1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

WIndows 2000 NAT

Discussion in 'Networking' started by cfreyman, Oct 13, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. cfreyman

    cfreyman Thread Starter

    Joined:
    Sep 6, 2000
    Messages:
    107
    Background -
    Trying to use windows 2000 server to route packets between two networks. Only outoing traffic is working properly - the incoming does not.

    Heres the setup -
    NIC (external) 192.168.10.2 - faces internet - Default Gway 192.168.10.1
    NIC (internal) 10.168.1.90 - internal LAN - no Default Gway

    I added a "special ports" assignment for port 25 and the IP of my internal mail server. Whenever i try from outside my network (via a dialup client on a pots line) I am unable to connect to the mail server.

    I know for sure it is hitting the windows 2000 box, because the NAT session shows up on RRAS.

    However, to test to see if it was working going outbound I changed my default gateway to the 10.168.1.90 address, it works fine, I am able to ping traffic outside of the LAN. Tracert shows it hitting the windows 2000 box, my router, and off from there.

    Anyone have any ideas? Ive combed knowledgebase but no luck!
     
  2. fweaver

    fweaver

    Joined:
    Oct 13, 2003
    Messages:
    28
    A couple of questions.

    Is your outside router set to forward port 25 to the 192. address of your W2k Server?

    Also, is IP Forwarding enabled on the Server?

    I am assuming that the mail server is running on another box.
     
  3. cfreyman

    cfreyman Thread Starter

    Joined:
    Sep 6, 2000
    Messages:
    107
    yeah - all traffic is forwarded from the external ip 65.x.x.47 --> 192.168.10.2 - there is no specific port information in the router.

    Not sure what you mean about ip forwarding. I did find a ms knowledge base article that involved changing a registry entry. (im going from memory but i believe it was - hkey local machine-system-currentcontrolset-services-tcpip- add a dword value called IPEnableRouter and set it to 1.

    I am positive the problem is either lying in the NAT setup or the basic network settings. I know this because I AM able to get to the smtp server of the w2k server - however when i try to get to the email server on another box, no luck. I have added the correct info into the Special Ports section of RRAS

    Let me know if you need more information.

    Thanks
     
  4. fweaver

    fweaver

    Joined:
    Oct 13, 2003
    Messages:
    28
    Are you using a single external address (192.168.10.2) if so do you have Translate TCP/UDP headers checked in the NAT configurations. This is required if you have a single address. If you have multiple addresses you need to set them up in the address pool.


    Have you tried to insert a machine in the 192.168.10.x address space and attempt to telnet to port 25 of the 192.168.10.2 address. If you can reach your mail server then NAT is working. The problem may lie at you router at 192.168.10.1.

    Frank
     
  5. cfreyman

    cfreyman Thread Starter

    Joined:
    Sep 6, 2000
    Messages:
    107
    Yes, and yes.

    i put another client machine on 192.168.10.x and telneted to the 10.168.1.x address of the mail server, and it worked.

    I am confused now... If we are now assuming the router is the problem, let me tell you about the configuration of that.

    Cisco 2600 router: created a subinterface of 192.168.10.1 255.255.255.0

    ip nat inside source static 192.168.10.2 63.x.x.47
    access-list 1 permit 192.168.1.0 0.0.0.255

    and, like i said before, there are no traffic restrictions based on port or protocol.

    So, the actual physical set up is this: incoming traffic to cisco router - cisco router to HP procurve switch - switch to W2k server with ip 192.168.10.2 - other nic is 10.168.1.90 for the internal LAN

    Let me know if you need more information.
     
  6. cfreyman

    cfreyman Thread Starter

    Joined:
    Sep 6, 2000
    Messages:
    107
    Ok I fixed it - but i feel stupid now.

    The problem was that the default gateway of the 10.168.1.x mail server, was wrong. As soon as i changed it, it worked fine.

    Thanks anyways
     
  7. fweaver

    fweaver

    Joined:
    Oct 13, 2003
    Messages:
    28
    Glad you got it fixed.

    But I am puzzled, it looks like you were creating a DMZ, but usually the Mail Server, Web Server etc exist in the DMZ with the protected network behind it.

    I am assuming this is an experiment. I thought the issue might have been related to doing double NAT. Once at the W2K server and once at the router. I wasn't sure that one could do that, but it looks as though it will work. I had a level 2 tech at Covads tell me it wouldn't work.

    Thanks
    Frank
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/171707

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice