locked
Server 2008 R2 NAT internet sharing problem RRS feed

  • Question

  • Hi

    I have a server running Server 2008 R2 Foundation, with 3 network ports. I have installed RRAS and configured it as a NAT and network routing custom configuration - although I have also tried the NAT wizard method with similar lack of success.

    One NIC is connected to a cable modem, which uses PPPoE to obtain an Internet connection. It has an APIPA address, but the address shouldn't matter for the purposes of the dial on demand connection. The second adapter is connected to the LAN, and has an address of 192.168.2.1/24. The third NIC is connected to a WiFi access point, and has an address of 192.168.53.1/24. None of the NICs have a gateway address assigned.

    I configured a PPPoE dial on demand connection in RRAS, and this connects (if I tell it to connect - I've not yet managed to get it to dial on demand based on a Web page request. Hopefully that will start to work once NAT is fixed). It is given a dynamic IP address from my ISP. I have configured a static route to 0.0.0.0 mask 0.0.0.0 pointing to the DoD interface (no gateway), and checked the "Use this Route to Initiate Dial on Demand Connections". When connected I can browse the internet from the server. From a client I can ping the server's Internal IP address, and the addresses of the other interfaces, including the one assigned by my ISP, so routing appears to be working, but I can't access the Internet.

    In the NAT section I have added the Dial on demand interface, and selected it as Public, and checked the box to say enable NAT on this interface. I added the LAN and WiFi interfaces as Private. I have left the Address Assignment and Name Resolution tabs as default (unconfigured) although I have tried configuring these options to see if it would make a difference. If I try to ping or tracert from a client, there is no response (Request Timed Out, or Destination net unreachable). If I ping an external address from the server's internal address (eg. ping 8.8.8.8 -S 192.168.2.1) I also get a timeout. There are no mappings showing up in the NAT section of RRAS.

    What am I doing wrong? I've looked all over and followed various posts on numerous blogs, and had no luck. It's starting to make me question my capabilities as a network engineer :)

    Sunday, July 6, 2014 5:16 PM

All replies

  • Try to diagnose routing table (route print).

    HTH

    Milos

    Sunday, July 6, 2014 5:30 PM
  • Hi Milos

    Thanks for the response. My routing table looks OK as far as I can tell:

    ===========================================================================
    Interface List
     25...........................HomeTelecom
     24...........................RAS (Dial In) Interface
     14...00 15 17 d3 57 ea ......Intel(R) PRO/1000 PT Dual Port Server Adapter #2
     13...00 15 17 d3 57 eb ......Intel(R) PRO/1000 PT Dual Port Server Adapter
     10...3c 4a 92 74 25 8d ......HP NC107i PCIe Gigabit Server Adapter
      1...........................Software Loopback Interface 1
     11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination   Netmask             Gateway       Interface  Metric
    0.0.0.0               0.0.0.0             2xx.xx.118.1   2xx.xx.122.101 30
    127.0.0.0             255.0.0.0           On-link        127.0.0.1    306
    127.0.0.1             255.255.255.255     On-link        127.0.0.1    306
    127.255.255.255       255.255.255.255     On-link        127.0.0.1    306
    192.168.2.0           255.255.255.0       On-link       192.168.2.1    266
    192.168.2.1           255.255.255.255     On-link       192.168.2.1    266
    192.168.2.10          255.255.255.255     On-link       192.168.2.1    266
    192.168.2.255         255.255.255.255     On-link       192.168.2.1    266
    192.168.53.0          255.255.255.0       On-link      192.168.53.1   266
    192.168.53.1          255.255.255.255     On-link      192.168.53.1   266
    192.168.53.105        255.255.255.255     On-link    192.168.53.105 306
    192.168.53.255        255.255.255.255     On-link      192.168.53.1   266
    2xx.xx.122.101        255.255.255.255     On-link    2xx.xx.122.101 276
    224.0.0.0             240.0.0.0           On-link        127.0.0.1    306
    224.0.0.0             240.0.0.0           On-link      192.168.53.1   267
    224.0.0.0             240.0.0.0           On-link        d    279
    224.0.0.0             240.0.0.0         On-link       192.168.2.1    269
    224.0.0.0             240.0.0.0         On-link    192.168.53.105 306
    224.0.0.0             240.0.0.0         On-link    2xx.xx.122.101 276
    255.255.255.255      255.255.255.255     On-link        127.0.0.1    306
    255.255.255.255      255.255.255.255     On-link      192.168.53.1   266
    255.255.255.255      255.255.255.255     On-link        d    276
    255.255.255.255      255.255.255.255     On-link       192.168.2.1    266
    255.255.255.255      255.255.255.255     On-link    192.168.53.105 306
    255.255.255.255      255.255.255.255     On-link    2xx.xx.122.101 276
    ==========================================================================
    Persistent Routes:
    None

    HomeTelecom is my ISP. I've obscured my external IP a bit for security (although I think any hacker would be quite disappointed with what they'd find).

    Any ideas?


    Sunday, July 6, 2014 5:54 PM