Using Windows Server 2008 system like Router NAT

In this article we will install a test network using a DSL router to connect to the Internet.

Network Management - In this article we will install a test network using a DSL router to connect to the Internet.

This test network needs to be installed on a secondary network with an Internet connection. In this network, we will install Windows Server 2008 on an unused computer, which will have two network interface cards (NICs). It will then install the Routing and Remote Access Service service, and use this computer as a router between the test network and the working network.

Using Windows Server 2008 system like Router NAT Picture 1

Figure 1: Network organization model using RRAS as a router that connects two secondary networks.

Basically, we can follow two methods. First, configure RRAS as an IP router to relay traffic between two secondary networks. This will allow workstations on the test network to send information to the server on the Internet, however, traffic will not be allowed to be returned to workstations. This is because a packet sent via the DSL router from the Internet will be redirected to a network with 172.16.11.0 Ip address, so this data will not be accessible to the client on the network with IP address 10.0.0.0 . The solution to this problem is to add a static router to the DSL router to directly forward any data to the specified destination. However, we do not have administrative access to the DSL router because this router is managed with the Internet service provider, so this method is not feasible.

We can apply the second method of configuring RRAS systems as a router Network Address Translation (NAT). NAT is an IETF standard that provides methods to translate IPv4 addresses of computers on a network to IPv4 addresses of computers on another network. Of course, the DSL router on the working network is also configured as a NAT router, so the result of this method will create cascading NAT or double NAT. Internet connections work stably through two, or even 3-tiered NATs, although some applications may have problems with this type of network topology. For example, Windows Home Server does not support tiered NATs.

Server settings

First, the Windows Server 2008 operating system will be installed on the computer with two network interface cards (NICs), and the IPv4 settings of each NIC are configured as follows:

The NIC connects to the test LAN

IP address is 10.0.0.1
Subnet mask is 255.0.0.0
Default gateway left blank
DNS servers are empty

The NIC connects to the working LAN

IP address is 172.16.11.220
Subnet mask is 255.255.255.0
Default gateway is 172.16.11.1
DNS servers are the public IP addresses of DNS servers of ISP providers.

Note that the NIC connected to the test LAN (10.0.0.0) will not have a Default gateway because computers connected to multiple networks can only be assigned a gateway address. In addition, the NIC connected to this test LAN has been configured with the IP address of the public DNS host blood. This is not necessary so that workstations on the test network can access the Internet, but if we want to access the Internet right on the RRAS server, do not ignore this operation.

Install workstation on test network

Next, the Windows 7 operating system will be installed on the workstations, then the IPv4 installation will be configured as follows:

IP address is 10.0.0.101 (.102, .103, .)
Subnet mask is 255.0.0.0
Default gateway is 10.0.0.1 (Next interface of RRAS system)
DNS servers are the public IP addresses of the DNS servers of the ISP we are using.

At this point, all cables are connected, but if we try to ping the DSL router from a workstation on the test network, or if we monitor to navigate an address on a public network from the same workstation, then failure messages will indicate that the test network is not connected to the Internet as shown in Figure 2.

Using Windows Server 2008 system like Router NAT Picture 2

Figure 2: Cannot ping a public IP address from a workstation on the test network.

Meanwhile, we also cannot access the Internet from the workstation.

Using Windows Server 2008 system like Router NAT Picture 3

Figure 3: Web access failed.

Installing and configuring RRAS

To enable workstations on the test network to access the Internet, we need to install RRAS on the server, then configure the server as a NAT router. To install the RRAS feature, launch Add Roles Wizard from Server Manager or OOBE.exe and add the Network Policy and Access Services role (Figure 4).

Using Windows Server 2008 system like Router NAT Picture 4

Figure 4: Select the Network Policy and Access Services role.

On the next page of this Wizard, select Routing and Remote Access Services to install two functional services, including Remote Access Service and Routing .

Using Windows Server 2008 system like Router NAT Picture 5

Figure 5: Select Routing and Remote Access Services.

When you have completed the steps on this Wizard, open the Routing and Remote Access console from Administrative Tools , right-click the additional server and select the Configure and Enable Routing and Remote Access to launch the Routing and Remote Access Server Setup Wizard . Then select the Network Address Translation (NAT) option on this Wizard's Configuration page and click Next .

Using Windows Server 2008 system like Router NAT Picture 6

Figure 6: RRAS configuration.

Next, on the NAT Internet Connection page, we will select the network interface on the working LAN that is the public interface of the NAT router.

Using Windows Server 2008 system like Router NAT Picture 7

Figure 7: Selecting the network interface on the working LAN.

The next page will ask us if the NAT router is required to provide DNS and DHCP services to the computers on the test network (this network is connected to the private interface of the NAT router). Since all workstations are assigned a static IP address, we will not actually perform this task by selecting the option I will set up name and address services later .

Using Windows Server 2008 system like Router NAT Picture 8

Figure 8: Select option I will set up name and address services later on the page
Name and Address Translation Wizard.

After completing the above steps, the RRAS service will launch, and this service is configured for both IPv4 Routing and NAT. To confirm this information, right-click the local server in RRAS Console and select Properties . The General tab shows that IPv4 Routing is enabled, meaning that IPv4 packets can be forwarded from one NIC to another.

Using Windows Server 2008 system like Router NAT Picture 9

Figure 9: Properties dialog of the local server.

When selecting the NAT node in the RRAS Console we will see the network interfaces created when the NAT is configured on the server using the Routing and Remote Access Server Setup Wizard . Figure 10 shows the properties of Local Area Connection , in this case the network connection to the test network (10.0.0.0). Note that NAT will treat this network as a private network, which is the network behind the NAT router.

Using Windows Server 2008 system like Router NAT Picture 10

Figure 10: Properties dialog of Local Area Connection.

Figure 11 shows the properties of Local Area Connection 2 , in this case the working network (172.16.11.0). Note that NAT considers this network a public network, which is the front end of the NAT router.

Using Windows Server 2008 system like Router NAT Picture 11

Figure 11: Properties dialog of Local Area Connection 2.

Intranet communication is also added to configuring NAT as a private interface.

Testing NAT

So far, NAT has been configured with IP Routing, if we try to ping the DSL router from a test network workstation, or track it from one workstation to another on the Internet, these processes will work.

Using Windows Server 2008 system like Router NAT Picture 12

Figure 12: Network connection is verified between the test network and the Internet.

In addition, we can also browse the Web from a workstation on the test network.

Using Windows Server 2008 system like Router NAT Picture 13

Figure 13: Computers behind the NAT router can browse the Web.

We can control NAT operation with RRAS Console. To do this, open the RRAS Console and select the NAT node, and check the network data of Local Area Connection 2 (NAT communication to the Internet or to the public network) as shown in Figure 14.

Using Windows Server 2008 system like Router NAT Picture 14

Figure 14: Check the NAT operation.

Finally, clicking on this interface selects Show Mappings, we can open a new window showing detailed information about what the NAT router is doing (Figure 15).

Using Windows Server 2008 system like Router NAT Picture 15

Figure 15: Details about NAT operation.

Conclude

By taking advantage of RRAS's Network Address Translation and IP Routing feature in Windows Server 2008, we can set up a secondary test network on the main network and ensure that all computers on the secondary network This level can connect to the Internet.