N A T - coNstaAnT pain !

Hi everybody : ). I got a very very big problem and I've been fighting with
this for the last 4 days with no success. Maybe you'll have patience to read
through these lines. I had to write this bunch of text because otherwise I
couldn't have exposed my problem good enough for all of you to understand.

I am sure there are many of you here who know very good the meaning of NAT
and how to work with it. I knew nothing about it 'till 5 days ago when I got
my Cable Modem on a second LAN card. I want to share my internet connection
with 2 workstations.. My 2 workstations are in a switch. I am connected to
the switch through LAN CARD 1. The modem is in LAN CARD 2.

I tried... 2 versions of WinGate and WinRoute to do this. Nothing worked
'till I enabled proxy on the two workstations in their I.E.. They were able
to browse HTTP but could not use other ports (for example IRC). Also, I
understand that this can be done without Proxies and that the proxy solution
is NOT good. It presents too many a risks for my Server.

Ok. I got that... so since I have Windows 2003 Server I think ... why should
I use those HereSAnotherWINPrefixedProgram applications anyway? So I ran
through the documentation and I became very familiarized with the concept of
NAT. But even though I enabled the "Routing and Remote Access" service,
nothing works. Here's what I did so far:

My workstations have the IPs 192.168.1.11 and 192.168.1.12. I am
192.168.1.9. The workstations have my IP as GATEWAY and DNS 1. The
workstations do not have any proxy specified in I.E.. I have NAT enabled on
the LAN CARD 2 (the one with the modem). In "Routing and Remote Access" MMC
group I got the following settings: I see 3 interfaces, LAN CARD 1, LAN CARD
2, Loopback and Internal.

In the "IP Routing" section I didn't change anything in the "General"
section. I didn't change anything in "Static Routes" and "IGMP" either. In
the NAT/Basic Firewall I did the following modifications (LAN CARD 1 is
already set to PRIVATE and LAN CARD 2 is set to internet [perform NAT + basic
firewall]).
For LAN CARD 2:
- I added (perhaps uselessly) in the ADDRESS POOL section a setting which
specifies the IP adress of the same LAN CARD 2 in both FROM and TO sections
with mask 255.255.255.0. I did this so I somehow force it to go throught that
IP. (I added this only after I saw that my workstations can't see the
internet).
- Here is the mistake maybe: I checked "WEB SERVER" in "Services And Ports"
and I gave it Private Addres = Myself. The address of my server. Didn't work.
I gave it then the address of a workstation on my domain. Didn't work either.
What is this private field anyway??? I gave it the address of the LAN CARD 2
(my public internet address) and still doesn't work. I really don't know what
to do to give internet to my workstations. Nothing seems to work.

Thank you very much already for enduring to read through all these lines. I
would be really gratefull for any advice in this problem... I have ran out of
ideas days ago and I don't have any clue what to do next and why doesn't this
work. I even tried DHCP but no luck. I don't want to use DHCP anyway, it's
not mandatory and I need to specify the IP addresses on my network manually
because I have a small network.

Thanks a lot again and have a nice day/ good night.

Warm Regards, Axonn.

Can clients ping the IP address for google.com - 216.239.39.99? If not,
you have a routing issue. Make sure that LAN CARD 1 does NOT have a default
gateway.

If clients can ping the IP address, you most likely have a DNS issue. If
you have an Active Directory domain, configure Forwarders on the server:
Open the DNS console, right click on the server and select Properties, click
the Forwarders tab and check the box to enable Forwarders. Then add the IP
address of your ISP's DNS server.

If you do not have a domain, I suggest you disable RRAS, then run the wizard
again. Follow this:

http://support.microsoft.com/default...b;en-us;816581

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP

"Axonn" <(E-Mail Removed)> wrote in message
news:B4170627-AFD1-40A3-9395-(E-Mail Removed)...
> Hi everybody : ). I got a very very big problem and I've been fighting
with
> this for the last 4 days with no success. Maybe you'll have patience to
read
> through these lines. I had to write this bunch of text because otherwise I
> couldn't have exposed my problem good enough for all of you to understand.
>
> I am sure there are many of you here who know very good the meaning of NAT
> and how to work with it. I knew nothing about it 'till 5 days ago when I
got
> my Cable Modem on a second LAN card. I want to share my internet
connection
> with 2 workstations.. My 2 workstations are in a switch. I am connected to
> the switch through LAN CARD 1. The modem is in LAN CARD 2.
>
> I tried... 2 versions of WinGate and WinRoute to do this. Nothing worked
> 'till I enabled proxy on the two workstations in their I.E.. They were
able
> to browse HTTP but could not use other ports (for example IRC). Also, I
> understand that this can be done without Proxies and that the proxy
solution
> is NOT good. It presents too many a risks for my Server.
>
> Ok. I got that... so since I have Windows 2003 Server I think ... why
should
> I use those HereSAnotherWINPrefixedProgram applications anyway? So I ran
> through the documentation and I became very familiarized with the concept
of
> NAT. But even though I enabled the "Routing and Remote Access" service,
> nothing works. Here's what I did so far:
>
> My workstations have the IPs 192.168.1.11 and 192.168.1.12. I am
> 192.168.1.9. The workstations have my IP as GATEWAY and DNS 1. The
> workstations do not have any proxy specified in I.E.. I have NAT enabled
on
> the LAN CARD 2 (the one with the modem). In "Routing and Remote Access"
MMC
> group I got the following settings: I see 3 interfaces, LAN CARD 1, LAN
CARD
> 2, Loopback and Internal.
>
> In the "IP Routing" section I didn't change anything in the "General"
> section. I didn't change anything in "Static Routes" and "IGMP" either. In
> the NAT/Basic Firewall I did the following modifications (LAN CARD 1 is
> already set to PRIVATE and LAN CARD 2 is set to internet [perform NAT +
basic
> firewall]).
> For LAN CARD 2:
> - I added (perhaps uselessly) in the ADDRESS POOL section a setting which
> specifies the IP adress of the same LAN CARD 2 in both FROM and TO
sections
> with mask 255.255.255.0. I did this so I somehow force it to go throught
that
> IP. (I added this only after I saw that my workstations can't see the
> internet).
> - Here is the mistake maybe: I checked "WEB SERVER" in "Services And
Ports"
> and I gave it Private Addres = Myself. The address of my server. Didn't
work.
> I gave it then the address of a workstation on my domain. Didn't work
either.
> What is this private field anyway??? I gave it the address of the LAN CARD
2
> (my public internet address) and still doesn't work. I really don't know
what
> to do to give internet to my workstations. Nothing seems to work.
>
> Thank you very much already for enduring to read through all these lines.
I
> would be really gratefull for any advice in this problem... I have ran out
of
> ideas days ago and I don't have any clue what to do next and why doesn't
this
> work. I even tried DHCP but no luck. I don't want to use DHCP anyway, it's
> not mandatory and I need to specify the IP addresses on my network
manually
> because I have a small network.
>
> Thanks a lot again and have a nice day/ good night.
>
> Warm Regards, Axonn.

Hi Doug. First of all, let me thank you for your answer and advice! : ). Yes.
I could ping once that Google address from the workstation. Once. After that,
I tried pinging Yahoo and failed. When I tried to ping again the Google IP
directly I got another failure. I do not have an Active Directory domain and
I cannot have because the server is not always on.

I already ran that Wizard and I already did exactly what the link you gave
me says : ). Except the DHCP. I can't use DHCP because it will mess up all my
network and as I said, the server is not always on. I read all the NAT
documentation and it said something about static routes. Adding a 0.0.0.0
destination with 0.0.0.0 network mask and as a gateway, the gateway provided
by my ISP. I added that Static route but still no internet on the
workstations.

But from what I saw from the wizard, there's nothing much to do. I pretty
much did everything and it should work correctly... however, it doesn't : (.

If you could be so kind as to give me an e-mail address where I could send
you some screenshots of my settings it would be great. That would cover
thousands of words of explanations. You could send a blank e-mail on theaxonn
at hotmail dot com. So far, I think I must give up on Windows 2003 because I
just can't seem to be able to find that little secret spot where I can make
it work : (. And I don't want to use WinRoute either but it seems that I got
not much of a choice.

Thank you again! Have a nice day.

That is very strange behavior. Let's try this:

1. Disable Routing and Remote Access.

2. Configure Internet Connection Sharing - all you have to do is check a
box on the Local Area Connection for LAN CARD 2 - See this:

http://support.microsoft.com/default...b;en-us;324286

3. Reboot the server. Set a client machine to obtain an IP automatically,
and reboot it.

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP

"Axonn" <(E-Mail Removed)> wrote in message
news:8446E662-C26B-4F4E-93F8-(E-Mail Removed)...
> Hi Doug. First of all, let me thank you for your answer and advice! : ).
Yes.
> I could ping once that Google address from the workstation. Once. After
that,
> I tried pinging Yahoo and failed. When I tried to ping again the Google IP
> directly I got another failure. I do not have an Active Directory domain
and
> I cannot have because the server is not always on.
>
> I already ran that Wizard and I already did exactly what the link you gave
> me says : ). Except the DHCP. I can't use DHCP because it will mess up all
my
> network and as I said, the server is not always on. I read all the NAT
> documentation and it said something about static routes. Adding a 0.0.0.0
> destination with 0.0.0.0 network mask and as a gateway, the gateway
provided
> by my ISP. I added that Static route but still no internet on the
> workstations.
>
> But from what I saw from the wizard, there's nothing much to do. I pretty
> much did everything and it should work correctly... however, it doesn't :
(.
>
> If you could be so kind as to give me an e-mail address where I could send
> you some screenshots of my settings it would be great. That would cover
> thousands of words of explanations. You could send a blank e-mail on
theaxonn
> at hotmail dot com. So far, I think I must give up on Windows 2003 because
I
> just can't seem to be able to find that little secret spot where I can
make
> it work : (. And I don't want to use WinRoute either but it seems that I
got
> not much of a choice.
>
> Thank you again! Have a nice day.

Hi Doug... That would work for sure. I don't even need to try it. I used once
a configuration like that and it worked ok. But the fact is that a
configuration like that will mess up all my IP assignment on my local
network. I need my server to retain its IP and all other 25 computers their
current IPs. If I do this, I will isolate the server and the two network
computers from the default 192.168.1 IP class that I use and all local
programs which depend upon using the 192.168.1 class will not work any more.
I wanted to use the Routing and Remote access service, any other option is
not good.

Anyway, I succeeded in using WinRoute for most of the programs, allthough
I`m not entirely happy with this solution. I guess I will buy a new computer
and install Linux on it and that's it. End of story : ). At least if I use
Linux I got the certanty that it will work, because Windows 2003 seems to
rely too much on DHCP and extremely precise IP assignment and static routes
and all that stuff.

Thanks a lot Doug for your help. Have a nice day and good luck : )

"Axonn" <(E-Mail Removed)> wrote in message
news:7C9832D9-9A98-4A1B-A6C4-(E-Mail Removed)...
> Anyway, I succeeded in using WinRoute for most of the programs, allthough
> I`m not entirely happy with this solution. I guess I will buy a new
computer
> and install Linux on it and that's it. End of story : ).
>At least if I use
> Linux I got the certanty that it will work, because

That isn't the case and it certainly isn't easier to do, and much harder to
figure out when it quits.

> Windows 2003 seems to
> rely too much on DHCP and extremely precise IP assignment and static
routes
> and all that stuff.

It doesn't rely on, nor require DHCP at all, and the rest is functionally no
different than Linux.

Compare what you did, or are doing, to this article to see what you did
wrong. If it was done right then it works, it's that simple, otherwise it
wouldn't be working for anybody. The articles are basically the same thing,
they probably did know they had redundant articles on the site. There is no
functional difference between 2000 and 2003.

299801 - HOW TO: Configure a Windows 2000 Server as a Network Address
Translation Server
http://support.microsoft.com/default...;en-us;Q299801

310357 - HOW TO: Configure the NAT Service in Windows 2000
http://support.microsoft.com/default...b;en-us;310357

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com