Networking

Get IT Done: Two solutions for routing IP via DSL on an NT server

Register a valid range of Internet addresses with your ISP, or use a Proxy or Firewall/NAT solution for routing IP via DSL on an NT server.


It’s a fact. Systems engineers are increasingly relying upon low-cost, high-speed DSL lines for fat bandwidth connectivity. However, DSL technology can throw a few T-1 powered curveballs of its own when it comes to configuration.

Recently, a TechRepublic reader posted a question in the AdminRepublic Discussion Center seeking help configuring a Windows NT 4.0 machine to route IP packets using a DSL line. And, boy, did you folks give it the old college try. However, most of the respondents forgot one key fact.

The Discussion Center query
Here’s how the situation was essentially presented:

I’m setting up an NT 4.0 Server as an IP router for a DSL connection to my LAN. I have two NICS in the router, with the inside address 200.xxx.xxx.xxx. The outside address is assigned by the ISP, as well as the gateway and DNS server addresses.

I can’t get my browser to connect to the Internet. I’ve enabled IP routing, and I can PING the outside NIC as well as the ISP's gateway, but I can’t PING the DNS servers.

I'm pretty sure all my settings are correct, but it just dawned on me that my inside address 200.xxx.xxx.xxx is a private network, and I am using public addresses. Is it possible that when I PING an outside network, the router tries to send the packet back to the source address 200.xxx.xxx.xxx, but since my address isn’t registered, it doesn't know how to route it?

The accepted solution
Here’s the answer the TechRepublic reader accepted (for 100 points, no less):

Well, not one of the responses so far identified the root cause of your problem. You cannot receive replies to your PINGs to the ISP's DNS servers because they are on the other side of the ISP gateway, and you’re using a network address that is probably already assigned to a valid Internet user. Your PINGs go to the DNS servers, which reply. When the replies get back to the ISP gateway, though, they are routed to the registered user of your network address (which is not you—oops). Switching to a reserved address (i.e. 192.168.xxx.xxx/24, 172.16.xxx.xxx/16, or 10.xxx.xxx.xxx/8) won't help either, since these IP addresses are not routed by Internet gateways by default.

DNS and WINS have nothing to do with this. They are used only for name resolution. Your options are:
  1. Register a valid range of Internet addresses with your ISP.
  2. Use a Proxy or Firewall/NAT solution.

So there you have it. While it was easy to get tripped up on the DNS/WINS issues, a proxy or firewall solution is the solution.

If you have questions of your own, post them in our Discussion Center. Let your colleagues come to your rescue. You can find the Discussion Center here.

Make the most of your brilliant IT career
There's no reason not to get exactly what you want from TechRepublic. By becoming a volunteer member of AdminRepublic's Virtual Advisory Board, you can help guide our Web site by giving us your opinions on the topics and features you need as an elite member of the admin community.
Member responsibilities include:
  • Advising TechRepublic on topics of interest
  • Evaluating new features
  • Building the community to answer the concerns that you have
We are currently accepting applications for a limited number of openings. Don't wait any longer; apply now by sending us an e-mail. We'll send you an application and more information about our volunteer board.
This is an opportunity to play a pivotal role in creating something that will help propel you in your IT career. Plus it's another great thing to add to your resume!


 

It’s a fact. Systems engineers are increasingly relying upon low-cost, high-speed DSL lines for fat bandwidth connectivity. However, DSL technology can throw a few T-1 powered curveballs of its own when it comes to configuration.

Recently, a TechRepublic reader posted a question in the AdminRepublic Discussion Center seeking help configuring a Windows NT 4.0 machine to route IP packets using a DSL line. And, boy, did you folks give it the old college try. However, most of the respondents forgot one key fact.

The Discussion Center query
Here’s how the situation was essentially presented:

I’m setting up an NT 4.0 Server as an IP router for a DSL connection to my LAN. I have two NICS in the router, with the inside address 200.xxx.xxx.xxx. The outside address is assigned by the ISP, as well as the gateway and DNS server addresses.

I can’t get my browser to connect to the Internet. I’ve enabled IP routing, and I can PING the outside NIC as well as the ISP's gateway, but I can’t PING the DNS servers.

I'm pretty sure all my settings are correct, but it just dawned on me that my inside address 200.xxx.xxx.xxx is a private network, and I am using public addresses. Is it possible that when I PING an outside network, the router tries to send the packet back to the source address 200.xxx.xxx.xxx, but since my address isn’t registered, it doesn't know how to route it?

The accepted solution
Here’s the answer the TechRepublic reader accepted (for 100 points, no less):

Well, not one of the responses so far identified the root cause of your problem. You cannot receive replies to your PINGs to the ISP's DNS servers because they are on the other side of the ISP gateway, and you’re using a network address that is probably already assigned to a valid Internet user. Your PINGs go to the DNS servers, which reply. When the replies get back to the ISP gateway, though, they are routed to the registered user of your network address (which is not you—oops). Switching to a reserved address (i.e. 192.168.xxx.xxx/24, 172.16.xxx.xxx/16, or 10.xxx.xxx.xxx/8) won't help either, since these IP addresses are not routed by Internet gateways by default.

DNS and WINS have nothing to do with this. They are used only for name resolution. Your options are:
  1. Register a valid range of Internet addresses with your ISP.
  2. Use a Proxy or Firewall/NAT solution.

So there you have it. While it was easy to get tripped up on the DNS/WINS issues, a proxy or firewall solution is the solution.

If you have questions of your own, post them in our Discussion Center. Let your colleagues come to your rescue. You can find the Discussion Center here.

Make the most of your brilliant IT career
There's no reason not to get exactly what you want from TechRepublic. By becoming a volunteer member of AdminRepublic's Virtual Advisory Board, you can help guide our Web site by giving us your opinions on the topics and features you need as an elite member of the admin community.
Member responsibilities include:
  • Advising TechRepublic on topics of interest
  • Evaluating new features
  • Building the community to answer the concerns that you have
We are currently accepting applications for a limited number of openings. Don't wait any longer; apply now by sending us an e-mail. We'll send you an application and more information about our volunteer board.
This is an opportunity to play a pivotal role in creating something that will help propel you in your IT career. Plus it's another great thing to add to your resume!


 

Editor's Picks

Free Newsletters, In your Inbox