General discussion

Locked

RRAS Internet connection server question

By dominicjohnson83 ·
Hi Guys and Girls,

I really need your help on this question:

I have a Windows 2000 Server with two network cards.

Eth1 - LAN
192.168.0.1
255.255.255.0
GW- 192.168.0.1
DNS 192.168.0.1

Eth2 - Handles Internet connection provided by a ADSL Firewall router.

10.0.0.4
255.0.0.0
10.0.0.1
DNS - some isp address

The Windows box is set as a domain controller, dhcp server, dns server.
Internet browsing is excellent on the server.

My aim is to get access from 192.168.0.10 to 10.0.0.1 to browse the
internet without enabling the rediculous internet connection sharing
mechanism on my box.


I have tried setting up RRAS (internet connection server - router with
NAT
routing protocol) and it doesnt seem to
work...

Also tried setting up a static route:

Interface: eth2 (internet)
destination : 10.0.0.1
network mask : 255.255.255.255
gateway: 192.168.0.1


Errors when trying to reach www.google.com from client machine
(192.168.0.10) with RRAS activated on the server:
request timed out

Cannot ping 10.0.0.1
Can ping 10.0.0.4

When RRAS is turned off i can resolve www.google.com to an IP obviously
because of my DNS server (192.168.0.1). and still cant ping...


Setting up internet connection sharing seems to do all weird things to my
server such as **** up dns or active directory or dhcp.


In dhcp i have the following scope options -

DNS Server- 192.168.0.1
Router - 10.0.0.4 (i have also tried with 192.168.0.1)

Do you think asking my ISP for a bridged connection to the net may help
solve this issue??

any input would be appreciated.. or if you have any furtner questions im
more than willing to find out the answers for u.

regards

dom

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by dominicjohnson83 In reply to RRAS Internet connection ...

Point value changed by question poster.

Collapse -

by hozcanhan In reply to RRAS Internet connection ...

dominic , by using the RRAS wizard you should be able to configure the server to act as a router . After doing this you must be able to ping from a CLIENT on the 192.168 subnet to a CLIENT ON THE 10.0 subnet and vice versa . All your ip,gw and net mask values must be ok . If you are able to do this then you are able to ping 10.0.0.4 (router ) . Once you come to this point put your comments and I am sure we'll all help you out with the rest . no need to ask for more from your isp.

Collapse -

by dominicjohnson83 In reply to RRAS Internet connection ...

Gday mate,

Thanks for your reply.
I set up RRAS (network router)...

from 192.168.0.10

i can ping 192.168.0.1 and 10.0.0.4... but i cant ping 10.0.0.1

this is the problem? or is it?

Collapse -

bridge the connection between Eth1 and Eth2, configure the client machines to use the Eth1 address as the default gateway.

this works for me at home in a similar situation.

Collapse -

by CG IT In reply to RRAS Internet connection ...

humm.

Ethernet 1 is the server's static IP 192.168.0.X. If you run DHCP services, then the scope starts with 192.168.0.1 thru 254 using subnet mask 255.255.255.0. A reservation in DHCP for the static IP address of the server is needed. Further, if its the DC for the network, then you need to configure options for DNS. The DNS on Ethernet 1 is the servers IP address. Enable forwarders in DNS.

Ethernet 2 would then be the gateway out. if you have a static IP address from your ISP you manually configure the NIC with the static IP, subnet mask and the ISP's DNS server. Configure an option in DHCP for a router and use Ethernet 2's manually configured IP, subnet mask and DNS as the default gateway out.

When you run the Routing and remote access wizard, you must specify ethernet 2 as the WAN. RRAS will also grab some IPs from DHCP for the DHCP relay agent and PPTP and L2TP miniports[ depending upon how many miniports you specify]. If you have a firewall appliance you need to allow port 1723 for PPTP passthrough and open the necessary port for L2TP secure VPN. Default RRAS rules are to deny access [deny a connection]so you must make up RRAS rules to allow access [allow a connection AND then for users in Active Directory enable remote access. [allow a connection then allow a user].

Don't brige connections and don't run the ICS wizard.

Here is a link on a Microsoft KB article "How to use the Windows Routing and Remote Access Service with a DSL router"

http://support.microsoft.com/default.aspx?scid=kb;en-us;321516

Collapse -

by CG IT In reply to

remember Ethernet 1 is the LAN and if you point clients to it as a gateway, they won't get out as ethernet 2 is the way out. You have to point clients to the right WAN to get out. If you have a router in the mix, the Router's LAN IP is the gateway out. Keep in mind that in multi-homed servers, your creating to subnets. For clients on 1 subnet to access another subnet, they must be pointed to the right subnet. Briding is the easy way out and is a security leak. It will open up your LAN network as there is no gate on the bridge.

Back to Networks Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums