WIndows 2000 NAT

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

cfreyman

Thread Starter
Joined
Sep 6, 2000
Messages
107
Background -
Trying to use windows 2000 server to route packets between two networks. Only outoing traffic is working properly - the incoming does not.

Heres the setup -
NIC (external) 192.168.10.2 - faces internet - Default Gway 192.168.10.1
NIC (internal) 10.168.1.90 - internal LAN - no Default Gway

I added a "special ports" assignment for port 25 and the IP of my internal mail server. Whenever i try from outside my network (via a dialup client on a pots line) I am unable to connect to the mail server.

I know for sure it is hitting the windows 2000 box, because the NAT session shows up on RRAS.

However, to test to see if it was working going outbound I changed my default gateway to the 10.168.1.90 address, it works fine, I am able to ping traffic outside of the LAN. Tracert shows it hitting the windows 2000 box, my router, and off from there.

Anyone have any ideas? Ive combed knowledgebase but no luck!
 
Joined
Oct 13, 2003
Messages
28
A couple of questions.

Is your outside router set to forward port 25 to the 192. address of your W2k Server?

Also, is IP Forwarding enabled on the Server?

I am assuming that the mail server is running on another box.
 

cfreyman

Thread Starter
Joined
Sep 6, 2000
Messages
107
yeah - all traffic is forwarded from the external ip 65.x.x.47 --> 192.168.10.2 - there is no specific port information in the router.

Not sure what you mean about ip forwarding. I did find a ms knowledge base article that involved changing a registry entry. (im going from memory but i believe it was - hkey local machine-system-currentcontrolset-services-tcpip- add a dword value called IPEnableRouter and set it to 1.

I am positive the problem is either lying in the NAT setup or the basic network settings. I know this because I AM able to get to the smtp server of the w2k server - however when i try to get to the email server on another box, no luck. I have added the correct info into the Special Ports section of RRAS

Let me know if you need more information.

Thanks
 
Joined
Oct 13, 2003
Messages
28
Are you using a single external address (192.168.10.2) if so do you have Translate TCP/UDP headers checked in the NAT configurations. This is required if you have a single address. If you have multiple addresses you need to set them up in the address pool.


Have you tried to insert a machine in the 192.168.10.x address space and attempt to telnet to port 25 of the 192.168.10.2 address. If you can reach your mail server then NAT is working. The problem may lie at you router at 192.168.10.1.

Frank
 

cfreyman

Thread Starter
Joined
Sep 6, 2000
Messages
107
Yes, and yes.

i put another client machine on 192.168.10.x and telneted to the 10.168.1.x address of the mail server, and it worked.

I am confused now... If we are now assuming the router is the problem, let me tell you about the configuration of that.

Cisco 2600 router: created a subinterface of 192.168.10.1 255.255.255.0

ip nat inside source static 192.168.10.2 63.x.x.47
access-list 1 permit 192.168.1.0 0.0.0.255

and, like i said before, there are no traffic restrictions based on port or protocol.

So, the actual physical set up is this: incoming traffic to cisco router - cisco router to HP procurve switch - switch to W2k server with ip 192.168.10.2 - other nic is 10.168.1.90 for the internal LAN

Let me know if you need more information.
 

cfreyman

Thread Starter
Joined
Sep 6, 2000
Messages
107
Ok I fixed it - but i feel stupid now.

The problem was that the default gateway of the 10.168.1.x mail server, was wrong. As soon as i changed it, it worked fine.

Thanks anyways
 
Joined
Oct 13, 2003
Messages
28
Glad you got it fixed.

But I am puzzled, it looks like you were creating a DMZ, but usually the Mail Server, Web Server etc exist in the DMZ with the protected network behind it.

I am assuming this is an experiment. I thought the issue might have been related to doing double NAT. Once at the W2K server and once at the router. I wasn't sure that one could do that, but it looks as though it will work. I had a level 2 tech at Covads tell me it wouldn't work.

Thanks
Frank
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top