Sign in with
Sign up | Sign in
Your question

AD,DNS and NAT

Tags:
  • DNS
  • Active Directory
  • Windows
Last response: in Windows 2000/NT
Share
Anonymous
March 9, 2005 7:38:02 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I have AD windows 2000 domain and DNS in my machine and currently i
have NAT connectivity problem from client. The nat server seems not
getting any traffic from the client as i noticed there's no mapping in
the nat local traffic. Does it have any effect from having AD and DNS
in the same machine ?

Rgds
Daniel

More about : dns nat

Anonymous
March 10, 2005 5:32:58 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

<danieltan@time.net.my> wrote in message
news:1110415082.218154.261270@o13g2000cwo.googlegroups.com...
> I have AD windows 2000 domain and DNS in my machine and currently i
> have NAT connectivity problem from client. The nat server seems not
> getting any traffic from the client as i noticed there's no mapping in
> the nat local traffic. Does it have any effect from having AD and DNS
> in the same machine ?

AD and DNS are FINE on the same machine
(very common but not absolutely required.)

It is a security issue to have the DC (AD) also
be your NAT, but even that CAN work (technically
it is usually just find -- security is the concern.)

Describe your precise problem?

Internal machines cannot reach the Internet?

Ping doesn't work by BOTH name and IP?

Same for web access? Name AND IP?

In Internet Explorer (etc) this is perfectly legal:

http://www.learnquick.com

....OR...

http://161.58.177.171

(That's me FYI.)
Anonymous
March 10, 2005 1:04:42 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

In news:1110415082.218154.261270@o13g2000cwo.googlegroups.com,
danieltan@time.net.my <danieltan@time.net.my> commented
Then Kevin replied below:
> I have AD windows 2000 domain and DNS in my machine and
> currently i have NAT connectivity problem from client.
> The nat server seems not getting any traffic from the
> client as i noticed there's no mapping in the nat local
> traffic. Does it have any effect from having AD and DNS
> in the same machine ?

There are some problems with running AD, DNS, WINS, and RRAS on the same
machine. It can be done, with some registry changes. From your description
of the problem I'm not sure it will fix your problem, make sure you set the
correct interfaces as local and public. You still have to make the registry
changes.

830063 - Name resolution and connectivity issues occur on Windows 2000
domain controllers that have the Routing and Remote Acce:
http://support.microsoft.com/default.aspx?scid=kb;en-us;830063


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Related resources
Anonymous
March 10, 2005 8:27:28 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Herb, i managed to get my client on the net after i put my external
interface(pppoe dial up DSL) into the NAT. My NAT now has 3 interfaces,
internal/local nic, external(local nic for pppoe) and pppoe interface
for dsl dial up. I've also set the default static route. But the issue
is no port/name mapping in the internal local nic, only in the pppoe
dial up interface. I've read many articles mentioning that t should
have those interfaces. Is this the correct method ?

Both ping and friendly name can be used. DNS also do not have any
cached name if connected from client. Server itself is ok. My client
point to the internal interface/local nic of the server. But in my dns,
i didn't put that internal interface/local nic to be the ip for local
dns. Is this the problem that no cached name in dns if connect from
client ?

Rgds
Daniel


Herb Martin wrote:
> <danieltan@time.net.my> wrote in message
> news:1110415082.218154.261270@o13g2000cwo.googlegroups.com...
> > I have AD windows 2000 domain and DNS in my machine and currently i
> > have NAT connectivity problem from client. The nat server seems not
> > getting any traffic from the client as i noticed there's no mapping
in
> > the nat local traffic. Does it have any effect from having AD and
DNS
> > in the same machine ?
>
> AD and DNS are FINE on the same machine
> (very common but not absolutely required.)
>
> It is a security issue to have the DC (AD) also
> be your NAT, but even that CAN work (technically
> it is usually just find -- security is the concern.)
>
> Describe your precise problem?
>
> Internal machines cannot reach the Internet?
>
> Ping doesn't work by BOTH name and IP?
>
> Same for web access? Name AND IP?
>
> In Internet Explorer (etc) this is perfectly legal:
>
> http://www.learnquick.com
>
> ...OR...
>
> http://161.58.177.171
>
> (That's me FYI.)
Anonymous
March 15, 2005 11:35:13 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Herb, in my nat , the local nic does not have any name mapping but it
can up the net. The pppoe public interface is alright and have
mappings. Is this correct ?

Regards
Daniel
Anonymous
March 15, 2005 3:17:56 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

<danieltan@time.net.my> wrote in message
news:1110904513.326612.239010@z14g2000cwz.googlegroups.com...
> Herb, in my nat , the local nic does not have any name mapping but it
> can up the net. The pppoe public interface is alright and have
> mappings. Is this correct ?

I just saw the above message which seems a response
(today 3/15) to a message of mine (or someone named
Herb <grin>) but it is not properly threaded on MY
Outlook Express so I cannot find my message nor the
context.

I also don't really understand the paragraph (above)
and so probably cannot help with this limited info.
Anonymous
March 16, 2005 10:27:01 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

What i mean is in NAT , the internal nic does not have any traffic,
only the pppoe public interface. I just wonder how come it doesn't have
any name mapping ? Does it suppose to have ?

Regards
Daniel
Anonymous
March 16, 2005 4:10:32 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

<danieltan@time.net.my> wrote in message
news:1110986821.803042.150020@l41g2000cwc.googlegroups.com...
> What i mean is in NAT , the internal nic does not have any traffic,
> only the pppoe public interface. I just wonder how come it doesn't have
> any name mapping ? Does it suppose to have ?

Normally "NATs" have nothing to do with "names",
much less the mapping of them. (Although that is
possible in more sophistated proxy servers that work
at the application layer -- HTTP etc.)


Mapping you would see in the settings of a simple NAT are
usually MANUAL, and would only include mapping attemps
to connect to the outside address on a specific port to an
internal server which handles that type of traffic.

Dynamic mappings those setup by the internal clients of
the NAT would be there only as long as the connections
exist (or until timed out if they are abandoned.)

But I still doubt that you are making your real question
clear.

What problems or question do you REALLY wish ask?
Anonymous
March 16, 2005 9:44:29 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Herb, well u did almost answer all my question. Now i have a NAT
connection to internet and my client can access through it. In NAT only
the public interface has the traffic/mapping but not the internal
nic/interface. I just wonder how could this be ? but overall the NAT is
working. But what u mentioned abt the Manual mapping , does it mean
like establishing multiuser game connection or static route to another
server via some preset ports ? does this connection establish via the
internal nic ? this is what i want to know also. Thanks

Rgds
Daniel


Herb Martin wrote:
> <danieltan@time.net.my> wrote in message
> news:1110986821.803042.150020@l41g2000cwc.googlegroups.com...
> > What i mean is in NAT , the internal nic does not have any traffic,
> > only the pppoe public interface. I just wonder how come it doesn't
have
> > any name mapping ? Does it suppose to have ?
>
> Normally "NATs" have nothing to do with "names",
> much less the mapping of them. (Although that is
> possible in more sophistated proxy servers that work
> at the application layer -- HTTP etc.)
>
>
> Mapping you would see in the settings of a simple NAT are
> usually MANUAL, and would only include mapping attemps
> to connect to the outside address on a specific port to an
> internal server which handles that type of traffic.
>
> Dynamic mappings those setup by the internal clients of
> the NAT would be there only as long as the connections
> exist (or until timed out if they are abandoned.)
>
> But I still doubt that you are making your real question
> clear.
>
> What problems or question do you REALLY wish ask?
Anonymous
March 17, 2005 9:46:44 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

<danieltan@time.net.my> wrote in message
news:1111027469.598449.172440@o13g2000cwo.googlegroups.com...
> Herb, well u did almost answer all my question. Now i have a NAT
> connection to internet and my client can access through it. In NAT only
> the public interface has the traffic/mapping but not the internal
> nic/interface.
> I just wonder how could this be ? but overall the NAT is
> working.

If you are just asking how such NATs do this, I
can likely explain. (If so, this is perfectly normal....)

NATs only translate outbound traffic when sending OUT
and external (and NATed) interface.

Traffic entering on a non translated (usually Internal) interface
can exit another such interface without being translated and
then there is nothing to "remember" (or map).

The simple NATs usually only have 2 interfaces, so it is easy
to assume that this is the only case -- but even this is no longer
the common case for many such devices: I have several that
have two internal interfaces (Wireless and Ethernet) plus
another External interface (to the cable/DSL etc.).

You can communitate between Wireless and internal Ethernet
with NO mapping just like on any other router (or like a bridge
if you use this setting.)

> But what u mentioned abt the Manual mapping , does it mean
> like establishing multiuser game connection or static route to another
> server via some preset ports ?

Yes. (usually)


> does this connection establish via the
> internal nic ?
> this is what i want to know also. Thanks

No, it initiates on the EXTERNAL NIC, e.g.,:

Trying to Terminal serve to an internal machine:

Map External IP of NAT, on TCP port 3389, to address
of internal machine on port 3389.

You could even map a web request on external address
TCP port 80 to an internal Web server on port 8000
(or any other port the internal server can service.)
Anonymous
March 17, 2005 11:33:15 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Herb, so what is the internal nic does ? althought i know client must
point to it . can just removed it and just use public ? just curious

Rgds
Daniel


Herb Martin wrote:
> <danieltan@time.net.my> wrote in message
> news:1111027469.598449.172440@o13g2000cwo.googlegroups.com...
> > Herb, well u did almost answer all my question. Now i have a NAT
> > connection to internet and my client can access through it. In NAT
only
> > the public interface has the traffic/mapping but not the internal
> > nic/interface.
> > I just wonder how could this be ? but overall the NAT is
> > working.
>
> If you are just asking how such NATs do this, I
> can likely explain. (If so, this is perfectly normal....)
>
> NATs only translate outbound traffic when sending OUT
> and external (and NATed) interface.
>
> Traffic entering on a non translated (usually Internal) interface
> can exit another such interface without being translated and
> then there is nothing to "remember" (or map).
>
> The simple NATs usually only have 2 interfaces, so it is easy
> to assume that this is the only case -- but even this is no longer
> the common case for many such devices: I have several that
> have two internal interfaces (Wireless and Ethernet) plus
> another External interface (to the cable/DSL etc.).
>
> You can communitate between Wireless and internal Ethernet
> with NO mapping just like on any other router (or like a bridge
> if you use this setting.)
>
> > But what u mentioned abt the Manual mapping , does it mean
> > like establishing multiuser game connection or static route to
another
> > server via some preset ports ?
>
> Yes. (usually)
>
>
> > does this connection establish via the
> > internal nic ?
> > this is what i want to know also. Thanks
>
> No, it initiates on the EXTERNAL NIC, e.g.,:
>
> Trying to Terminal serve to an internal machine:
>
> Map External IP of NAT, on TCP port 3389, to address
> of internal machine on port 3389.
>
> You could even map a web request on external address
> TCP port 80 to an internal Web server on port 8000
> (or any other port the internal server can service.)
Anonymous
March 18, 2005 1:39:09 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

<danieltan@time.net.my> wrote in message
news:1111120394.992241.258800@o13g2000cwo.googlegroups.com...
> Herb, so what is the internal nic does ?

Passes traffic mostly.

In some cases, that one is enabled for DNS or DHCP.
(On ICS it always does these, on NAT-Server-RRAS
is only does these if you ask -- for a hardware device
you milage may vary.)

> althought i know client must
> point to it . can just removed it and just use public ? just curious

Clients are adjacent to the internal-Private interface so
they use that one as their Default Gateway for simple
networks.

"Remove it"? I don't even know what you mean or why
you would want to do that -- probably the answer is "No".


> Herb Martin wrote:
> > <danieltan@time.net.my> wrote in message
> > news:1111027469.598449.172440@o13g2000cwo.googlegroups.com...
> > > Herb, well u did almost answer all my question. Now i have a NAT
> > > connection to internet and my client can access through it. In NAT
> only
> > > the public interface has the traffic/mapping but not the internal
> > > nic/interface.
> > > I just wonder how could this be ? but overall the NAT is
> > > working.
> >
> > If you are just asking how such NATs do this, I
> > can likely explain. (If so, this is perfectly normal....)
> >
> > NATs only translate outbound traffic when sending OUT
> > and external (and NATed) interface.
> >
> > Traffic entering on a non translated (usually Internal) interface
> > can exit another such interface without being translated and
> > then there is nothing to "remember" (or map).
> >
> > The simple NATs usually only have 2 interfaces, so it is easy
> > to assume that this is the only case -- but even this is no longer
> > the common case for many such devices: I have several that
> > have two internal interfaces (Wireless and Ethernet) plus
> > another External interface (to the cable/DSL etc.).
> >
> > You can communitate between Wireless and internal Ethernet
> > with NO mapping just like on any other router (or like a bridge
> > if you use this setting.)
> >
> > > But what u mentioned abt the Manual mapping , does it mean
> > > like establishing multiuser game connection or static route to
> another
> > > server via some preset ports ?
> >
> > Yes. (usually)
> >
> >
> > > does this connection establish via the
> > > internal nic ?
> > > this is what i want to know also. Thanks
> >
> > No, it initiates on the EXTERNAL NIC, e.g.,:
> >
> > Trying to Terminal serve to an internal machine:
> >
> > Map External IP of NAT, on TCP port 3389, to address
> > of internal machine on port 3389.
> >
> > You could even map a web request on external address
> > TCP port 80 to an internal Web server on port 8000
> > (or any other port the internal server can service.)
>
Anonymous
March 18, 2005 10:15:41 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Herb, so under what circumstances i can see a local nic in rras got any
mapping ? so i guess its quite alright as long as my nat is working
regardless got any mapping in local nic or not. Referring to the
removing local interface is that i was wondering since it doesn't used
so why not just removed it. But u have answered my question.

Rgds
Daniel
Anonymous
March 18, 2005 3:59:57 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

<danieltan@time.net.my> wrote in message
news:1111158941.373442.126230@l41g2000cwc.googlegroups.com...
> Herb, so under what circumstances i can see a local nic in rras got any
> mapping ?

I don't think you will EVER see such mappings.

There is NO translation on the internal NIC so there
is no need for such mappings.

> so i guess its quite alright as long as my nat is working
> regardless got any mapping in local nic or not.

What mappings do you expect there? There is no translation
on an internal NIC for the NAT.

Only external NICs are involved in translation (either inbound
or outbound).

> Referring to the
> removing local interface is that i was wondering since it doesn't used
> so why not just removed it.

Well, that depends on the NAT software/hardware.

In Windows RRAS, the Internal NIC MUST be added
to the NAT to allow traffic through that NIC to particate
in translations on OTHER (External) NICs.

That is just the way the software works to make it more
flexible -- that means you might or might not have wanted
to include clients on those NICs in public/Internet access.

If you "remove" them, you are saying they may not
participate which I doubt is what you want to do.

> But u have answered my question.

Good.
!