NAT and RDP ?

Hi ,
I read your replies,very clear and elaborative but still i have a scenario
and want to confirm whether this will work.Let me explain the scenario.
I have two Desktop clients(winxp) connected in a private network . I also
have windows server(win 2000) which has two nic cards.So now i have connected
the private network in one nic card and a public network in another nic
card.I also apply a NAT in the Windows 2000 Server.
Now if i access internet based application of the Win2000 Server using the
terminal service from my desktop client.whether will this desktop client
(private ip) will be NAT -ted and get a public ip address.This question
arised because all my NAT will happen in the Network Layer of the OSI
Layer-TCP/ip Layer Stack. and my RDP will happen in the application
layer.Please give me suggestions .. because i am looking for a solution that
can uniquely identify my desktop client that has accessed the internet
through the NAT Server.So that I can measure the traffic ,Qos of the Desktop
Client.
Will NAT work for Clients that are connecting through RDP protocol(Remote
Desktop Protocol)

If you connect to the Internet from your NAT client (from a browser or
from an application), it does not get a private address. All traffic to or
from the client uses the local LAN and the machines's private IP address.
NAT intercepts the traffic addressed to a public IP. It records in its
translation table which client sent the request, then sends the request to
the Internet using its own public IP. When it receives a reply it checks the
table to find which client sent the request and forwards the reply on the
LAN.

If you make an RDP or TS connection to the server from a client, this
doesn't happen. The application is running on the server itself, not on the
client. (The client is only receiving KVM traffic across the LAN). The
server accesses the Internet directly using its own IP address and the reply
goes tothe application running on the server.

"kris" <(E-Mail Removed)> wrote in message
news:4237C800-CB19-4F6F-A281-(E-Mail Removed)...
> Hi ,
> I read your replies,very clear and elaborative but still i have a scenario
> and want to confirm whether this will work.Let me explain the scenario.
> I have two Desktop clients(winxp) connected in a private network . I also
> have windows server(win 2000) which has two nic cards.So now i have
> connected
> the private network in one nic card and a public network in another nic
> card.I also apply a NAT in the Windows 2000 Server.
> Now if i access internet based application of the Win2000 Server using the
> terminal service from my desktop client.whether will this desktop client
> (private ip) will be NAT -ted and get a public ip address.This question
> arised because all my NAT will happen in the Network Layer of the OSI
> Layer-TCP/ip Layer Stack. and my RDP will happen in the application
> layer.Please give me suggestions .. because i am looking for a solution
> that
> can uniquely identify my desktop client that has accessed the internet
> through the NAT Server.So that I can measure the traffic ,Qos of the
> Desktop
> Client.
> Will NAT work for Clients that are connecting through RDP protocol(Remote
> Desktop Protocol)

But When i establish or try to connect the NAT Server through RDP,will the
Private address that I am using will get NAT-ted. ???

If not why ? because RDP is in the application layer and NAT in the Network
layer so why not it cannot NAT the private address that is requesting the RDP
Session.?

And thanks for your previous reply... Eagerly waiting for your reply.


"Bill Grant" wrote:

> If you connect to the Internet from your NAT client (from a browser or
> from an application), it does not get a private address. All traffic to or
> from the client uses the local LAN and the machines's private IP address.
> NAT intercepts the traffic addressed to a public IP. It records in its
> translation table which client sent the request, then sends the request to
> the Internet using its own public IP. When it receives a reply it checks the
> table to find which client sent the request and forwards the reply on the
> LAN.
>
> If you make an RDP or TS connection to the server from a client, this
> doesn't happen. The application is running on the server itself, not on the
> client. (The client is only receiving KVM traffic across the LAN). The
> server accesses the Internet directly using its own IP address and the reply
> goes tothe application running on the server.
>
> "kris" <(E-Mail Removed)> wrote in message
> news:4237C800-CB19-4F6F-A281-(E-Mail Removed)...
> > Hi ,
> > I read your replies,very clear and elaborative but still i have a scenario
> > and want to confirm whether this will work.Let me explain the scenario.
> > I have two Desktop clients(winxp) connected in a private network . I also
> > have windows server(win 2000) which has two nic cards.So now i have
> > connected
> > the private network in one nic card and a public network in another nic
> > card.I also apply a NAT in the Windows 2000 Server.
> > Now if i access internet based application of the Win2000 Server using the
> > terminal service from my desktop client.whether will this desktop client
> > (private ip) will be NAT -ted and get a public ip address.This question
> > arised because all my NAT will happen in the Network Layer of the OSI
> > Layer-TCP/ip Layer Stack. and my RDP will happen in the application
> > layer.Please give me suggestions .. because i am looking for a solution
> > that
> > can uniquely identify my desktop client that has accessed the internet
> > through the NAT Server.So that I can measure the traffic ,Qos of the
> > Desktop
> > Client.
> > Will NAT work for Clients that are connecting through RDP protocol(Remote
> > Desktop Protocol)
>
>
>

I am not sure that I follow you. Where is the server you are trying to
connect to? If you are trying to connect by RDP from a workstation on the
private LAN to the W2k server which is running NAT , public IP addresses do
not come into it. You connect to the server's private IP.

If you are trying to connect by name and that name is resolving to the
server's public IP, you need to modify your local DNS to point to the
private IP..

Sorry if i was not clear.Let me explain the scene.
I have two desktop clients with the addresses -124.x.x.130 and 124.x.x.154 .
I also have a windows 2000 server with two nic cards ,One is configured to
have 124.x.x.129 and other one to have a 210.210.x.x

And the one nic card in the win2000 server that is configured with
124.x.x.129 is not mapped to any gateway.the gateway is left blank.
And the other nic card with 210.210.x.x is configured with proper gateway
(210.210.x.x) . And I also followed the URL
http://support.microsoft.com/kb/299801
for NAT in the win2000.


Now if i request the RDP session from the two address(124.x.x.130) to
124.x.x.129 I get connected to that Win2000 Server and able to browse but if
i examine the output traffic ,I find all the request to be of single ip that
is the 210.210.x.x. Will the client ip be NAt-ted when i request the RDP
Session since i have configured the NAT.Or Is there any way to assign Public
ip address for each of the client that is access the win2000 server through
RDP .Sorry If i am not clear this time also.Please reply me so that i can
eloborate more on this.


Thanks for your valuable reply.










"Bill Grant" wrote:

> I am not sure that I follow you. Where is the server you are trying to
> connect to? If you are trying to connect by RDP from a workstation on the
> private LAN to the W2k server which is running NAT , public IP addresses do
> not come into it. You connect to the server's private IP.
>
> If you are trying to connect by name and that name is resolving to the
> server's public IP, you need to modify your local DNS to point to the
> private IP..
>
>
>

Kris, let me put some of this to rest,...you cannot make a "u-turn" through a
NAT device from a Client on the private side of the LAN. The way NAT functions
will not allow it,...the NAT editor creates a situation where both the source
and the destination MAC address are the same address, causing it to have sort of
an identity crisis, shoots itself and fails.

A host on the private LAN will access the resource by the private inward facing
ip# of the Server. External users on the Internet access the Resource via the
Public IP# which is NATed back the the Private IP#.

If the Resource is bound only to the Public IP# of the Server (like IIS can do
with websites) then there is no NAT happening to begin with concerning that
particualr Resource and users, no matter where they are from access via the same
IP#.

Hope that helps clear some things up. I do have a referrence for the NAT
situation involving the mac address but it is tedious to read.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------

"kris" <(E-Mail Removed)> wrote in message
news:49ED058C-AFA8-49F6-87EA-(E-Mail Removed)...
> Sorry if i was not clear.Let me explain the scene.
> I have two desktop clients with the addresses -124.x.x.130 and 124.x.x.154 .
> I also have a windows 2000 server with two nic cards ,One is configured to
> have 124.x.x.129 and other one to have a 210.210.x.x
>
> And the one nic card in the win2000 server that is configured with
> 124.x.x.129 is not mapped to any gateway.the gateway is left blank.
> And the other nic card with 210.210.x.x is configured with proper gateway
> (210.210.x.x) . And I also followed the URL
> http://support.microsoft.com/kb/299801
> for NAT in the win2000.
>
>
> Now if i request the RDP session from the two address(124.x.x.130) to
> 124.x.x.129 I get connected to that Win2000 Server and able to browse but if
> i examine the output traffic ,I find all the request to be of single ip that
> is the 210.210.x.x. Will the client ip be NAt-ted when i request the RDP
> Session since i have configured the NAT.Or Is there any way to assign Public
> ip address for each of the client that is access the win2000 server through
> RDP .Sorry If i am not clear this time also.Please reply me so that i can
> eloborate more on this.
>
>
> Thanks for your valuable reply.
>
>
>
>
>
>
>
>
>
>
> "Bill Grant" wrote:
>
>> I am not sure that I follow you. Where is the server you are trying to
>> connect to? If you are trying to connect by RDP from a workstation on the
>> private LAN to the W2k server which is running NAT , public IP addresses do
>> not come into it. You connect to the server's private IP.
>>
>> If you are trying to connect by name and that name is resolving to the
>> server's public IP, you need to modify your local DNS to point to the
>> private IP..
>>
>>
>>