Server 2003 not Accepting any Internet Connections, Not Even Ping!

Ok, I have Server 2003 up and running. I am trying to provide services
to internet users but they cannot even ping me.

My network set up is that all the computers connect to the server which
connects to the ADSL/DSL modem. The LAN connects through ethernet and so
does the modem (Got 2 Network Cards). I have bridged the connections and
I am able to access the internet from the server and the networked
computers. Under NAT/Basic Firewall in Routing and Remote Access I have
2 "Interfaces", The 'Lan to Wan Bridge' (The bridge for the Modem and
LAN) which is set up as a Public interface connected to the internet
with NAT enabled BUT NOT a basic firewall. Then there is the 'Internal'
Connection (Which seems pointless) which is set up as Private interface
connected to private network.

My network clients (and the server) are able to send and receive data
(for example Messaging programs and Internet Games) but no one on the
internet can initiate a connection to us, ping dosen't even respond to
their requests! The Windows Firewall is OFF, I am using Service Pack 1,
My Modem has no obvious firewall settings and my IP address is
kingsleyjarrett.no-ip.com (Use no-ip.com's Dynamic DNS Services for
constant correct IP routing. Have their DUC Running in the backround
checking im allways up to date)


Hopefully I have given enough infomation for you to help me. If you need
any more I will be happy to provide. Any help you provide will be
greatly appreciated.

Thank You

Kingsley Jarrett

IIUC,

a) your users access Internet thru NAT service
b) Users from the Internet cannot connect to hosts behind NAT server

This behaviour is by design. NAT service is designed to share public IP
address with hosts on the private net using private IP addresses. That is,
it enables outbound traffic, but inbound traffic is a little more complex.
BTW, kingsleyjarrett.no-ip.com is not IP address, but DNS name (FQDN).

IOW, there is no easy solution.

Some thoughts:
1. Use public IP adresses, no NAT, but IP routing.
2. Publish internal services to the external connection
3. Set up VPN which will enable acess to your private net from the Internet.


"Kingsley Jarrett" <(E-Mail Removed)> wrote in message
news:uQG2DyT%(E-Mail Removed)...
> Ok, I have Server 2003 up and running. I am trying to provide services
> to internet users but they cannot even ping me.
>
> My network set up is that all the computers connect to the server which
> connects to the ADSL/DSL modem. The LAN connects through ethernet and so
> does the modem (Got 2 Network Cards). I have bridged the connections and
> I am able to access the internet from the server and the networked
> computers. Under NAT/Basic Firewall in Routing and Remote Access I have
> 2 "Interfaces", The 'Lan to Wan Bridge' (The bridge for the Modem and
> LAN) which is set up as a Public interface connected to the internet
> with NAT enabled BUT NOT a basic firewall. Then there is the 'Internal'
> Connection (Which seems pointless) which is set up as Private interface
> connected to private network.
>
> My network clients (and the server) are able to send and receive data
> (for example Messaging programs and Internet Games) but no one on the
> internet can initiate a connection to us, ping dosen't even respond to
> their requests! The Windows Firewall is OFF, I am using Service Pack 1, My
> Modem has no obvious firewall settings and my IP address is
> kingsleyjarrett.no-ip.com (Use no-ip.com's Dynamic DNS Services for
> constant correct IP routing. Have their DUC Running in the backround
> checking im allways up to date)
>
>
> Hopefully I have given enough infomation for you to help me. If you need
> any more I will be happy to provide. Any help you provide will be
> greatly appreciated.
>
> Thank You
>
> Kingsley Jarrett

Ok, im setting up a Static Route,
Interface: 'Lan To Wan Bridge'
Destination: 0.0.0.0
Netmask: 0.0.0.0
Gateway: 10.0.0.5 (IP of the Modem)

There are now no NAT interfaces, lets see if this works...

Dusko Savatovic wrote:
> IIUC,
>
> a) your users access Internet thru NAT service
> b) Users from the Internet cannot connect to hosts behind NAT server
>
> This behaviour is by design. NAT service is designed to share public IP
> address with hosts on the private net using private IP addresses. That is,
> it enables outbound traffic, but inbound traffic is a little more complex.
> BTW, kingsleyjarrett.no-ip.com is not IP address, but DNS name (FQDN).
>
> IOW, there is no easy solution.
>
> Some thoughts:
> 1. Use public IP adresses, no NAT, but IP routing.
> 2. Publish internal services to the external connection
> 3. Set up VPN which will enable acess to your private net from the Internet.
>
>
> "Kingsley Jarrett" <(E-Mail Removed)> wrote in message
> news:uQG2DyT%(E-Mail Removed)...
>
>>Ok, I have Server 2003 up and running. I am trying to provide services
>>to internet users but they cannot even ping me.
>>
>>My network set up is that all the computers connect to the server which
>>connects to the ADSL/DSL modem. The LAN connects through ethernet and so
>>does the modem (Got 2 Network Cards). I have bridged the connections and
>>I am able to access the internet from the server and the networked
>>computers. Under NAT/Basic Firewall in Routing and Remote Access I have
>>2 "Interfaces", The 'Lan to Wan Bridge' (The bridge for the Modem and
>>LAN) which is set up as a Public interface connected to the internet
>>with NAT enabled BUT NOT a basic firewall. Then there is the 'Internal'
>>Connection (Which seems pointless) which is set up as Private interface
>>connected to private network.
>>
>>My network clients (and the server) are able to send and receive data
>>(for example Messaging programs and Internet Games) but no one on the
>>internet can initiate a connection to us, ping dosen't even respond to
>>their requests! The Windows Firewall is OFF, I am using Service Pack 1, My
>>Modem has no obvious firewall settings and my IP address is
>>kingsleyjarrett.no-ip.com (Use no-ip.com's Dynamic DNS Services for
>>constant correct IP routing. Have their DUC Running in the backround
>>checking im allways up to date)
>>
>>
>>Hopefully I have given enough infomation for you to help me. If you need
>>any more I will be happy to provide. Any help you provide will be
>>greatly appreciated.
>>
>>Thank You
>>
>>Kingsley Jarrett
>
>
>

Didnt Work, Still cant be accessed from the internet. Port scanners are
reporting "Stealthed" as a result. I tried enabling Windows Firewall
which picks up my programs creating incoming connections but still wont
allow outside connections even when they are in the exceptions list,
nothing even appears in the log!

It may be my modem, however it has no obivous firewall settings. Nothing
is mentioned in the user guide about a firewall on the modem.


Any other ideas?

Here are a few points to ponder.

1. What sort of IP addresses are we talking about here? Only registered
public IP addresses can be routed through the Internet. Private IPs can't be
seen from the Internet.

2. Why are you bridging the LAN to the WAN?

3. The "internal" interface you refer to has nothing to do with your
current setup. It is the interface to which remote access clients (RAS or
VPN) connect.

A simple diagram of your network (with IP addresses and gateways) would
help.

eg

Internet
|
public IP
server
IP? default gateway?
|
workstations
IP? gateway?
"Kingsley Jarrett" <(E-Mail Removed)> wrote in message
news:e5yNsAZ%(E-Mail Removed)...
> Didnt Work, Still cant be accessed from the internet. Port scanners are
> reporting "Stealthed" as a result. I tried enabling Windows Firewall which
> picks up my programs creating incoming connections but still wont allow
> outside connections even when they are in the exceptions list, nothing
> even appears in the log!
>
> It may be my modem, however it has no obivous firewall settings. Nothing
> is mentioned in the user guide about a firewall on the modem.
>
>
> Any other ideas?

Like Bill said, you must use public IP addresses which you obtained from
your ISP.

> Gateway: 10.0.0.5 (IP of the Modem)
This is private IP address. This means that it can only be used on private
LANs. All routers on the Internet will drop any address that is in the
private range. Some private ranges are:
10.0.0.0/8
172.16.0.0/12
192.168.0.0/24
169.254.0.0/16

Summary table in RFC3330 gives description of certain IP ranges.
http://www.faqs.org/rfcs/rfc3330.html

Dusko Savatovic


"Bill Grant" <not.available@online> wrote in message
news:ePXIrRc%(E-Mail Removed)...
> Here are a few points to ponder.
>
> 1. What sort of IP addresses are we talking about here? Only registered
> public IP addresses can be routed through the Internet. Private IPs can't
> be seen from the Internet.
>
> 2. Why are you bridging the LAN to the WAN?
>
> 3. The "internal" interface you refer to has nothing to do with your
> current setup. It is the interface to which remote access clients (RAS or
> VPN) connect.
>
> A simple diagram of your network (with IP addresses and gateways) would
> help.
>
> eg
>
> Internet
> |
> public IP
> server
> IP? default gateway?
> |
> workstations
> IP? gateway?
> "Kingsley Jarrett" <(E-Mail Removed)> wrote in message
> news:e5yNsAZ%(E-Mail Removed)...
>> Didnt Work, Still cant be accessed from the internet. Port scanners are
>> reporting "Stealthed" as a result. I tried enabling Windows Firewall
>> which picks up my programs creating incoming connections but still wont
>> allow outside connections even when they are in the exceptions list,
>> nothing even appears in the log!
>>
>> It may be my modem, however it has no obivous firewall settings. Nothing
>> is mentioned in the user guide about a firewall on the modem.
>>
>>
>> Any other ideas?
>
>

Simple Diagram:


Internet
|
Modem (Internal IP 10.0.0.5, External is what ever my ISP chooses)
|
Server (Internet IP 10.0.0.3)
|
LAN (IP's Assigned by Server's DCHP Function)

Will try unbriding the connections, see if that helps...

Bill Grant wrote:

>
> A simple diagram of your network (with IP addresses and gateways) would
> help.
>
> eg
>
> Internet
> |
> public IP
> server
> IP? default gateway?
> |
> workstations
> IP? gateway?

Have also just tried messing the "IP Policies on Active Directory" part
of the "Default Domain Security Settings" Snap in. I created a custom IP
Security Policy that included a custom IP Security Rule that Allows
everything through no matter what the source IP, Destination ip,
Protocol ect, ect was. Then I set that IP Security rule to not require
any authentication at all. However, even after all this configuration of
letting everything through numerous port scanners (including the one at
http://www.dslreports.com/scan ) report that they where not able to ping
me on any protocol or able to find any open ports.

Could there be something else I am missing?

Thanks for all you help so far!

Kingsley Jarrett

Since your modem has an IP address for itself, I presume it is some sort
of ADSL NAT device rather than just a modem.

In a case like this, there are really only two reliable ways to go about
it. Either give the server one NIC and make it look like the other machines
on the LAN (all using the ADSL device as their gateway). Or give the server
Two NICs (one connected to ADSL, one to the LAN) and make the server the
default gateway of your LAN. You current setup is like the first of these.

If you are running Active Directory you will probably have trouble with
DNS. Set all your clients to use the DNS server on your AD DC, and set this
DNS server to forward to a public DNS service (such as your ISP). So your
network looks like

Internet
|
public IP
ADSL
10.0.0.5
|
server
10.0.0.3 dg 10.0.0.5
|
clients
10.0.0.x dg 10.0.0.5 DNS 10.0.0.3

For Internet users to see your server, they will need to connect to your
ADSL device's public IP. You cannot route private IPs through the Internet.
If this IP address is not static, you will need some way to link the current
IP to a name for them to use. (Google for dynamic DNS).

Then you need to forward a port or ports from your ADSL device to your
server. If you want remote users to see a web page on your server, you need
to forward tcp port 80 to your server. If your ADSL device does not support
port forwarding, you will need to upgrade it to one which does.

"Kingsley Jarrett" <(E-Mail Removed)> wrote in message
news:O9pg%23cw%(E-Mail Removed)...
> Simple Diagram:
>
>
> Internet
> |
> Modem (Internal IP 10.0.0.5, External is what ever my ISP chooses)
> |
> Server (Internet IP 10.0.0.3)
> |
> LAN (IP's Assigned by Server's DCHP Function)
>
> Will try unbriding the connections, see if that helps...
>
> Bill Grant wrote:
>
>>
>> A simple diagram of your network (with IP addresses and gateways)
>> would help.
>>
>> eg
>>
>> Internet
>> |
>> public IP
>> server
>> IP? default gateway?
>> |
>> workstations
>> IP? gateway?

My Setup is actually the second one, the server has two NICs, one for
the lan and one for the internet. Their connections have been bridged.
The Default Gateway of the server is 10.0.0.5 and the default gateway of
all the other computers is 10.0.0.3. The first method would not
work either since there is no port forwarding interface.

My modem however has no port forwarding at all. I beleive that it has a
firewall or NAT intergrated into it which is not mentioned in the manual
or on the config page for it.

I will try and contact linksys about this matter.

(Note: I was allready running a Dynamic DNS service coutersy of
http://www.no-ip.com and I allways check that its Dynamic DNS name
points to my current IP Address)

Thanks for your help!


Bill Grant wrote:
> Since your modem has an IP address for itself, I presume it is some sort
> of ADSL NAT device rather than just a modem.
>
> In a case like this, there are really only two reliable ways to go about
> it. Either give the server one NIC and make it look like the other machines
> on the LAN (all using the ADSL device as their gateway). Or give the server
> Two NICs (one connected to ADSL, one to the LAN) and make the server the
> default gateway of your LAN. You current setup is like the first of these.
>
> If you are running Active Directory you will probably have trouble with
> DNS. Set all your clients to use the DNS server on your AD DC, and set this
> DNS server to forward to a public DNS service (such as your ISP). So your
> network looks like
>
> Internet
> |
> public IP
> ADSL
> 10.0.0.5
> |
> server
> 10.0.0.3 dg 10.0.0.5
> |
> clients
> 10.0.0.x dg 10.0.0.5 DNS 10.0.0.3
>
> For Internet users to see your server, they will need to connect to your
> ADSL device's public IP. You cannot route private IPs through the Internet.
> If this IP address is not static, you will need some way to link the current
> IP to a name for them to use. (Google for dynamic DNS).
>
> Then you need to forward a port or ports from your ADSL device to your
> server. If you want remote users to see a web page on your server, you need
> to forward tcp port 80 to your server. If your ADSL device does not support
> port forwarding, you will need to upgrade it to one which does.
>
> "Kingsley Jarrett" <(E-Mail Removed)> wrote in message
> news:O9pg%23cw%(E-Mail Removed)...
>
>>Simple Diagram:
>>
>>
>>Internet
>> |
>>Modem (Internal IP 10.0.0.5, External is what ever my ISP chooses)
>> |
>>Server (Internet IP 10.0.0.3)
>> |
>> LAN (IP's Assigned by Server's DCHP Function)
>>
>>Will try unbriding the connections, see if that helps...
>>
>>Bill Grant wrote:
>>
>>
>>> A simple diagram of your network (with IP addresses and gateways)
>>>would help.
>>>
>>> eg
>>>
>>> Internet
>>> |
>>> public IP
>>> server
>>> IP? default gateway?
>>> |
>>>workstations
>>>IP? gateway?
>
>
>