Windows Server 2003 - NAT and network routing

Page 1 / 1

Required configuration :
- DHCP server

Firstly as mentioned at the beginning of this tutorial, you must add a second network card. So add this second NIC (physical) and then follow this tutorial.

 

Once added the second network card, go to the start menu -> Administrative Tools -> Routing and Remote Access.

Note for Windows Server 2008 : On Windows Server 2003 you can see that this feature is already installed but on Windows Server 2008 this isn't the case. On Windows Server 2008, you must add the role "Services Network Policy and Access".

In the "Routing and Remote Access" window that appears, right click on the name of your computer (INFORMATIWEB-03 in this tutorial) and click "Configure and Enable Routing and Remote Access".

Select "Custom Settings".

Check the boxes :
 - NAT and basic firewall
 - Network Routing

Click "Finish".

Click "Yes" to start the Routing and Remote Access services.

The service starts ...

To facilitate the configuration of this service, we will first rename the two network connections (one for each network card).

The internet network "Local Area Connection (Internal)" which is configured with the settings on the DHCP tutorial are :
 - IP : 10.0.0.1
 - Subnet Mask : 255.0.0.0
 - Gateway : 10.0.0.0
 - Serveur DNS : 10.0.0.1

The Internet network "Local Area Connection (Internet)", which is configured with the following parameters :
  - IP : 192.168.1.5
  - Subnet Mask : 255.255.255.0
  - Gateway : 192.168.1.254
  - DNS Server : 192.168.1.254

The parameters of the connection "Local Area Connection (Internet)" must obviously match the settings of your network.

When you want to configure the settings for the 2nd LAN connection static you get a warning due to multiple gateways are on different classes. It will work through NAT so click "Yes".

Go to the "Routing and Remote Access" window and right click on the right side. Then click "New Interface ...".

Select the interface "Local Area Connection (Internet)" and click "OK".

Select "Public interface connected to the Internet" and check the "Enable NAT on this interface" and "Enable a firewall based on this interface" if it isn't already do.

Make right click again on the right side and click on "New interface ...".

Select the interface "Local Area Connection (Internal)" and click "OK".

The interface "Internal" doesn't really exist and we don't need it.

Select "Private interface connected to private network" if it isn't already do.

Now that our server is configured to serve as a "Router", we will configure our DHCP server to send the IP address of the gateway (or router) to our clients. And clients will have Internet through the gateway which is our server.

To do this, go to the configuration of DHCP and right click on "Scope Options" and click "Configure Options".

Check the "003 Router" box and indicated the IP address of the server (internal network side) in the IP Address box. Then click the "Add" button and then OK to exit this window.

Then right click on your DHCP server and click "Allow" if it's marked "Allow" in the menu otherwise skip this step.

Then, turn on a client or that of earlier. If you have not turned off the client from now restart it to receive the new settings from DHCP.

Attempt to access the Internet by opening eg "Mozilla Firefox" or "Internet Explorer" and typing "http://www.google.com/".

On the client, go to : start menu -> Control Panels -> Network Connections. Double-click on "Local Area Connection" and go to the "Support" tab and then click Details.

If your client has received the informations from your DHCP server, you should get a result like this :

Then, in the server, go to the configuration of "Routing and Remote Access" and make a click on "Firewall NAT / Basic". Look at the columns "Number of packages ... translated." If they are not zero is that packets are going from the client to the Internet or the reverse what was that NAT is configured.