NAT troubleshooting

I have installed RRAS in very basic configuration but computers on the
private network cannot access the internet. All public/private interfaces are
configured properly. DNS is the only thing which is working fine from the
inside. (I can access the internet from the primary server just fine)

tracert from the private network to any internet address doesn't even show
first hop (it' is supposed to be default gateway) - times out.

How I can troubleshoot the problem and see why ip packets from the private
network don't go outside? Where I can find any useful logs/traces
(firewall, NAT - anything)?

Alex

I would double-check the NAT settings, especially outbound filter. this search result may help,

Troubleshooting Windows NAT issues
Case 1: Both NICs are using the same IP range.....
http://www.chicagotech.net/winissues...hootingnat.htm

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Alex Smirnoff" <(E-Mail Removed)> wrote in message news:993AFAA1-A7A8-4C0B-AE03-(E-Mail Removed)...
I have installed RRAS in very basic configuration but computers on the
private network cannot access the internet. All public/private interfaces are
configured properly. DNS is the only thing which is working fine from the
inside. (I can access the internet from the primary server just fine)

tracert from the private network to any internet address doesn't even show
first hop (it' is supposed to be default gateway) - times out.

How I can troubleshoot the problem and see why ip packets from the private
network don't go outside? Where I can find any useful logs/traces
(firewall, NAT - anything)?

Alex

I saw this guide already and double-checked everything.

>Case 1: Both NICs are using the same IP range
>Case 2: Both NIC are setup as Public interface
>Case 4: The public address is pointing to the ISP router IP instead of the WAN IP address
NICs are configured correctly, one is public with static IP given by ISP,
another private with IP of 10.0.0.16.

>Case 3: TCP/UDP port translation points to a wrong private IP address
>Case 6: Network address translation addressing is not enabled on the private interface
Not clear where to check these. Both network cards are under NAT/Basic
Firewall node. I recently switched to DHCP from static address pool, computer
inside the private network gets everything automatically.

DNS works fine. All outbound traffic is enabled in the firewall.

Are there any tools I can use, like packet sniffers/tracers? I just dont
believe it is so hard to figure out the source of the problem.

Alex

"Robert L [MS-MVP]" wrote:

> I would double-check the NAT settings, especially outbound filter. this search result may help,
>
> Troubleshooting Windows NAT issues
> Case 1: Both NICs are using the same IP range.....
> http://www.chicagotech.net/winissues...hootingnat.htm
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
> "Alex Smirnoff" <(E-Mail Removed)> wrote in message news:993AFAA1-A7A8-4C0B-AE03-(E-Mail Removed)...
> I have installed RRAS in very basic configuration but computers on the
> private network cannot access the internet. All public/private interfaces are
> configured properly. DNS is the only thing which is working fine from the
> inside. (I can access the internet from the primary server just fine)
>
> tracert from the private network to any internet address doesn't even show
> first hop (it' is supposed to be default gateway) - times out.
>
> How I can troubleshoot the problem and see why ip packets from the private
> network don't go outside? Where I can find any useful logs/traces
> (firewall, NAT - anything)?
>
> Alex
>

Hello,

Please post your ipconfig /all here please so we can have a look at that for
starters.

Cheers


"Alex Smirnoff" <(E-Mail Removed)> wrote in message
news:993AFAA1-A7A8-4C0B-AE03-(E-Mail Removed)...
>I have installed RRAS in very basic configuration but computers on the
> private network cannot access the internet. All public/private interfaces
> are
> configured properly. DNS is the only thing which is working fine from the
> inside. (I can access the internet from the primary server just fine)
>
> tracert from the private network to any internet address doesn't even show
> first hop (it' is supposed to be default gateway) - times out.
>
> How I can troubleshoot the problem and see why ip packets from the private
> network don't go outside? Where I can find any useful logs/traces
> (firewall, NAT - anything)?
>
> Alex
>

All setup has been done according to the documentation/FAQ. I can access the
internet from the main server, I can also ping private machine IP (and back).
DNS works. According to windump, packets arrive at the local interface but
nothing goes outside. NAT creates port mapping for the outgoing connection (I
can see it in the public network interface properties when I try to access a
web site from the internal network)

Nothing special about the config:

Main machine:

Windows IP Configuration
Host Name . . . . . . . . . . . . : myhost
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #2
Physical Address. . . . . . . . . : 00-30-48-56-xx-xx

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-30-48-56-xx-xx

Ethernet adapter External.Jack1:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port Server
Adapter
Physical Address. . . . . . . . . : 00-04-23-CE-xx-xx
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : Static external ip
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : ISP gateway
DNS Servers . . . . . . . . . . . : ISP DNS


Ethernet adapter Internal.Jack2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port Server
Adapter #2
Physical Address. . . . . . . . . : 00-04-23-CE-xx-xx
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.16
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : ISP DNS

Local computer:

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : mshome.net
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-0C-29-6E-xx-xx
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.0.2.10
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . : 10.0.0.16
DHCP Server . . . . . . . . . . . : 10.0.0.16
DNS Servers . . . . . . . . . . . : 10.0.0.16
Lease Obtained. . . . . . . . . . : Wednesday, August 16, 2006 2:12:58 AM
Lease Expires . . . . . . . . . . : Wednesday, August 23, 2006 2:12:58 AM

"(E-Mail Removed)" wrote:

> Hello,
>
> Please post your ipconfig /all here please so we can have a look at that for
> starters.
>
> Cheers
>
>
> "Alex Smirnoff" <(E-Mail Removed)> wrote in message
> news:993AFAA1-A7A8-4C0B-AE03-(E-Mail Removed)...
> >I have installed RRAS in very basic configuration but computers on the
> > private network cannot access the internet. All public/private interfaces
> > are
> > configured properly. DNS is the only thing which is working fine from the
> > inside. (I can access the internet from the primary server just fine)
> >
> > tracert from the private network to any internet address doesn't even show
> > first hop (it' is supposed to be default gateway) - times out.
> >
> > How I can troubleshoot the problem and see why ip packets from the private
> > network don't go outside? Where I can find any useful logs/traces
> > (firewall, NAT - anything)?
> >
> > Alex
> >
>
>
>

Hello,

I see you have to internal NIC's on the RRAS sever. Just as a test try to
levae the gateway on that NIC with IP x.x.x.20 blank or even better disable
it. You don't really Need that NIC for NAT to work.

Cheers
"Alex Smirnoff" <(E-Mail Removed)> wrote in message
news:BF8507F9-BAF4-4EE1-8D5E-(E-Mail Removed)...
> All setup has been done according to the documentation/FAQ. I can access
> the
> internet from the main server, I can also ping private machine IP (and
> back).
> DNS works. According to windump, packets arrive at the local interface but
> nothing goes outside. NAT creates port mapping for the outgoing connection
> (I
> can see it in the public network interface properties when I try to access
> a
> web site from the internal network)
>
> Nothing special about the config:
>
> Main machine:
>
> Windows IP Configuration
> Host Name . . . . . . . . . . . . : myhost
> Primary Dns Suffix . . . . . . . :
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : Yes
> WINS Proxy Enabled. . . . . . . . : No
>
> Ethernet adapter Local Area Connection 2:
>
> Media State . . . . . . . . . . . : Media disconnected
> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
> #2
> Physical Address. . . . . . . . . : 00-30-48-56-xx-xx
>
> Ethernet adapter Local Area Connection:
>
> Media State . . . . . . . . . . . : Media disconnected
> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
> Physical Address. . . . . . . . . : 00-30-48-56-xx-xx
>
> Ethernet adapter External.Jack1:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
> Server
> Adapter
> Physical Address. . . . . . . . . : 00-04-23-CE-xx-xx
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : Static external ip
> Subnet Mask . . . . . . . . . . . : 255.255.254.0
> Default Gateway . . . . . . . . . : ISP gateway
> DNS Servers . . . . . . . . . . . : ISP DNS
>
>
> Ethernet adapter Internal.Jack2:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
> Server
> Adapter #2
> Physical Address. . . . . . . . . : 00-04-23-CE-xx-xx
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 10.0.0.16
> Subnet Mask . . . . . . . . . . . : 255.0.0.0
> Default Gateway . . . . . . . . . :
> DNS Servers . . . . . . . . . . . : ISP DNS
>
> Local computer:
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . : mshome.net
> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
> Connection
> Physical Address. . . . . . . . . : 00-0C-29-6E-xx-xx
> DHCP Enabled. . . . . . . . . . . : Yes
> Autoconfiguration Enabled . . . . : Yes
> IP Address. . . . . . . . . . . . : 10.0.2.10
> Subnet Mask . . . . . . . . . . . : 255.0.0.0
> Default Gateway . . . . . . . . . : 10.0.0.16
> DHCP Server . . . . . . . . . . . : 10.0.0.16
> DNS Servers . . . . . . . . . . . : 10.0.0.16
> Lease Obtained. . . . . . . . . . : Wednesday, August 16, 2006 2:12:58
> AM
> Lease Expires . . . . . . . . . . : Wednesday, August 23, 2006 2:12:58
> AM
>
> "(E-Mail Removed)" wrote:
>
>> Hello,
>>
>> Please post your ipconfig /all here please so we can have a look at that
>> for
>> starters.
>>
>> Cheers
>>
>>
>> "Alex Smirnoff" <(E-Mail Removed)> wrote in message
>> news:993AFAA1-A7A8-4C0B-AE03-(E-Mail Removed)...
>> >I have installed RRAS in very basic configuration but computers on the
>> > private network cannot access the internet. All public/private
>> > interfaces
>> > are
>> > configured properly. DNS is the only thing which is working fine from
>> > the
>> > inside. (I can access the internet from the primary server just fine)
>> >
>> > tracert from the private network to any internet address doesn't even
>> > show
>> > first hop (it' is supposed to be default gateway) - times out.
>> >
>> > How I can troubleshoot the problem and see why ip packets from the
>> > private
>> > network don't go outside? Where I can find any useful logs/traces
>> > (firewall, NAT - anything)?
>> >
>> > Alex
>> >
>>
>>
>>

Using Netsh command to check the NAT or post the result here.

Using Netsh command to troubleshoot NAT issues
http://www.chicagotech.net/tools/netsh1.htm

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Alex Smirnoff" <(E-Mail Removed)> wrote in message news:6C10235B-5F32-4F67-9A80-(E-Mail Removed)...
I saw this guide already and double-checked everything.

>Case 1: Both NICs are using the same IP range
>Case 2: Both NIC are setup as Public interface
>Case 4: The public address is pointing to the ISP router IP instead of the WAN IP address
NICs are configured correctly, one is public with static IP given by ISP,
another private with IP of 10.0.0.16.

>Case 3: TCP/UDP port translation points to a wrong private IP address
>Case 6: Network address translation addressing is not enabled on the private interface
Not clear where to check these. Both network cards are under NAT/Basic
Firewall node. I recently switched to DHCP from static address pool, computer
inside the private network gets everything automatically.

DNS works fine. All outbound traffic is enabled in the firewall.

Are there any tools I can use, like packet sniffers/tracers? I just dont
believe it is so hard to figure out the source of the problem.

Alex

"Robert L [MS-MVP]" wrote:

> I would double-check the NAT settings, especially outbound filter. this search result may help,
>
> Troubleshooting Windows NAT issues
> Case 1: Both NICs are using the same IP range.....
> http://www.chicagotech.net/winissues...hootingnat.htm
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
> "Alex Smirnoff" <(E-Mail Removed)> wrote in message news:993AFAA1-A7A8-4C0B-AE03-(E-Mail Removed)...
> I have installed RRAS in very basic configuration but computers on the
> private network cannot access the internet. All public/private interfaces are
> configured properly. DNS is the only thing which is working fine from the
> inside. (I can access the internet from the primary server just fine)
>
> tracert from the private network to any internet address doesn't even show
> first hop (it' is supposed to be default gateway) - times out.
>
> How I can troubleshoot the problem and see why ip packets from the private
> network don't go outside? Where I can find any useful logs/traces
> (firewall, NAT - anything)?
>
> Alex
>

I dont follow...which interface are you talking about? Private interface does
not have gateway set, public does - but it needs it.

Another observation: NAT creates port mappings for the client - I can see
them in the "Show mappings" dialog. But packets do not go outside (even with
firewall disabled). Really strange...

"(E-Mail Removed)" wrote:

> Hello,
>
> I see you have to internal NIC's on the RRAS sever. Just as a test try to
> levae the gateway on that NIC with IP x.x.x.20 blank or even better disable
> it. You don't really Need that NIC for NAT to work.
>
> Cheers
> "Alex Smirnoff" <(E-Mail Removed)> wrote in message
> news:BF8507F9-BAF4-4EE1-8D5E-(E-Mail Removed)...
> > All setup has been done according to the documentation/FAQ. I can access
> > the
> > internet from the main server, I can also ping private machine IP (and
> > back).
> > DNS works. According to windump, packets arrive at the local interface but
> > nothing goes outside. NAT creates port mapping for the outgoing connection
> > (I
> > can see it in the public network interface properties when I try to access
> > a
> > web site from the internal network)
> >
> > Nothing special about the config:
> >
> > Main machine:
> >
> > Windows IP Configuration
> > Host Name . . . . . . . . . . . . : myhost
> > Primary Dns Suffix . . . . . . . :
> > Node Type . . . . . . . . . . . . : Unknown
> > IP Routing Enabled. . . . . . . . : Yes
> > WINS Proxy Enabled. . . . . . . . : No
> >
> > Ethernet adapter Local Area Connection 2:
> >
> > Media State . . . . . . . . . . . : Media disconnected
> > Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
> > #2
> > Physical Address. . . . . . . . . : 00-30-48-56-xx-xx
> >
> > Ethernet adapter Local Area Connection:
> >
> > Media State . . . . . . . . . . . : Media disconnected
> > Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
> > Physical Address. . . . . . . . . : 00-30-48-56-xx-xx
> >
> > Ethernet adapter External.Jack1:
> >
> > Connection-specific DNS Suffix . :
> > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
> > Server
> > Adapter
> > Physical Address. . . . . . . . . : 00-04-23-CE-xx-xx
> > DHCP Enabled. . . . . . . . . . . : No
> > IP Address. . . . . . . . . . . . : Static external ip
> > Subnet Mask . . . . . . . . . . . : 255.255.254.0
> > Default Gateway . . . . . . . . . : ISP gateway
> > DNS Servers . . . . . . . . . . . : ISP DNS
> >
> >
> > Ethernet adapter Internal.Jack2:
> >
> > Connection-specific DNS Suffix . :
> > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
> > Server
> > Adapter #2
> > Physical Address. . . . . . . . . : 00-04-23-CE-xx-xx
> > DHCP Enabled. . . . . . . . . . . : No
> > IP Address. . . . . . . . . . . . : 10.0.0.16
> > Subnet Mask . . . . . . . . . . . : 255.0.0.0
> > Default Gateway . . . . . . . . . :
> > DNS Servers . . . . . . . . . . . : ISP DNS
> >
> > Local computer:
> >
> > Ethernet adapter Local Area Connection:
> >
> > Connection-specific DNS Suffix . : mshome.net
> > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
> > Connection
> > Physical Address. . . . . . . . . : 00-0C-29-6E-xx-xx
> > DHCP Enabled. . . . . . . . . . . : Yes
> > Autoconfiguration Enabled . . . . : Yes
> > IP Address. . . . . . . . . . . . : 10.0.2.10
> > Subnet Mask . . . . . . . . . . . : 255.0.0.0
> > Default Gateway . . . . . . . . . : 10.0.0.16
> > DHCP Server . . . . . . . . . . . : 10.0.0.16
> > DNS Servers . . . . . . . . . . . : 10.0.0.16
> > Lease Obtained. . . . . . . . . . : Wednesday, August 16, 2006 2:12:58
> > AM
> > Lease Expires . . . . . . . . . . : Wednesday, August 23, 2006 2:12:58
> > AM
> >
> > "(E-Mail Removed)" wrote:
> >
> >> Hello,
> >>
> >> Please post your ipconfig /all here please so we can have a look at that
> >> for
> >> starters.
> >>
> >> Cheers
> >>
> >>
> >> "Alex Smirnoff" <(E-Mail Removed)> wrote in message
> >> news:993AFAA1-A7A8-4C0B-AE03-(E-Mail Removed)...
> >> >I have installed RRAS in very basic configuration but computers on the
> >> > private network cannot access the internet. All public/private
> >> > interfaces
> >> > are
> >> > configured properly. DNS is the only thing which is working fine from
> >> > the
> >> > inside. (I can access the internet from the primary server just fine)
> >> >
> >> > tracert from the private network to any internet address doesn't even
> >> > show
> >> > first hop (it' is supposed to be default gateway) - times out.
> >> >
> >> > How I can troubleshoot the problem and see why ip packets from the
> >> > private
> >> > network don't go outside? Where I can find any useful logs/traces
> >> > (firewall, NAT - anything)?
> >> >
> >> > Alex
> >> >
> >>
> >>
> >>
>
>
>

I see now that I misread the ipconfig post, the other NIC belongs to a
different machine .. sorry for the confusion ...

What I would do when I look at the IPCONFIG is set the DNS for the internal
NIC and external NIC to internal DNS Server that uses forwarding or root
hints, unless you don't have an internal DNS server ... IS this a pure RRAS
Server of a DC/DNS/RASS with NAT setup?

Cheers

"Alex Smirnoff" <(E-Mail Removed)> wrote in message
news:8DD62E88-F1A0-40B1-AC71-(E-Mail Removed)...
>I dont follow...which interface are you talking about? Private interface
>does
> not have gateway set, public does - but it needs it.
>
> Another observation: NAT creates port mappings for the client - I can see
> them in the "Show mappings" dialog. But packets do not go outside (even
> with
> firewall disabled). Really strange...
>
> "(E-Mail Removed)" wrote:
>
>> Hello,
>>
>> I see you have to internal NIC's on the RRAS sever. Just as a test try to
>> levae the gateway on that NIC with IP x.x.x.20 blank or even better
>> disable
>> it. You don't really Need that NIC for NAT to work.
>>
>> Cheers
>> "Alex Smirnoff" <(E-Mail Removed)> wrote in message
>> news:BF8507F9-BAF4-4EE1-8D5E-(E-Mail Removed)...
>> > All setup has been done according to the documentation/FAQ. I can
>> > access
>> > the
>> > internet from the main server, I can also ping private machine IP (and
>> > back).
>> > DNS works. According to windump, packets arrive at the local interface
>> > but
>> > nothing goes outside. NAT creates port mapping for the outgoing
>> > connection
>> > (I
>> > can see it in the public network interface properties when I try to
>> > access
>> > a
>> > web site from the internal network)
>> >
>> > Nothing special about the config:
>> >
>> > Main machine:
>> >
>> > Windows IP Configuration
>> > Host Name . . . . . . . . . . . . : myhost
>> > Primary Dns Suffix . . . . . . . :
>> > Node Type . . . . . . . . . . . . : Unknown
>> > IP Routing Enabled. . . . . . . . : Yes
>> > WINS Proxy Enabled. . . . . . . . : No
>> >
>> > Ethernet adapter Local Area Connection 2:
>> >
>> > Media State . . . . . . . . . . . : Media disconnected
>> > Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
>> > Ethernet
>> > #2
>> > Physical Address. . . . . . . . . : 00-30-48-56-xx-xx
>> >
>> > Ethernet adapter Local Area Connection:
>> >
>> > Media State . . . . . . . . . . . : Media disconnected
>> > Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
>> > Ethernet
>> > Physical Address. . . . . . . . . : 00-30-48-56-xx-xx
>> >
>> > Ethernet adapter External.Jack1:
>> >
>> > Connection-specific DNS Suffix . :
>> > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
>> > Server
>> > Adapter
>> > Physical Address. . . . . . . . . : 00-04-23-CE-xx-xx
>> > DHCP Enabled. . . . . . . . . . . : No
>> > IP Address. . . . . . . . . . . . : Static external ip
>> > Subnet Mask . . . . . . . . . . . : 255.255.254.0
>> > Default Gateway . . . . . . . . . : ISP gateway
>> > DNS Servers . . . . . . . . . . . : ISP DNS
>> >
>> >
>> > Ethernet adapter Internal.Jack2:
>> >
>> > Connection-specific DNS Suffix . :
>> > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
>> > Server
>> > Adapter #2
>> > Physical Address. . . . . . . . . : 00-04-23-CE-xx-xx
>> > DHCP Enabled. . . . . . . . . . . : No
>> > IP Address. . . . . . . . . . . . : 10.0.0.16
>> > Subnet Mask . . . . . . . . . . . : 255.0.0.0
>> > Default Gateway . . . . . . . . . :
>> > DNS Servers . . . . . . . . . . . : ISP DNS
>> >
>> > Local computer:
>> >
>> > Ethernet adapter Local Area Connection:
>> >
>> > Connection-specific DNS Suffix . : mshome.net
>> > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
>> > Connection
>> > Physical Address. . . . . . . . . : 00-0C-29-6E-xx-xx
>> > DHCP Enabled. . . . . . . . . . . : Yes
>> > Autoconfiguration Enabled . . . . : Yes
>> > IP Address. . . . . . . . . . . . : 10.0.2.10
>> > Subnet Mask . . . . . . . . . . . : 255.0.0.0
>> > Default Gateway . . . . . . . . . : 10.0.0.16
>> > DHCP Server . . . . . . . . . . . : 10.0.0.16
>> > DNS Servers . . . . . . . . . . . : 10.0.0.16
>> > Lease Obtained. . . . . . . . . . : Wednesday, August 16, 2006
>> > 2:12:58
>> > AM
>> > Lease Expires . . . . . . . . . . : Wednesday, August 23, 2006
>> > 2:12:58
>> > AM
>> >
>> > "(E-Mail Removed)" wrote:
>> >
>> >> Hello,
>> >>
>> >> Please post your ipconfig /all here please so we can have a look at
>> >> that
>> >> for
>> >> starters.
>> >>
>> >> Cheers
>> >>
>> >>
>> >> "Alex Smirnoff" <(E-Mail Removed)> wrote in
>> >> message
>> >> news:993AFAA1-A7A8-4C0B-AE03-(E-Mail Removed)...
>> >> >I have installed RRAS in very basic configuration but computers on
>> >> >the
>> >> > private network cannot access the internet. All public/private
>> >> > interfaces
>> >> > are
>> >> > configured properly. DNS is the only thing which is working fine
>> >> > from
>> >> > the
>> >> > inside. (I can access the internet from the primary server just
>> >> > fine)
>> >> >
>> >> > tracert from the private network to any internet address doesn't
>> >> > even
>> >> > show
>> >> > first hop (it' is supposed to be default gateway) - times out.
>> >> >
>> >> > How I can troubleshoot the problem and see why ip packets from the
>> >> > private
>> >> > network don't go outside? Where I can find any useful logs/traces
>> >> > (firewall, NAT - anything)?
>> >> >
>> >> > Alex
>> >> >
>> >>
>> >>
>> >>
>>
>>
>>

This is pure RRAS, no DNS server. As I mentioned before, DNS is the only
thing which works fine.

"(E-Mail Removed)" wrote:

> I see now that I misread the ipconfig post, the other NIC belongs to a
> different machine .. sorry for the confusion ...
>
> What I would do when I look at the IPCONFIG is set the DNS for the internal
> NIC and external NIC to internal DNS Server that uses forwarding or root
> hints, unless you don't have an internal DNS server ... IS this a pure RRAS
> Server of a DC/DNS/RASS with NAT setup?
>
> Cheers
>
> "Alex Smirnoff" <(E-Mail Removed)> wrote in message
> news:8DD62E88-F1A0-40B1-AC71-(E-Mail Removed)...
> >I dont follow...which interface are you talking about? Private interface
> >does
> > not have gateway set, public does - but it needs it.
> >
> > Another observation: NAT creates port mappings for the client - I can see
> > them in the "Show mappings" dialog. But packets do not go outside (even
> > with
> > firewall disabled). Really strange...
> >
> > "(E-Mail Removed)" wrote:
> >
> >> Hello,
> >>
> >> I see you have to internal NIC's on the RRAS sever. Just as a test try to
> >> levae the gateway on that NIC with IP x.x.x.20 blank or even better
> >> disable
> >> it. You don't really Need that NIC for NAT to work.
> >>
> >> Cheers
> >> "Alex Smirnoff" <(E-Mail Removed)> wrote in message
> >> news:BF8507F9-BAF4-4EE1-8D5E-(E-Mail Removed)...
> >> > All setup has been done according to the documentation/FAQ. I can
> >> > access
> >> > the
> >> > internet from the main server, I can also ping private machine IP (and
> >> > back).
> >> > DNS works. According to windump, packets arrive at the local interface
> >> > but
> >> > nothing goes outside. NAT creates port mapping for the outgoing
> >> > connection
> >> > (I
> >> > can see it in the public network interface properties when I try to
> >> > access
> >> > a
> >> > web site from the internal network)
> >> >
> >> > Nothing special about the config:
> >> >
> >> > Main machine:
> >> >
> >> > Windows IP Configuration
> >> > Host Name . . . . . . . . . . . . : myhost
> >> > Primary Dns Suffix . . . . . . . :
> >> > Node Type . . . . . . . . . . . . : Unknown
> >> > IP Routing Enabled. . . . . . . . : Yes
> >> > WINS Proxy Enabled. . . . . . . . : No
> >> >
> >> > Ethernet adapter Local Area Connection 2:
> >> >
> >> > Media State . . . . . . . . . . . : Media disconnected
> >> > Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
> >> > Ethernet
> >> > #2
> >> > Physical Address. . . . . . . . . : 00-30-48-56-xx-xx
> >> >
> >> > Ethernet adapter Local Area Connection:
> >> >
> >> > Media State . . . . . . . . . . . : Media disconnected
> >> > Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
> >> > Ethernet
> >> > Physical Address. . . . . . . . . : 00-30-48-56-xx-xx
> >> >
> >> > Ethernet adapter External.Jack1:
> >> >
> >> > Connection-specific DNS Suffix . :
> >> > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
> >> > Server
> >> > Adapter
> >> > Physical Address. . . . . . . . . : 00-04-23-CE-xx-xx
> >> > DHCP Enabled. . . . . . . . . . . : No
> >> > IP Address. . . . . . . . . . . . : Static external ip
> >> > Subnet Mask . . . . . . . . . . . : 255.255.254.0
> >> > Default Gateway . . . . . . . . . : ISP gateway
> >> > DNS Servers . . . . . . . . . . . : ISP DNS
> >> >
> >> >
> >> > Ethernet adapter Internal.Jack2:
> >> >
> >> > Connection-specific DNS Suffix . :
> >> > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
> >> > Server
> >> > Adapter #2
> >> > Physical Address. . . . . . . . . : 00-04-23-CE-xx-xx
> >> > DHCP Enabled. . . . . . . . . . . : No
> >> > IP Address. . . . . . . . . . . . : 10.0.0.16
> >> > Subnet Mask . . . . . . . . . . . : 255.0.0.0
> >> > Default Gateway . . . . . . . . . :
> >> > DNS Servers . . . . . . . . . . . : ISP DNS
> >> >
> >> > Local computer:
> >> >
> >> > Ethernet adapter Local Area Connection:
> >> >
> >> > Connection-specific DNS Suffix . : mshome.net
> >> > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
> >> > Connection
> >> > Physical Address. . . . . . . . . : 00-0C-29-6E-xx-xx
> >> > DHCP Enabled. . . . . . . . . . . : Yes
> >> > Autoconfiguration Enabled . . . . : Yes
> >> > IP Address. . . . . . . . . . . . : 10.0.2.10
> >> > Subnet Mask . . . . . . . . . . . : 255.0.0.0
> >> > Default Gateway . . . . . . . . . : 10.0.0.16
> >> > DHCP Server . . . . . . . . . . . : 10.0.0.16
> >> > DNS Servers . . . . . . . . . . . : 10.0.0.16
> >> > Lease Obtained. . . . . . . . . . : Wednesday, August 16, 2006
> >> > 2:12:58
> >> > AM
> >> > Lease Expires . . . . . . . . . . : Wednesday, August 23, 2006
> >> > 2:12:58
> >> > AM
> >> >
> >> > "(E-Mail Removed)" wrote:
> >> >
> >> >> Hello,
> >> >>
> >> >> Please post your ipconfig /all here please so we can have a look at
> >> >> that
> >> >> for
> >> >> starters.
> >> >>
> >> >> Cheers
> >> >>
> >> >>
> >> >> "Alex Smirnoff" <(E-Mail Removed)> wrote in
> >> >> message
> >> >> news:993AFAA1-A7A8-4C0B-AE03-(E-Mail Removed)...
> >> >> >I have installed RRAS in very basic configuration but computers on
> >> >> >the
> >> >> > private network cannot access the internet. All public/private
> >> >> > interfaces
> >> >> > are
> >> >> > configured properly. DNS is the only thing which is working fine
> >> >> > from
> >> >> > the
> >> >> > inside. (I can access the internet from the primary server just
> >> >> > fine)
> >> >> >
> >> >> > tracert from the private network to any internet address doesn't
> >> >> > even
> >> >> > show
> >> >> > first hop (it' is supposed to be default gateway) - times out.
> >> >> >
> >> >> > How I can troubleshoot the problem and see why ip packets from the
> >> >> > private
> >> >> > network don't go outside? Where I can find any useful logs/traces
> >> >> > (firewall, NAT - anything)?
> >> >> >
> >> >> > Alex
> >> >> >
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>