Site menu:

Home | Windows 9x | Windows 2000 | Windows XP | Windows Vista | Windows 7 | TechFiles | Search

Lee Madajczyk

NAT Routing in Windows 2000 Use this powerful tool to provide Internet access to an unlimited number of machines.

• February 12, 2001 •

This article assumes basic knowledge of Windows 2000.

Background

So you've got a cable or DSL connection, but you can only use one computer system on the Internet. You've got a few computers, and you'd like to be able to provide Internet access to all of them. Just hooking up a hub won't cut it, because your Internet provider will most likely assign you only one or two Internet IP addresses.

For example, you've got a Windows 2000 Server configured to handle all of your incoming web traffic, including Web, FTP, and everything else. But you also have another computer that you'd like to provide Internet access to. This computer shouldn't be visible on the Internet, and you don't want to have to do a lot of configuration.

You've got a couple of choices. First, you could implement Internet Connection Sharing, which is available in Windows 98 Second Edition, Windows 2000 Professional, and all of the server versions of Windows 2000. Internet Connection Sharing works very well, and will work for many simple configurations. However, I've found that if you want to do any in-depth configuration of the Windows 2000 routing, Internet Connection Sharing has limits. Besides, there's another form of routing that you may be interested in.

Network Address Translation

Network Address Translation, or NAT routing, is fairly simple to configure. Within about twenty minutes you can get everything configured, plus you can modify it very easily. When combined with other services, like DHCP, WINS, and DNS, it can provide you a very powerful solution.

NAT routing translates IP packets from one network to another network. There are two adapters, or interfaces, that need to be configured to make NAT routing work. In this example, we'll set the public address to an Internet-ready IP address. The other interface is the private interface, and will be configured with an IP address designated for internal use. After that, we'll configure Routing and Remote Access to pass information between the two interfaces.

Initial Setup

Before you can configure NAT routing, you'll need to ensure that you have two network interface cards (NICs) configured for use in the server. Select one of these adapters to be your public adapter. You'll want to plug your DSL or cable connection into this adapter. Plug the connection for your hub into the other adapter. You've got a hub, right? No? Well, without a hub, you won't be able to share the connection to more than one computer. In that case, you can temporarily use a crossover cable to connect to your second machine.

The Dirty Work

Got the cabling done? Great. Now let's get into the fun stuff. Hop into the Network and Dial-Up Connections configuration applet in the Control Panel. You'll need to set the IP address for each adapter. I normally rename the adapters to "DSL Public Connection" and "NAT Routing Private Connection" so I can tell the two apart. You'll need to set the public connection to the information that your ISP has given you. The NAT Routing connection should have the IP address set to 192.168.0.1, subnet 255.255.255.0. The 192.168.x.x network is reserved for internal communications on computer networks.

Now we'll need to configure and enable the Routing and Remote Access Service (RRAS). This comes disabled by default for security reasons. You'll find Routing and Remote Access in the Administrative Tools section, which is now located in the Control Panel.

Once you have that opened up, you should see something similar to Figure 1 (below). If you right-click on the server name (in the case of Figure 1, it's BEAVIS) you'll see an option to Configure and Enable Routing and Remote Access.

Once you select that, one the famous Microsoft wizards will appear. Click through the introduction screen, and you'll be presented a list of five different common configurations, shown in Figure 2.

Select Internet Connection Sharing from the list; the other selections are also very useful, but they are beyond the scope of this article. The next screen will let you choose either NAT routing or ICS. Select NAT routing and click Next.

The next screen in the wizard will allow you to select either a network adapter that you already have installed, or you can create a demand-dial interface. A demand-dial interface is basically a dial-up modem that is activated only when required. Select the adapter that you've configured as your public connection. Click Next a few more times and you're done! You've got the routing configured. Your Routing and Remote Access screen should look something like Figure 3.

Automatic Address Assignment

You can force NAT routing to automatically assign internal IP addresses to clients when they're connected. This is nice for when your friend stops by with his computer to steal a little bandwidth. All they have to do is plug in a network cable and your server will automatically assign them an IP address.

To configure it, right-click on Network Address Translation (NAT) under IP Routing. You'll see four tabs available; select Address Assignment. You'll need to set the tab up exactly as shown in Figure 4.

Once you apply those changes, you should be all set. Please note that the Address Assignment feature of NAT routing is very basic, and should NOT be used to support more than five workstations. If you would like to provide information like WINS server assignments to your clients, you will need to configure and use a DHCP server, which will be covered in another article. One major issue that I have run into whenever I try using the Address Assignment feature is that it does NOT seem to provide DNS server information to it's clients. Your only option, if this also happens to you, is to manually set the DNS servers on your client workstations.

Testing the Configuration

This part is easy. Configure the network adapter in your client workstation to automatically receive an IP address from DHCP. Restart the workstation, and you should be all set. If your configuration doesn't work, ensure that you are receiving an IP address by running either WINIPCFG or IPCONFIG from the command line.

Conclusion

Congratulations! The steps you've taken to configure Routing and Remote Access in Windows 2000 are the first steps to fully understanding the features and power of routing in Windows 2000. RRAS is the main configuration point for everything from external network access to VPNs.

---------
Lee Madajczyk, MCSE, MCP
Windows 2000 Editor
InfiniSource.com

other articles by Lee Madajczyk:

Choose from dropdown list ----------------------------------------------- Introducing Lee Madajczyk - Windows 2000 Editor ---------newest articles first---------- Using Terminal Services for Remote Administration Windows Installer Service Overview Computer Management in Windows 2000 NAT Routing in Windows 2000  

© HelpWithWindows.com. All rights reserved.
HelpWithWindows is a division of FDMA Media LLC.
Privacy Policy
Design by Andreas Viklund.

Webmaster