General discussion

Locked

NT Connectivity Problem

By pozotech ·
Have several servers all running NT 4 w/sp6a. All are dual honned with 2 NICs. Nic #1 is for the internal network, Nic #2 is for external network. External network sits behind a Pipeline 130 router which gives internet connectivity for web, email etc. The problem is that on one machine I can get inbound access but not outbound. I can ping the ip from the outside. This is an exchange 5.5 mail server, and it will not send outbound messages. Will receive inbound. If I try to ping an external IP -I get an error message. Have checked DNS, WINS and gateways all appear correct compared to other machines. Any Ideas? Jeff

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

NT Connectivity Problem

by Tony Hogan In reply to NT Connectivity Problem

Make sure you have Enabled IP Forwarding on the Routing Tab for the external TCP/IP adapter. Without this, the system will not route IP traffic between the two cards.

-tony

Collapse -

NT Connectivity Problem

by pozotech In reply to NT Connectivity Problem
Collapse -

NT Connectivity Problem

by AlphaGeek In reply to NT Connectivity Problem

YOu mention that gateways (plural) all appear correct. If you have a default gateway set for both adapters there in lies your problem. Sometimes it works like you want sometimes not.

MS KB
"Only one default gateway should be configured on any multihomed computer. The default gateway is a global configuration for the server, not a setting that must be set for each network adapter. The server is already aware of all the networks it is directly connected to, and adds a route to each network for which it has a TCP/IP address."

Search technet for 'multi homed default gateway' for plenty of further info on this.

Your default gateway should only be configured on the external adapter. Also I would NOT turn on IP forwarding on on your Exchange server. This is not needed and is a security risk!

If you have multiple subnets on the inside network you will just need to add persistant routes to the routing table of the Exchange server.

Collapse -

NT Connectivity Problem

by pozotech In reply to NT Connectivity Problem
Collapse -

NT Connectivity Problem

by NetTek In reply to NT Connectivity Problem

1. Under "Network Properties", "Protocols", "TCP/IP", "Properties", "Routing" tab, make sure "Enable IP forwarding" is checked for both NICs. It clearly tells you on the page that this is required to route IP across multi-homed systems.
2. The external NIC's gateway should be the IP address of your router.
3. The internal NIC should have no gateway installed.
4. You may also need to add a persistant route statement so that the muli-homed server knows where your internal LAN is. For example:
c:\route add -p 209.123.12.0 mask 255.255.255.0 209.123.12.1
The -p means persistant. The route statement will remain even after reboot. 209.123.12.0 is whatever your LANs net ID is. Mask is your default mask. 209.123.12.1 is the IP address ofyour internal NIC.

Collapse -

NT Connectivity Problem

by pozotech In reply to NT Connectivity Problem
Collapse -

NT Connectivity Problem

by AlphaGeek In reply to NT Connectivity Problem

Two have now posted to enable IP routing... DO NOT ENABLE IP ROUTING on your exchange server. This is a definite security risk.

I can email you screen shots of the Routing tab of my Exchange server as proof that this is NOT required.

I have the exact same setup as you have except the router isn't a Pipeline.

My setup follows as a example IP's have been changed for obvious reasons.

NIC #1 Internal 192.168.100.68 255.255.255.0
No default gateway. (blank)

NIC #2 External 208.221.18.163 255.255.255.240
Default Gateway: 208.221.18.161

Enable IP Forwarding is UNCHECKED

I would also suggest disabling the following on NIC #2 in the bindings tab.
WINS Client TCP/IP
NetBios Interface
Server
Workstation

This will disable anyone attempting to hack your server through the NetBIOS TCP/IP Ports.

For more info on the above security tip see the following link where you can test the internet security of any Windows based system.

Shields Up! https://grc.com/x/ne.dll?bh0bkyd2

Collapse -

NT Connectivity Problem

by pozotech In reply to NT Connectivity Problem

Thanks for the help - worked great. Was not aware about not having 2 gateways. Was surprised that people were recommending to enable IP forwarding.This is something that you do not. I have been to the shields up site before and is worth checking outby all. Thanks for both responses. Jeff

Back to Windows Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums