1-6 as backup).
External requests result in a "host unreachable" error. It seems as though
the switch doesn't understand that it's supposed to forward traffic directed
outside the subnet to the server (10.10.0.1), even though RIP-2B is enabled
on both the server and the router. I haven't seen any suspicious log entries
or such. Windows Firewall is 100% disabled. As far as I can tell, RRAS,
DHCP, and DNS are all configured properly, though the results seem to speak
otherwise. I have to admit, networking at the hardware level is not my area
of expertise; this is a bit different than working with winsock. After
programming for years, I never thought anything besides a segfault could
frustrate me on a computer--clearly I was wrong. I don't know how you
network techies do it. Does anyone have any tips? I've worked with Server
2003 quite a bit in the past, so feel free to give directions in terms of
another (similar) OS; I should be able to figure it out.

In news:E774F153-53E1-439C-95AC-,
Zenexer <>, seeking assistance, posted the
following:
> I recently upgraded my home server to Windows Server 2008 Enterprise
> R2 Beta. As I was setting it up, I got the bright idea to replace my
> router with the server. So I got to work installing a second NIC,
> disabling DHCP/DNS on my router, etc. All went well--until I tested
> it. I cannot, for the life of me, get NAT to work. I have two NICs
> in my server: one for LAN, another for WAN. The WAN NIC is connected
> via ethernet to a standard broadband modem and works fine; I can
> successfully access the internet from the server. The LAN NIC is
> connected (also via ethernet) to a wireless and wired router. The
> router was already configured to behave as a standard switch, as I
> had previously used the modem as the DHCP/DNS server (it's one of
> those modem-router combos--can't complain, it was free). DHCP is a
> go: anything that connected wirelessly to the network gets a proper
> IP, with the server marked as the Def.GW and DNS server. Now, here's
> where the problems start--that's the only thing that works. I can
> ping the server just fine, but DNS requests fail (they work locally
> on the server, which is configured to use 127.0.0.1 as the primary
> DNS server with 4.2.2.1-6 as backup). External requests result in a
> "host unreachable" error. It seems as though the switch doesn't
> understand that it's supposed to forward traffic directed outside the
> subnet to the server (10.10.0.1), even though RIP-2B is enabled on
> both the server and the router. I haven't seen any suspicious log
> entries or such. Windows Firewall is 100% disabled. As far as I can
> tell, RRAS, DHCP, and DNS are all configured properly, though the
> results seem to speak otherwise. I have to admit, networking at the
> hardware level is not my area of expertise; this is a bit different
> than working with winsock. After programming for years, I never
> thought anything besides a segfault could frustrate me on a
> computer--clearly I was wrong. I don't know how you network techies
> do it. Does anyone have any tips? I've worked with Server 2003
> quite a bit in the past, so feel free to give directions in terms of
> another (similar) OS; I should be able to figure it out.

Hello Zenexer,

Can you ping the router's by IP address?
Switches do not forward IP traffic per se, just per port based on source and
destination Mac.

What type of internet line do you have? ADSL, SDSL, FIOS, Cable, T1, etc?

I understand you are using the old router as a switch only by using it's
internal 4 or 5 port switch ports, so I assume nothing is connected to its
WAN interface, as the way it should in this scenario. But that bades me to
ask, What is the external NIC of the server connected to?

As for setting up NAT on 2008, it's a little different, but not by much, in
2008 than 2003. See if the following articles below help. In addition, keep
the following in mind:

1. Remove the 4.2.2.2 and 127.0.0.1 addresses for DNS, and use the actual
internal inteface's IP address for both the internal and external interface.
2. Make sure that this is not a domain controller, or it will vastly
complicate things including required registry changes to make sure the DC is
able to properly only register it's internal interface data and not the
external interface so it can still functions as a DC otherwise expect major
problems.
3. In Networking windows, Advanced, Advanced, make sure the inside NIC is at
the top of the binding order.
4. In DNS properties, interface tab, make sure it only listens to the
internal interface IP.
5. In NIC properties, disable F&P, NetBIOS, and Register This Connection, on
the outside intgerface.
6. Make sure there is only one gateway address set on the external, and not
the internal interface. This would of course point to the router's IP that
is connected to the external interface.

NAT in Windows 2003: Setup and Configuration
http://www.windowsnetworking.com/art...iguration.html

Configuring Windows Server 2003 to act as a NAT router
http://www.windowsnetworking.com/art...AT-router.html


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer


For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Hello Zenexer,

Additional to Ace detailed descriptions have a look here:
http://technet.microsoft.com/en-us/l.../cc731671.aspx

Keep in mind that you should not add the Domain controller role to that server.

DC's should not be multihomed:
http://support.microsoft.com/default...b;en-us;272294


Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I recently upgraded my home server to Windows Server 2008 Enterprise
> R2 Beta.
> As I was setting it up, I got the bright idea to replace my router
> with the
> server. So I got to work installing a second NIC, disabling DHCP/DNS
> on my
> router, etc. All went well--until I tested it. I cannot, for the
> life of me, get NAT to work. I have two NICs in my server: one for
> LAN, another for WAN. The WAN NIC is connected via ethernet to a
> standard broadband modem and works fine; I can successfully access the
> internet from the server. The LAN NIC is connected (also via
> ethernet) to a wireless and wired router. The router was already
> configured to behave as a standard switch, as I had previously used
> the modem as the DHCP/DNS server (it's one of those modem-router
> combos--can't complain, it was free). DHCP is a go: anything that
> connected wirelessly to the network gets a proper IP, with the server
> marked as the Def.GW and DNS server. Now, here's where the problems
> start--that's the only thing that works. I can ping the server just
> fine, but DNS requests fail (they work locally on the server, which is
> configured to use 127.0.0.1 as the primary DNS server with 4.2.2.1-6
> as backup). External requests result in a "host unreachable" error.
> It seems as though the switch doesn't understand that it's supposed to
> forward traffic directed outside the subnet to the server (10.10.0.1),
> even though RIP-2B is enabled on both the server and the router. I
> haven't seen any suspicious log entries or such. Windows Firewall is
> 100% disabled. As far as I can tell, RRAS, DHCP, and DNS are all
> configured properly, though the results seem to speak otherwise. I
> have to admit, networking at the hardware level is not my area of
> expertise; this is a bit different than working with winsock. After
> programming for years, I never thought anything besides a segfault
> could frustrate me on a computer--clearly I was wrong. I don't know
> how you network techies do it. Does anyone have any tips? I've
> worked with Server 2003 quite a bit in the past, so feel free to give
> directions in terms of another (similar) OS; I should be able to
> figure it out.
>

Zenexer <> wrote:
> I recently upgraded my home server to Windows Server 2008 Enterprise
> R2 Beta. As I was setting it up, I got the bright idea to replace my
> router with the server.

No, I wouldn't call that a bright idea at all. You may recall the expression
about putting lipstick on a pig, no? Especially if you're using AD, but even
if you're not, avoid this setup. Go back to the router.

So I got to work installing a second NIC,
> disabling DHCP/DNS on my router, etc. All went well--until I tested
> it. I cannot, for the life of me, get NAT to work. I have two NICs
> in my server: one for LAN, another for WAN. The WAN NIC is connected
> via ethernet to a standard broadband modem and works fine; I can
> successfully access the internet from the server. The LAN NIC is
> connected (also via ethernet) to a wireless and wired router. The
> router was already configured to behave as a standard switch, as I
> had previously used the modem as the DHCP/DNS server (it's one of
> those modem-router combos--can't complain, it was free). DHCP is a
> go: anything that connected wirelessly to the network gets a proper
> IP, with the server marked as the Def.GW and DNS server. Now, here's
> where the problems start--that's the only thing that works. I can
> ping the server just fine, but DNS requests fail (they work locally
> on the server, which is configured to use 127.0.0.1 as the primary
> DNS server with 4.2.2.1-6 as backup). External requests result in a
> "host unreachable" error. It seems as though the switch doesn't
> understand that it's supposed to forward traffic directed outside the
> subnet to the server (10.10.0.1), even though RIP-2B is enabled on
> both the server and the router. I haven't seen any suspicious log
> entries or such. Windows Firewall is 100% disabled. As far as I can
> tell, RRAS, DHCP, and DNS are all configured properly, though the
> results seem to speak otherwise. I have to admit, networking at the
> hardware level is not my area of expertise; this is a bit different
> than working with winsock. After programming for years, I never
> thought anything besides a segfault could frustrate me on a
> computer--clearly I was wrong. I don't know how you network techies
> do it. Does anyone have any tips? I've worked with Server 2003
> quite a bit in the past, so feel free to give directions in terms of
> another (similar) OS; I should be able to figure it out.