Virtual Network within Virtual PC

Currently I am running the latest version of VPC 2007 sp1, I have XP Pr
in one VM 2000 in one, and Server 2003 in two others. What I want to d
is set one server up with DNS, Active Directory, and eventually RIS an
WSUS. The other server I would like to be my gateway to the internet an
be a DHCP server for VM clients XP and 2000. the servers should hav
static IPs. Would I use a NAT for the gateway server and assign m
static IPs to both servers? Use the the local network as the 2nd adapte
on the gateway and then on each of the VMs? Also on the static server
the DNS address would point back to the DNS server in the virtua
network correct? I have tried to get this virtual network setup an
cannot get the local network to see the Internet through the one sever
:cry

Any help would be appreciated. Thanks in advance

jcwi6

--
jcwi65

Hello jcwi65,


I made an error in the diagram. The gateway's VM network adapter1 should be
the "Local Ony" adapter and the other one should be the one bound to the
physical adapter. IP address information should stay the same, just the
labels were off. My bad.


Paul Yhonquea



"Paul Yhonquea" <> wrote in message
news:...
> Hello jcwi65,
>
> I have been playing around with various virtual network setups using
> Virtual PC 2004, 2007 and Hyper-V. With 2007, you are correct in assuming
> to use NAT for the gateway and static addresses for the servers. Let us
> assume that your live network si using the 192.168.10.0/24 addressing
> scheme. We will assign the 10.10.1.0/20 for the virtual network.
>
> The gateway should have two adapters, one bound to your physical adapter
> (and you can use DHCP for this address if you wish, although we will give
> it a static one for this demonstration), and one adapter bound to the
> "Local Only" option in VPC2007. All other VMs in the environment will use
> the "Local Only" option. I have attached a diagram of a potential layout
> of your network.
>
> Static IPs are the way to go for your servers (gateway and DC). If you
> really want to run DHCP from your gateway, be sure it is configured to
> only service clients on its virtual side, and that all pertinent
> information is correct (gateway information for the scope options should
> point to its internal IP, DNS should point to the DC). Keep in mind that
> DHCP could also run from your DC. This will guarantee that the DHCP
> broadcasts will stay in the virtual environment. Just a thought.
>
> As far as DNS, the DC should point to itself. As far as the gateway, the
> internal IP needs no DNS configuration. The external one will need to be
> configured in a way to get to the Internet (probably your ADSL/Cable
> modem, or other Internet connection). When you configure DNS on the DC,
> put the address of your Internet connection device (router or modem) in
> the DNS forwarders section. That way when any client sends a DNS request
> to your DNS server, and it doesn't have a record for it, it can query the
> router (which will in turn send the request to your ISP, and so on).
>
> No special configs for the clients, other than their network adapters
> being bound to the "Local Only" option.
>
> Check ou the attached diagram for somewhat of a visual.
>
>
> Hope this helps.
>
>
> Paul Yhonquea
>
>
>
> "jcwi65" <> wrote in message
> news:...
>>
>> Currently I am running the latest version of VPC 2007 sp1, I have XP Pro
>> in one VM 2000 in one, and Server 2003 in two others. What I want to do
>> is set one server up with DNS, Active Directory, and eventually RIS and
>> WSUS. The other server I would like to be my gateway to the internet and
>> be a DHCP server for VM clients XP and 2000. the servers should have
>> static IPs. Would I use a NAT for the gateway server and assign my
>> static IPs to both servers? Use the the local network as the 2nd adapter
>> on the gateway and then on each of the VMs? Also on the static servers
>> the DNS address would point back to the DNS server in the virtual
>> network correct? I have tried to get this virtual network setup and
>> cannot get the local network to see the Internet through the one sever.
>> :cry:
>>
>> Any help would be appreciated. Thanks in advance.
>>
>> jcwi65
>>
>>
>> --
>> jcwi65
>>
>
>
>

The diagram did not come through, can you repost it? Your information
has been very helpful. I have not been able to test it and will be
doing so momentarily.


--
jcwi65

If you are viewing the thread from Microsoft's discussions website, it
doesn't seem to support attachments. Maybe a newsreader such as Outlook
Express? Or I can email it you you would like.

Let me know.


Paul Yhonquea



"jcwi65" <> wrote in message
news:...
>
> The diagram did not come through, can you repost it? Your information
> has been very helpful. I have not been able to test it and will be
> doing so momentarily.
>
>
> --
> jcwi65

--
jcwi65

"jcwi65" <> wrote in message
news:...
>
>
>
>
> --
> jcwi65

You need to be careful using NAT with Active Directory. This has nothing
to do with VPC. It applies as well on "real" machines on "real" networks.
The way that NAT handles DNS (ie the NAT server acting as a DNS proxy) is
not compatible with AD.

Put your server in Local Only and give it a static IP in its own IP
subnet. Use dcpromo to create a domain and let dcpromo set up DNS for you. I
would also configure DHCP on the DC and authorize it in AD.

Use RRAS in one of your servers (not the DC) as a NAT router to the
physical network. One NIC connects to the physical network through the NIC
in the host machine. The other NIC is in Local Only and is the default
gateway for your private LAN. Do not configure RRAS to do DHCP or DNS proxy.

Configure the DHCP scope to give your AD clients the NAT router's private
IP as their default gateway but the DC as their DNS server. Configure your
local DNS to forward to a public DNS server (so that it can resolve foreign
URLs as well as local SRV records).

Here is how my network looked when I ran a domain using VPC.

Internet
|
Netgear
192.168.0.1
|
Local Network (workgroup)
192.168.0.x dg 192.168.0.1
|
192.168.0.254 dg 192.168.0.1
RRAS/NAT
192.168.31.254 dg blank
|
DC
192.168.31.11 dg 192.168.31.254
|
AD members
192.168.31.x dg 192.168.31.254 dns 192.168.31.11

Bill,

This is pretty much what I was suggesting to jcwi65, but you did lay out the
technical details a bit better. Forgot about the piece dealing with
authorizing the DHCP server.

Paul Yhonquea


"Bill Grant" <not.available@online> wrote in message
news:...
>
>
> "jcwi65" <> wrote in message
> news:...
>>
>>
>>
>>
>> --
>> jcwi65
>
> You need to be careful using NAT with Active Directory. This has nothing
> to do with VPC. It applies as well on "real" machines on "real" networks.
> The way that NAT handles DNS (ie the NAT server acting as a DNS proxy) is
> not compatible with AD.
>
> Put your server in Local Only and give it a static IP in its own IP
> subnet. Use dcpromo to create a domain and let dcpromo set up DNS for you.
> I would also configure DHCP on the DC and authorize it in AD.
>
> Use RRAS in one of your servers (not the DC) as a NAT router to the
> physical network. One NIC connects to the physical network through the
> NIC in the host machine. The other NIC is in Local Only and is the default
> gateway for your private LAN. Do not configure RRAS to do DHCP or DNS
> proxy.
>
> Configure the DHCP scope to give your AD clients the NAT router's
> private IP as their default gateway but the DC as their DNS server.
> Configure your local DNS to forward to a public DNS server (so that it can
> resolve foreign URLs as well as local SRV records).
>
> Here is how my network looked when I ran a domain using VPC.
>
> Internet
> |
> Netgear
> 192.168.0.1
> |
> Local Network (workgroup)
> 192.168.0.x dg 192.168.0.1
> |
> 192.168.0.254 dg 192.168.0.1
> RRAS/NAT
> 192.168.31.254 dg blank
> |
> DC
> 192.168.31.11 dg 192.168.31.254
> |
> AD members
> 192.168.31.x dg 192.168.31.254 dns 192.168.31.11

Paul Yhonquea;1113555 Wrote:
> Bill,
>
> This is pretty much what I was suggesting to jcwi65, but you did lay
> out the
> technical details a bit better. Forgot about the piece dealing with
> authorizing the DHCP server.
>
> Paul Yhonquea
>
>
> "Bill Grant" <not.available@xxxxxx> wrote in message
> news:ezluDggHKHA.3708@xxxxxx> > >
> > >
> > >
> > > "jcwi65" <> wrote in message
> > > news:...> > > > >
> > > >>
> > > >> jcthompson@xxxxxx
> > > >>
> > > >>
> > > >> --
> > > >> jcwi65> > > >
> > >
> > > You need to be careful using NAT with Active Directory. This has
> > nothing
> > > to do with VPC. It applies as well on "real" machines on "real"
> > networks.
> > > The way that NAT handles DNS (ie the NAT server acting as a DNS
> > proxy) is
> > > not compatible with AD.
> > >
> > > Put your server in Local Only and give it a static IP in its own
> > IP
> > > subnet. Use dcpromo to create a domain and let dcpromo set up DNS
> > for you.
> > > I would also configure DHCP on the DC and authorize it in AD.
> > >
> > > Use RRAS in one of your servers (not the DC) as a NAT router to
> > the
> > > physical network. One NIC connects to the physical network
> > through the
> > > NIC in the host machine. The other NIC is in Local Only and is
> > the default
> > > gateway for your private LAN. Do not configure RRAS to do DHCP or
> > DNS
> > > proxy.
> > >
> > > Configure the DHCP scope to give your AD clients the NAT router's
> > > private IP as their default gateway but the DC as their DNS
> > server.
> > > Configure your local DNS to forward to a public DNS server (so
> > that it can
> > > resolve foreign URLs as well as local SRV records).
> > >
> > > Here is how my network looked when I ran a domain using VPC.
> > >
> > > Internet
> > > |
> > > Netgear
> > > 192.168.0.1
> > > |
> > > Local Network (workgroup)
> > > 192.168.0.x dg 192.168.0.1
> > > |
> > > 192.168.0.254 dg 192.168.0.1
> > > RRAS/NAT
> > > 192.168.31.254 dg blank
> > > |
> > > DC
> > > 192.168.31.11 dg 192.168.31.254
> > > |
> > > AD members
> > > 192.168.31.x dg 192.168.31.254 dns 192.168.31.11 > >

In what I have gathered from this information, the RRAS should be setup
to connect two networks and not use any of the NAT options?


--
jcwi65

jcwi65;1113831 Wrote:
> > Paul Yhonquea;1113555 Wrote:
> > Bill,
> >
> > This is pretty much what I was suggesting to jcwi65, but you did lay
> > out the
> > technical details a bit better. Forgot about the piece dealing with
> > authorizing the DHCP server.
> >
> > Paul Yhonquea
> >
> >
> > "Bill Grant" <not.available@xxxxxx> wrote in message
> > news:ezluDggHKHA.3708@xxxxxx> > > > >
> > > >
> > > >
> > > > "jcwi65" <> wrote in message
> > > > news:...
> > > >
> > > > You need to be careful using NAT with Active Directory. This has
> > > nothing
> > > > to do with VPC. It applies as well on "real" machines on "real"
> > > networks.
> > > > The way that NAT handles DNS (ie the NAT server acting as a DNS
> > > proxy) is
> > > > not compatible with AD.
> > > >
> > > > Put your server in Local Only and give it a static IP in its own IP
> > > > subnet. Use dcpromo to create a domain and let dcpromo set up DNS for
> > > you.
> > > > I would also configure DHCP on the DC and authorize it in AD.
> > > >
> > > > Use RRAS in one of your servers (not the DC) as a NAT router to the
> > > > physical network. One NIC connects to the physical network through
> > > the
> > > > NIC in the host machine. The other NIC is in Local Only and is the
> > > default
> > > > gateway for your private LAN. Do not configure RRAS to do DHCP or DNS
> > > > proxy.
> > > >
> > > > Configure the DHCP scope to give your AD clients the NAT router's
> > > > private IP as their default gateway but the DC as their DNS server.
> > > > Configure your local DNS to forward to a public DNS server (so that
> > > it can
> > > > resolve foreign URLs as well as local SRV records).
> > > >
> > > > Here is how my network looked when I ran a domain using VPC.
> > > >
> > > > Internet
> > > > |
> > > > Netgear
> > > > 192.168.0.1
> > > > |
> > > > Local Network (workgroup)
> > > > 192.168.0.x dg 192.168.0.1
> > > > |
> > > > 192.168.0.254 dg 192.168.0.1
> > > > RRAS/NAT
> > > > 192.168.31.254 dg blank
> > > > |
> > > > DC
> > > > 192.168.31.11 dg 192.168.31.254
> > > > |
> > > > AD members
> > > > 192.168.31.x dg 192.168.31.254 dns 192.168.31.11 > > > > > >
>
> In what I have gathered from this information, the RRAS should be
> setup to connect two networks and not use any of the NAT options?

Also do I set up the forwarder using my DSL router/modem's default DNS
#s or the default gateway #?


--
jcwi65

jcwi65;1113877 Wrote:
> > jcwi65;1113831 Wrote:
> > > > Paul Yhonquea;1113555 Wrote:
> > > Bill,
> > >
> > > This is pretty much what I was suggesting to jcwi65, but you did lay
> > > out the
> > > technical details a bit better. Forgot about the piece dealing with
> > > authorizing the DHCP server.
> > >
> > > Paul Yhonquea
> > >
> > >
> > > "Bill Grant" <not.available@xxxxxx> wrote in message
> > > news:ezluDggHKHA.3708@xxxxxx> > > >
> >
> > In what I have gathered from this information, the RRAS should be
> > setup to connect two networks and not use any of the NAT options?> >
>
> Also do I set up the forwarder using my DSL router/modem's default
> DNS #s or the default gateway #?

I ran into a problem, when setting up the router server I used Paul's
scheme from his diagram. I wasn't sure what to use as the DNS on
connection #2 and I couldn't get it to connect. When I set it back to
aquire a IP and DNS automatically I could connect at least to the
Internet. I have not tried yet in the rest of the domain as I am
unclear to the settings in RRAS since I shouldn't use NAT, that only
leaves connecting two private networks. Also I put DHCP on the DNS
server as suggested. All my VMs are setup, I just need to get the
network settings correct and the RRAS. Thank-you Paul and Bill for your
assistance thus far. I will be looking forward to your continued
support in getting my virtual network operational.


--
jcwi65