Ip routing..how do i do it? Please help

I've search on the internet, I've search in tech books and it's not helping me in my case. Basically I want to set up my server (2003) as a router. It has two nic cards in it, the first nic card has a dynamic ip (long story..not allowed to change it) and it's used to connect to the internet. My second nic has a static ip, this nic connects to my LAN which contains my Domain controller, dhcp. DNS and client machines.

So in picture terms it would look like this

192.168.1.x 192.168.1.x
(internet)<----->[ nice 1: dynamic ip 2003 machine nic 2: static ip ]<------>[ Domin Controller, default gateway: ip of nic 2 on 2003 machine ]

How do I configure ip routing between nic 1 and nic 2? TO have traffic coming from nic 2 forwarded to Nic 1 and vice versa?

Thank

To configure 2003 as a NAT router, see KB 324264. Basically you make the
router the default gateway of your LAN, and enable NAT on the server so that
LAN machines can share its Internet connection using NAT.

If you are running a W2k/2003 domain, your clients should be using your
local DNS server. To access "foreign" sites, you will need to modify this
DNS server to forward to some other DNS server (such as the one at your
ISP).

"noobtech" <(E-Mail Removed)> wrote in message
news:1681AFE3-A78B-42E4-AECC-(E-Mail Removed)...
> I've search on the internet, I've search in tech books and it's not
helping me in my case. Basically I want to set up my server (2003) as a
router. It has two nic cards in it, the first nic card has a dynamic ip
(long story..not allowed to change it) and it's used to connect to the
internet. My second nic has a static ip, this nic connects to my LAN which
contains my Domain controller, dhcp. DNS and client machines.
>
> So in picture terms it would look like this:
>
>
192.168.1.x 192.168.1.x
> (internet)<----->[ nice 1: dynamic ip 2003 machine nic 2: static
ip ]<------>[ Domin Controller, default gateway: ip of nic 2 on 2003
machine ]
>
> How do I configure ip routing between nic 1 and nic 2? TO have traffic
coming from nic 2 forwarded to Nic 1 and vice versa?
>
> Thanks
>

Sounds like you want to route between your private 192.168.x.x network
(Nic#2) and the Public Internet (Nic#1). You can't. The 192 address block
is an RFC Non-Routable Private Address Block. Even if your box manages to
route them outbound, it is impossible for the acknowledgement to return
inbound. The following IP Ranges are not "internet routable":

10.0.0.0 -- 10.255.255.255
172.16.0.0 -- 172.31.255.255
192.168.0.0 -- 162.168.255.255

For these addresses to communicate with the Internet requires NAT (Network
Address Translation) or some kind of "proxying" service. Neither of these
classify as "routing". Your 2003 duel nic box is probably running RRAS with
NAT or the lighter weight version known as ICS. Both of these are "NAT"
services and it is the only way those LAN addresses can use the Internet at
all.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

How do I Nat NIC 1 on my server when it has a dynamic IP address. The reason why Nic 1 on the duel nic machine has a dynamic IP is because that NIC is getting it's ip address information from my WIndows xp machine.

I am using a Dial up connection, A winxp pro machine has ICS enabled and ICS has taken over the lan card in my winxp machine. It has given the NIC card on the winxp machine a 192.168.0.1 address. According to my understanding, once ICS is enable the Lan card/ICS will act as a dhcp server and start handing out IP address. The only way any other machine one the same lan can connect to my winxp machine is to change from a static to "obtain ip automatiaclly". And this is why NIC 1 on my dual nic machine has a dynamic IP. I have that set to "obtain ip automatically".

Current set up in Picture term

Dial up connection DC Default gate way 192.168.5.
Winxp, ICS enabled <-----------------> Dual nic machine <--------------------> DC window 2003, DHCp, DNS for local la
1 Nic card (192.168.0.1) Nic 1 Dyamic Ip / Nic 2 static 192.168.5.1 1 Nic, static IP 192.168.5.x

And I want the dual Nic machine to be the go between(connection) the two, the local network and the winxp machine that's hooked up to the internet via dial up. And i'm trying to figure out if it's possible to bridge those two somehow. You mentioned something about a "proxy setting" how would I set that up in this case one winxp machine?

As for " route between your private 192.168.x.x network (Nic#2) and the Public Internet (Nic#1). You can't"
I don't quite understand that. Then how does a dsl router work? For the home network the DSL router will act as a dhcp/nat and hand out ips for all client machines. That's fine

But in a small office envirnoment it would be DSL< --> (plain linksys) DSL router <-->to a server thats acting as a DC, DHCP and DNS for the local lan. The address scope for the local lan will be in the 192.168.x.x scope. The DC and all the machines in the local lan will have a 192.168.x.x. The default gateway for the Server itself will be the Dsl router. So somehow the DSL router is connecting the internet with the local lan. Or at least allowing internet access for the computers in the local lan (domain).

In diagram for
Dc Default gateway = DSL route
DSL <-------> Dsl router <---------> DC controller / windows 2003 domai
NIC static Ip of X.X.X.X

There's not much difference from this diagram and the diagram that I have for my setup from above.

----- Phillip Windell wrote: ----

Sounds like you want to route between your private 192.168.x.x networ
(Nic#2) and the Public Internet (Nic#1). You can't. The 192 address bloc
is an RFC Non-Routable Private Address Block. Even if your box manages t
route them outbound, it is impossible for the acknowledgement to retur
inbound. The following IP Ranges are not "internet routable"

10.0.0.0 -- 10.255.255.25
172.16.0.0 -- 172.31.255.25
192.168.0.0 -- 162.168.255.25

For these addresses to communicate with the Internet requires NAT (Networ
Address Translation) or some kind of "proxying" service. Neither of thes
classify as "routing". Your 2003 duel nic box is probably running RRAS wit
NAT or the lighter weight version known as ICS. Both of these are "NAT
services and it is the only way those LAN addresses can use the Internet a
all

--

Phillip Windell [MCP, MVP, CCNA
www.wandtv.co

> I don't quite understand that. Then how does a dsl router work?

Because they aren't real routers and are really NAT/DHCP Boxes. But they
won't sell as many calling them a "DSL NAT/DHCP Devices", people won't know
what they are talking about, so they call them "routers" for marketing
purposes. Since NAT is related to Layer3 Routing and most *real* routers can
also do NAT & DHCP, it isn't totally wrong to call them routers, but there
is no comparison between a "DSL Router" and a real router like a Cisco 2600
Series.

Anyway, they are not "routing" between your private network and the
Internet, they are "NAT'ing" between the two. The Windows ICS and the
RRAS/NAT of Windows Server work on the same "NAT'ing" principle.

Anyway if you want to create two private subnets on your network and use a
Windows machine to route between them, then the two-nic machine must use
statically assigned addresses on the NICs and *not* get the IP# from the ICS
machine. I think ICS only uses a certain range of numbers, so you can
statically use one that is above that range but still be in the correct
subnet.

The machine running ICS will require a static Route pointing to the duel nic
machine as a Gateway for the subnet on the opposite side of the duel-nic
machine. If the IP#s aren't static in the duel-nic machine then the ICS
machine's Static Route back to the second subnet will fail the next time the
IP# changes. The hosts that reside on that same opposite subnet will use the
dule-nic machine as their Default Gateway.

The KB Article "324264" that Bill mentioned will help you better than I can
explain it in this email.

If this doesn't express what you are trying to do then you are going to have
to explain it more clearly. We cannot see your network and cannot know how
you have it cabled up,...we only can know what you tell us and if that isn't
done clearly what we suggest to you may not be correct.


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Windows help states, "When ICS is enabled, your lan adapter will be set to use ip 192.168.0.1. To use the Internet Connection Sharing feature, users on your home or small office network should configure TCP/IP on their local area connection to obtain an IP address automatically."

I have a winxp pro machine that's connected to the internet via dial-up. ICS is enabled on the dial-up and the machine has a nic card installed. ICS gives my Nic card the ip of 192.168.0.1, changing the IP to something else and ICS does not work.

I have another machine (let's call it B) B machine is a 2003 server with 2 nics. First nic has "automatically obtain IP". This nic gets it's Ip from the winxp machine above. It allows this machine access to the internet. The second Nic has a static IP of 192.168.5.1

Picture
ICS enable on dial up
Winxp windows 2003 serve
NIC IP 192.168.0.1 <------Internet sharing---- >Nic 1 ="obtain Ip automatically"
Nic 2 ip 192.168.5.1 <-----------connects to local network---->

I have another machine (machine C) C machine has one Nic but it is a window 2003 server that is a domain controller. It has a static Ip address of 192.168.5.2 This machine also hosts DNS and DHCP for my local lan/domain. The default gateway for this machine is 192.168.5.1 It is the IP address of NIC 2 on machine B.

My client computers are set to "obtain ip automatically" and the DHCP on machine B hands the ip's out. The default gateway for my client computers are set to the windows 2003 DC which is 192.168.5.

finished PIC view

ICS enable on dial up
Winxp windows 2003 serve
NIC IP 192.168.0.1 <----Internet---- >Nic 1 ="obtain Ip automatically" 2003 DC / Domai
Nic 2 ip 192.168.5.1 <---------connects to local network----> IP 192.168.5.2
Default gateway
192.168.5.

Locally my network is fine. All computers on the LAn can communicate with each other and the DC. I can also ping Nic 2 on machine B from any machine in the local LAN. The problem is that none of the client machines nor the DC on the local lan has access to the internet. The only machine that has any access to the internet is Machine B. The machine that has the duel nic installed.

I was told that I can configure machine B as a ip router and route traffic between nic 1's connection and nic 2's connection. But from what I read in books a machine that is acting as a ip router between two segments can not have a default gateway on either of it's nics. Nic 1 on machine B has gateway information because it is set to "obtain ip automatically. Would IP routing still work in this case

My question is how do I enable internet access for the client computers on the local lan?
what are the steps and how do I do? How do I transfer the traffic directed to Nic 2 on machine B over to nic 1 on machine B?


----- Phillip Windell wrote: ----

> I don't quite understand that. Then how does a dsl router work

Because they aren't real routers and are really NAT/DHCP Boxes. But the
won't sell as many calling them a "DSL NAT/DHCP Devices", people won't kno
what they are talking about, so they call them "routers" for marketin
purposes. Since NAT is related to Layer3 Routing and most *real* routers ca
also do NAT & DHCP, it isn't totally wrong to call them routers, but ther
is no comparison between a "DSL Router" and a real router like a Cisco 2600
Series.

Anyway, they are not "routing" between your private network and the
Internet, they are "NAT'ing" between the two. The Windows ICS and the
RRAS/NAT of Windows Server work on the same "NAT'ing" principle.

Anyway if you want to create two private subnets on your network and use a
Windows machine to route between them, then the two-nic machine must use
statically assigned addresses on the NICs and *not* get the IP# from the ICS
machine. I think ICS only uses a certain range of numbers, so you can
statically use one that is above that range but still be in the correct
subnet.

The machine running ICS will require a static Route pointing to the duel nic
machine as a Gateway for the subnet on the opposite side of the duel-nic
machine. If the IP#s aren't static in the duel-nic machine then the ICS
machine's Static Route back to the second subnet will fail the next time the
IP# changes. The hosts that reside on that same opposite subnet will use the
dule-nic machine as their Default Gateway.

The KB Article "324264" that Bill mentioned will help you better than I can
explain it in this email.

If this doesn't express what you are trying to do then you are going to have
to explain it more clearly. We cannot see your network and cannot know how
you have it cabled up,...we only can know what you tell us and if that isn't
done clearly what we suggest to you may not be correct.


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

You cannot successfully run an AD domain behind an ICS connection. ICS is
designed as a simple Internet sharing device for a few LAN clients. It is
not configurable, and cannot cope with a domain structure behind it.

The main reason it cannot do this is DNS. ICS simply acts as a DNS proxy
and forwards client requests to the DNS server used by the ICS host. The
clients must use the ICS host's LAN IP as their default gateway and their
DNS server. This is useless for Active Directory. AD clients must use the AD
DNS service to access AD services (such as logon).

If you use an ADSL router or a RRAS router, you can turn off the DNS
proxy function and configure it so that the clients can use your local DNS.
You then configure your local DNS to forward to the DNS servive on your
Internet connection. But this is not an option with ICS (or with the Shared
NAT option in VPC, which works much like ICS).

So the short answer is you need to replace ICS with a configurable
router which can do NAT for you but will allow you to use your local (ie the
one you use for your AD clients) DNS server.

"noobtech" <(E-Mail Removed)> wrote in message
news:48DC3441-AED9-4795-87AA-(E-Mail Removed)...
> Windows help states, "When ICS is enabled, your lan adapter will be set
to use ip 192.168.0.1. To use the Internet Connection Sharing feature, users
on your home or small office network should configure TCP/IP on their local
area connection to obtain an IP address automatically."
>
> I have a winxp pro machine that's connected to the internet via dial-up.
ICS is enabled on the dial-up and the machine has a nic card installed. ICS
gives my Nic card the ip of 192.168.0.1, changing the IP to something else
and ICS does not work.
>
> I have another machine (let's call it B) B machine is a 2003 server with 2
nics. First nic has "automatically obtain IP". This nic gets it's Ip from
the winxp machine above. It allows this machine access to the internet. The
second Nic has a static IP of 192.168.5.1
>
> Picture:
> ICS enable on dial up
> Winxp
windows 2003 server
> NIC IP 192.168.0.1 <------Internet sharing---- >Nic 1 ="obtain Ip
automatically"
>
Nic 2 ip 192.168.5.1 <-----------connects to local network---->
>
> I have another machine (machine C) C machine has one Nic but it is a
window 2003 server that is a domain controller. It has a static Ip address
of 192.168.5.2 This machine also hosts DNS and DHCP for my local lan/domain.
The default gateway for this machine is 192.168.5.1 It is the IP address of
NIC 2 on machine B.
>
> My client computers are set to "obtain ip automatically" and the DHCP on
machine B hands the ip's out. The default gateway for my client computers
are set to the windows 2003 DC which is 192.168.5.2
>
> finished PIC view:
>
> ICS enable on dial up
> Winxp windows 2003
server
> NIC IP 192.168.0.1 <----Internet---- >Nic 1 ="obtain Ip automatically"
2003 DC / Domain
> Nic 2 ip
192.168.5.1 <---------connects to local network----> IP 192.168.5.2
>
Default gateway
>
192.168.5.1
>
> Locally my network is fine. All computers on the LAn can communicate with
each other and the DC. I can also ping Nic 2 on machine B from any machine
in the local LAN. The problem is that none of the client machines nor the DC
on the local lan has access to the internet. The only machine that has any
access to the internet is Machine B. The machine that has the duel nic
installed.
>
> I was told that I can configure machine B as a ip router and route traffic
between nic 1's connection and nic 2's connection. But from what I read in
books a machine that is acting as a ip router between two segments can not
have a default gateway on either of it's nics. Nic 1 on machine B has
gateway information because it is set to "obtain ip automatically. Would IP
routing still work in this case?
>
> My question is how do I enable internet access for the client computers on
the local lan?
> what are the steps and how do I do? How do I transfer the traffic directed
to Nic 2 on machine B over to nic 1 on machine B?
>
>
>
> ----- Phillip Windell wrote: -----
>
> > I don't quite understand that. Then how does a dsl router work?
>
> Because they aren't real routers and are really NAT/DHCP Boxes. But
they
> won't sell as many calling them a "DSL NAT/DHCP Devices", people
won't know
> what they are talking about, so they call them "routers" for
marketing
> purposes. Since NAT is related to Layer3 Routing and most *real*
routers can
> also do NAT & DHCP, it isn't totally wrong to call them routers, but
there
> is no comparison between a "DSL Router" and a real router like a
Cisco 2600
> Series.
>
> Anyway, they are not "routing" between your private network and the
> Internet, they are "NAT'ing" between the two. The Windows ICS and
the
> RRAS/NAT of Windows Server work on the same "NAT'ing" principle.
>
> Anyway if you want to create two private subnets on your network and
use a
> Windows machine to route between them, then the two-nic machine must
use
> statically assigned addresses on the NICs and *not* get the IP# from
the ICS
> machine. I think ICS only uses a certain range of numbers, so you can
> statically use one that is above that range but still be in the
correct
> subnet.
>
> The machine running ICS will require a static Route pointing to the
duel nic
> machine as a Gateway for the subnet on the opposite side of the
duel-nic
> machine. If the IP#s aren't static in the duel-nic machine then the
ICS
> machine's Static Route back to the second subnet will fail the next
time the
> IP# changes. The hosts that reside on that same opposite subnet will
use the
> dule-nic machine as their Default Gateway.
>
> The KB Article "324264" that Bill mentioned will help you better than
I can
> explain it in this email.
>
> If this doesn't express what you are trying to do then you are going
to have
> to explain it more clearly. We cannot see your network and cannot
know how
> you have it cabled up,...we only can know what you tell us and if
that isn't
> done clearly what we suggest to you may not be correct.
>
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
>

There is a lot of small details in this message, do *not* blow through it
and ignore details.

"noobtech" <(E-Mail Removed)> wrote in message
news:48DC3441-AED9-4795-87AA-(E-Mail Removed)...
> I have a winxp pro machine that's connected to the internet via dial-up.
ICS is enabled on the dial-up
> and the machine has a nic card installed. ICS gives my Nic card the ip of
192.168.0.1, changing the
> IP to something else and ICS does not work.

It didn't tell you to change the IP#s on *that* machine. I told you to make
them static on the 2-nic machine that you mention next. ICS doesn't assign
the whole 192.168.0.0 block,...it only assigns part of the block. If you
use IP#s above that range there won't be a problem. I don't remember the
cut-off point, so you can just start with 192.168.0.254 and work backward.
I have even heard of people assigning a static address that ICS does use and
it still worked because ICS makes sure the address isn't in use before it
assings it to something, but I would recommend that.

> I have another machine (let's call it B) B machine is a 2003 server with 2
nics. First nic has
> "automatically obtain IP". This nic gets it's Ip from the winxp machine
above. It allows this machine
> access to the internet. The second Nic has a static IP of 192.168.5.1

Change the "automatic nic" to a static 192.168.0.254, mask 255.255.255.0,
gateway 192.168.0.1, DNS 192.168.5.2. Just do it,...don't worry about the
"the World according to ICS".

> I have another machine (machine C) C machine has one Nic but it is a
window 2003 server that is a domain controller. It has a static Ip address
of 192.168.5.2 This machine also hosts DNS and DHCP for my local lan/domain.
The default gateway for this machine is 192.168.5.1 It is the IP address of
NIC 2 on machine B.

That's fine, I see no problem there.

> My client computers are set to "obtain ip automatically" and the DHCP on
machine B hands the ip's
> out. The default gateway for my client computers are set to the windows
2003 DC which is
> 192.168.5.2

That's fine, but that will only work for machines on the 192.168.5.0 subnet.
The machines on the192.168.0.0 subnet are at the "mercy" of ICS unless you
make them static.

> Locally my network is fine. All computers on the LAn can communicate with
each other and the DC.
> I can also ping Nic 2 on machine B from any machine in the local LAN. The
problem is that none of
> the client machines nor the DC on the local lan has access to the
internet. The only machine that has
> any access to the internet is Machine B. The machine that has the duel nic
installed.

> I was told that I can configure machine B as a ip router and route traffic
between nic 1's connection
> and nic 2's connection. But from what I read in books a machine that is
acting as a ip router between
> two segments can not have a default gateway on either of it's nics. Nic 1
on machine B has gateway
> information because it is set to "obtain ip automatically. Would IP
routing still work in this case?

**Every** machine in your system (both subnets) must point to the
192.168.5.2 machine as their DNS. For what to do on the ICS machine see
below.... Then in your DNS Server you need to create a Forwarders List
that lists the ISP's DNS Server. If you do not create the Forwarders List
then you are screwed and are just wasting you time.

On the ICS machine make sure that the Internal Nic is set to be the highest
priority nic and that the Internal NIC uses the 192.168.5.2 as the DNS
Server. Leave the rest of the network settings in the internal nic alone.
The ICS machine must also have a Static Route entered into the Routing Table
otherwise the 192.168.5.x subnet will be cut off. If you do not do this
then you are also screwed and wasting your time. If you used the
192.168.0.254 address for the one side of the duel-nic machine as I
suggested, then the route command would look like this:

c:\> Route Add -p 192.168.5.0 mask 255.255.255.0 192.168.0.254

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

"Phillip Windell" <@.> wrote in message
news:(E-Mail Removed)...
> it still worked because ICS makes sure the address isn't in use before it
> assings it to something, but I would recommend that.

I meant "*not* recommend that". Boy I hate those typos that make me say the
opposite of what I meant!

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com