RRAS and NAT

Hello,

I configured NAT in RRAS and I cannot get the client PC's to browse the
internet. I configured RRAS/NAT to use DHCP and DNS. The clients get IP
addreses and I can ping them from the server. I can also ping the server from
the clients but the clients cannot browse the internet. I cannot ping any
sites externally nor can I ping an external IP address from the clients.

Everything seems to be configured correctly but I know I am missing
something..possibly a policy setting?

Thanks for any insight.
John

John,

This should be the case:
Under NAT:
- Within the properties of your WAN connection should be the
radiobutton internet facing selected, and the two checkmarks enabled
(please enable the basic firewall if you don't use firewallsoftware)
- Within the properties of your LAN connection should be the
radiobutton Private Lan selected

Within the properties of your connections:
The WAN-connection should have a gateway, and the LAN connection not.
If you have multiple subnets within your LAN, you must fill out static
routes within RRAS.

Be sure to have only one gateway configured for your system.
Some might say the binding orer may solve your problem, but i foud that
rather buggy.

Ps. There is a wizard that will configure your RRAS server as internet
gateway when you activate RRAS, but that doesn't cope with two
gateways, I presume...

Good luck!

Thanks for the reply.
Everything is configured as you suggested. Only one gateway. I've used the
wizard to create the NAT connection and everything seems to work as it
should...but no internet to the clients.




"Trumpeteer" wrote:

> John,
>
> This should be the case:
> Under NAT:
> - Within the properties of your WAN connection should be the
> radiobutton internet facing selected, and the two checkmarks enabled
> (please enable the basic firewall if you don't use firewallsoftware)
> - Within the properties of your LAN connection should be the
> radiobutton Private Lan selected
>
> Within the properties of your connections:
> The WAN-connection should have a gateway, and the LAN connection not.
> If you have multiple subnets within your LAN, you must fill out static
> routes within RRAS.
>
> Be sure to have only one gateway configured for your system.
> Some might say the binding orer may solve your problem, but i foud that
> rather buggy.
>
> Ps. There is a wizard that will configure your RRAS server as internet
> gateway when you activate RRAS, but that doesn't cope with two
> gateways, I presume...
>
> Good luck!
>
>

next step:
Ping an outside adress that you know will reply, for instance
194.151.104.196
If this works your NATting is OK, but name resolution (DNS) is not
functioning.

Try for name resolution an nslookup. You could configure your clients
to go directly to your ISP for name-resolution.

By the way, can you browse from your server?

Greetz,

Trumpeteer

Hi Trumpeteer

Server: I can browse and I can ping an outside address
Client: I cannot browse and I cannot ping an outside address

Any thoughts?
Thanks
John


"Trumpeteer" wrote:

> next step:
> Ping an outside adress that you know will reply, for instance
> 194.151.104.196
> If this works your NATting is OK, but name resolution (DNS) is not
> functioning.
>
> Try for name resolution an nslookup. You could configure your clients
> to go directly to your ISP for name-resolution.
>
> By the way, can you browse from your server?
>
> Greetz,
>
> Trumpeteer
>
>

NAT is a pretty simple thing. It usually just works.

Are te clients set to get their network config automatically? Have you
done an ipconfig /all on a client to check what config it has? Is it in the
same IP subnet as the server's private NIC? What is its default gateway
setting?

"jcamacho" <(E-Mail Removed)> wrote in message
news:07322F88-4FA7-4755-B6AB-(E-Mail Removed)...
> Hi Trumpeteer
>
> Server: I can browse and I can ping an outside address
> Client: I cannot browse and I cannot ping an outside address
>
> Any thoughts?
> Thanks
> John
>
>
> "Trumpeteer" wrote:
>
>> next step:
>> Ping an outside adress that you know will reply, for instance
>> 194.151.104.196
>> If this works your NATting is OK, but name resolution (DNS) is not
>> functioning.
>>
>> Try for name resolution an nslookup. You could configure your clients
>> to go directly to your ISP for name-resolution.
>>
>> By the way, can you browse from your server?
>>
>> Greetz,
>>
>> Trumpeteer
>>
>>

jcamacho wrote:
> Hi Trumpeteer
>
> Server: I can browse and I can ping an outside address
> Client: I cannot browse and I cannot ping an outside address

The ipconfig /all may tell the story, are you using the DNS proxy in NAT, or
is DNS installed on the server?

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

Hello

The clients get their configs automatically. Here is the ipconfig /all on a
client:
Dhcp Enabled........................................Yes
Autoconfiguration Enabled...................... Yes
IP Address........................................... . 192.168.0.143
Subnet Mask......................................... 255.255.255.0
Default Gateway.................................... 192.168.0.1
DNS Servers......................................... 192.168.0.1

NAT is providing the DNS.

Thanks for all your responses
John



"Bill Grant" wrote:

> NAT is a pretty simple thing. It usually just works.
>
> Are te clients set to get their network config automatically? Have you
> done an ipconfig /all on a client to check what config it has? Is it in the
> same IP subnet as the server's private NIC? What is its default gateway
> setting?
>
> "jcamacho" <(E-Mail Removed)> wrote in message
> news:07322F88-4FA7-4755-B6AB-(E-Mail Removed)...
> > Hi Trumpeteer
> >
> > Server: I can browse and I can ping an outside address
> > Client: I cannot browse and I cannot ping an outside address
> >
> > Any thoughts?
> > Thanks
> > John
> >
> >
> > "Trumpeteer" wrote:
> >
> >> next step:
> >> Ping an outside adress that you know will reply, for instance
> >> 194.151.104.196
> >> If this works your NATting is OK, but name resolution (DNS) is not
> >> functioning.
> >>
> >> Try for name resolution an nslookup. You could configure your clients
> >> to go directly to your ISP for name-resolution.
> >>
> >> By the way, can you browse from your server?
> >>
> >> Greetz,
> >>
> >> Trumpeteer
> >>
> >>
>
>
>

jcamacho wrote:
> Hello
>
> The clients get their configs automatically. Here is the ipconfig
> /all on a client:
> Dhcp Enabled........................................Yes
> Autoconfiguration Enabled...................... Yes
> IP Address........................................... . 192.168.0.143
> Subnet Mask......................................... 255.255.255.0
> Default Gateway.................................... 192.168.0.1
> DNS Servers......................................... 192.168.0.1

I should have been more clear, it was the NAT server's ipconfig /all that
should have been posted (unedited)
Just verify also that you are not using Internet Connection Sharing instead
of NAT in RRAS.

> NAT is providing the DNS.

So can I take it that you are not using Active Directory and DNS is not
installed on the server?
Even without AD, you will have more flexibility and better access control if
you use DHCP and DNS instead of letting RRAS provide these services.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

Hello Kevin,

Here is the ipconfig /all from the server:

Public Adapter:
Connection-specific DNS Suffix.....:
Description.................................: Broadcom NetXtreme 5721
Gigabit Controller
Physical Address.........................: 00-14-22-0C-xx-xx
DHCP Enabled.............................: No
IP Address..................................: 209.12.xxx.xxx
Subnet Mask...............................: 255.255.255.xxx
Default Gateway..........................: 209.12.xxx.xxx
DNS Servers...............................: 207.191.xxx.xx
206.222.xxx.xxx
(There are #'s where the x's are just didn't want to show them here.)

Private Adapter:
Connection-specific DNS Suffix.....:
Description.................................: D-Link DGE-530T Gigabit
Ethernet Adapter
Physical Address.........................: 00-15-E9-BD-xx-xx
DHCP Enabled.............................: No
IP Address..................................: 192.168.0.1
Subnet Mask...............................: 255.255.255.0
Default Gateway..........................:
DNS Servers................................:

I can browse the internet from the server.
I am not using ICS and I am using the DNS Proxy in NAT.

Thanks again for your help
John






"Kevin D. Goodknecht Sr. [MVP]" wrote:

> jcamacho wrote:
> > Hello
> >
> > The clients get their configs automatically. Here is the ipconfig
> > /all on a client:
> > Dhcp Enabled........................................Yes
> > Autoconfiguration Enabled...................... Yes
> > IP Address........................................... . 192.168.0.143
> > Subnet Mask......................................... 255.255.255.0
> > Default Gateway.................................... 192.168.0.1
> > DNS Servers......................................... 192.168.0.1
>
> I should have been more clear, it was the NAT server's ipconfig /all that
> should have been posted (unedited)
> Just verify also that you are not using Internet Connection Sharing instead
> of NAT in RRAS.
>
> > NAT is providing the DNS.
>
> So can I take it that you are not using Active Directory and DNS is not
> installed on the server?
> Even without AD, you will have more flexibility and better access control if
> you use DHCP and DNS instead of letting RRAS provide these services.
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> http://message.wftx.us/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
>