ActionTec router connected to Windows Server 2003 running routing and remote access
nomenclator
Newbie

I have successfully made a wireless connection to the ActionTec router from my Windows Server 2003 (WinServ) computer, with its wireless NIC. WinServ is successfully getting thru to the Actiontec's WAN side and accessing the internet. Now, I also want to be able to get to the internet from my 3 other computers, Windows XP computers A, B, and C.

Shouldn't be too hard. I have an old Linksy BEFSR41 router (RouterA) that I can use it as a switch. I plug A, B, C, and WinServ, into the LAN ports on RouterA,  and I configure static ip addresses on all 4 computers (and on router A). I'm using ip network 192.168.12.0. Now the 3 computers on the 12.0 network can all ping each other, and they can access each other's printers, and files. But they cannot ping the AT router yet, not the LAN side (192.168.1.1), nor the WAN side (the internet public ip address supplied by Verizon), nor can the AT router ping any of the computers. So I enable Routing and Remote Access on WinServ. Then I tell the AT router's dhcp server to assign WinServ a fixed ip address on the 192.168.1.0 network, of 192.168.1.5. And I  tell the AT router how to get packets to the 12.0 network - by going through the 192.168.1.5 gateway. I do this by going to Advanced > Y > routing and entering a static route into its routing table as follows: I click New route, then on the Route Settings screen I fill in "Network (home office); destination, 192.168.12.;, gateway, 192.168.1.5; and metric = 2. Now A, B, and C can ping  the AT router, at 192.168.1.1, and they can also ping Verizon's public IP address (internet ip address). And from the AT router I can ping A, B, and C.

I can ping Verizon's internet ip address, from A, B, and C, so I expected to also be able to connect to the internet, with A, B, and C, but I can't. What else do I have to do?

I had a setup like this working with cable internet and my Buffalo router. I did it using a static routing entry, and I also did it with RIP. (I'm trying to solidify my understanding of networking, by hooking things up in real life, however I can with whatever equipment I have.)  But I can't get it to work with the ActionTec. Anyone know what's missing?

0 Likes
Re: ActionTec router connected to Windows Server 2003 running routing and remote access
lasagna
Community Leader
Community Leader

Have you looked in the ActionTec under Firewall at the Security Log to see anything is showing up there as being blocked or dropped?

From your description is sounds almost like the ActionTec isn't applying the NAT/PAT to packets originating from the 192.168.12.0 network as they pass thru the router.  The reason you can ping the "public IP" of the AT is that packets know "how" to set to the Internet and thus pass thru the AT just fine to the public side but with their source IP intact.  The AT being the device which has the static route on it for your network behind the WinServ knows how to get back to that network and thus the ping succeeds.   If you go even one hop out in the cloud however, that device will see your traffic as originating still from 192.168.12.x and not as the public NAT/PAT IP of the AT and thus won't know how to get the packet back to you.

Most every commercially available NAT router (Linksys, Buffalo, Netgear, Belkin, etc.) will apply the NAT/PAT automatically to any packet that passes thru it unless you turn off that function and set them up in router mode.   The AT acts more like a traditional router in that you need to tell it everything.

I poked a bit on the route to see if I could figure out where to tell it to apply a NAT, but could find where it might be exposed in the web interface.  It might be something you have to login to the router on the command line and configure.  I'll look when I get a chance and see if I find anything.

I assume you're doing this because you're just trying to understand it and not because you think you need to ... because normally I would just hook the BEFSR41 directly to the Verizon switch (along with the WinServ) and have all the devices live on 192.168.1.x).

0 Likes
Re: ActionTec router connected to Windows Server 2003 running routing and remote access
viafax999
Community Leader
Community Leader

I have an old Linksy BEFSR41 router (RouterA) that I can use it as a switch

What did you connect the wan port of the linksys to?  If you're going to use it as a switch it should be a lan port on the actiontec and dhcp will nedd to be turned off on the linkys.

However I'm sure you mean you want to use it as a router in which case the wan port of the linksys should be connected to a lan port on the actiontec.  To make things easier for port forwarding etc you would be best to define the linksys with a static address on the actiontec subnet.  There is no need to make the workstations static addresses they can just get dhcp addresses from the linksys.  If you insist on making them static then you will need to set their dns servers to be 192.168.12.1 the same as their default gateway.

I plug A, B, C, and WinServ, into the LAN ports on RouterA,  and I configure static ip addresses on all 4 computers (and on router A).

OK the windows server is on the 192.168.12 subnet.  Why have you connected it wirelessly to the 192.168.1 subnet?

I'm at a loss to understand why you have introduced such complexity that will involve static routes etc. etc.  If you leave it wirelessly connected but not wired connected then all your workstations will be able to see it, however your server will not be able to see the workstations without a few gyrations.  If you break the wireless connection and use a wired connection then everybody will be able to see everybody and everybody will be able to see the internet.

Perhaps you can explain a little more as to what you are actually trying to accomplish.  I am actually set up exactly the same way as you with out the dual server connection on the in home network - I also have a second server on the VZ router segment that I expose.

0 Likes
Re: ActionTec router connected to Windows Server 2003 running routing and remote access
viafax999
Community Leader
Community Leader

@lasagna wrote:

Have you looked in the ActionTec under Firewall at the Security Log to see anything is showing up there as being blocked or dropped?

From your description is sounds almost like the ActionTec isn't applying the NAT/PAT to packets originating from the 192.168.12.0 network as they pass thru the router.  The reason you can ping the "public IP" of the AT is that packets know "how" to set to the Internet and thus pass thru the AT just fine to the public side but with their source IP intact.  The AT being the device which has the static route on it for your network behind the WinServ knows how to get back to that network and thus the ping succeeds.   If you go even one hop out in the cloud however, that device will see your traffic as originating still from 192.168.12.x and not as the public NAT/PAT IP of the AT and thus won't know how to get the packet back to you.

Most every commercially available NAT router (Linksys, Buffalo, Netgear, Belkin, etc.) will apply the NAT/PAT automatically to any packet that passes thru it unless you turn off that function and set them up in router mode.   The AT acts more like a traditional router in that you need to tell it everything.

I poked a bit on the route to see if I could figure out where to tell it to apply a NAT, but could find where it might be exposed in the web interface.  It might be something you have to login to the router on the command line and configure.  I'll look when I get a chance and see if I find anything.

I assume you're doing this because you're just trying to understand it and not because you think you need to ... because normally I would just hook the BEFSR41 directly to the Verizon switch (along with the WinServ) and have all the devices live on 192.168.1.x).


I think it more likey that his workstations can get to the internet fine via 192.168.12.1 and 192.168.1.1 but the responses coming back are following a different path of the static route, bit like a proxy server, except I'm sure the server has no idea what it's meant to do with them as it doesn't have an open socket to give them to.

0 Likes
Re: ActionTec router connected to Windows Server 2003 running routing and remote access
lasagna
Community Leader
Community Leader

I'm not sure I agree ... if you read his post closely, he's just using the BEFSR41 as a switch with staticly assigned IP's (everything on the LAN side, no WAN) and then has a second interface on the WinServ (with routing turned on the router switch side (he's using the WinServ as a router).   Since he's staticly assigned everything, the DHCP service on the Linksys really doesn't matter.

So, his clients should have a static assigned IP on the "12" network, with a default route pointed at the "WinServ's" "12" interface. WinServ has two interfaces -- one in each segment -- with a default route pointed at the AT router on the "1" network.


I know it doesn't make sense to do it the way he has it hooked up as normally you could just go "thru" Linksys as a NAT router and not need to mess with static routes and such or just using the Linksys as an extra switch and put in directly on the "1" network using only the LAN side for extra ports.   However, the key here I think is that he's playing around with different configuration possibilities in order to understand how everything works, so it's not so much as case of "my home network isn't working" as it is one of "this part configuration I'm testing doesn't work and it doesn't make sense why".

If the OP could clarify your intentions, that would help so that we understand if you just want to get things working or if you're aiming for a specific configuration for a reason (such as testing knowledge).

0 Likes
Re: ActionTec router connected to Windows Server 2003 running routing and remote access
nomenclator
Newbie

I am logging in as pollackalex because for some reason, when I log in as nomenclator, and try to get to a reply screen, I get an error message with a list of possible reasons (which don't make much sense to me) why my current login isn't allowing a click-thru. I tried logging out, closing explorer (form won't work at all in opera 9), and logging in again, but no luck.

lasagna: " if you read his post closely, he's just using the BEFSR41 as a switch with staticly assigned IP's (everything on the LAN side, no WAN) and then has a second interface on the WinServ (with routing turned on the router switch side (he's using the WinServ as a router).   Since he's staticly assigned everything, the DHCP service on the Linksys really doesn't matter."

I believe that's correct lasagna. Static ips assigned at ea device on the 12.0 network. Makes no dif if dhcp is running on linksys or not.

Yes and no. I'm doing this partly as a learning exercise, but also because if I have only one wireless access point, and all my lab computers are near each other, but not near the AT router, the only way they can communicate with each other is to first get a wireless link to the AT, and then use the linksys to share the internet between the 4 computers. If I wanted to use the linksys as a router instead of a swicth, I would have to send a wire all the way from the linksys to the AT (the linksys has no wireless capabilities) - which would make my roomate unhappy.

"WinServ has two interfaces -- one in each segment -- with a default route pointed at the AT router on the "1" network."

Correct. The AT router's dhcp server is assigning the WinServ wireless nic a default gateway address of 1.1, the address of the AT router's LAN interface.

I haven't set up the AT to block anything.

"From your description is sounds almost like the ActionTec isn't applying the NAT/PAT to packets originating from the 192.168.12.0 network as they pass thru the router. "

I think so.

"The reason you can ping the "public IP" of the AT is that packets know "how" to set [get] to the Internet and thus pass thru the AT just fine to the public side but with their source IP intact. "

Not sure exactly what you mean, but - the icmp packets are getting thru, the http aren't.

"The AT being the device which has the static route on it for your network behind the WinServ knows how to get back to that network and thus the ping succeeds. "

Not sure what you mean there.

"If you go even one hop out in the cloud however, that device will see your traffic as originating still from 192.168.12.x and not as the public NAT/PAT IP of the AT and thus won't know how to get the packet back to you."

OK, if you say so, but why ?

"Most every commercially available NAT router (Linksys, Buffalo, Netgear, Belkin, etc.) will apply the NAT/PAT automatically to any packet that passes thru it unless you turn off that function and set them up in router mode.   The AT acts more like a traditional router in that you need to tell it everything."

OK, that would have been my hypothesis. So you are saying its true. OK.

"I poked a bit on the route to see if I could figure out where to tell it to apply a NAT, but could find where it might be exposed in the web interface.  It might be something you have to login to the router on the command line and configure.  I'll look when I get a chance and see if I find anything."

I poked around for hours and couldn't find anything. Plus I find the AT gui rather confusing. And the help files all say "you ought to know this already if you are a networking professional so we're not going to tell you."

0 Likes
Re: ActionTec router connected to Windows Server 2003 running routing and remote access
nomenclator
Newbie

Weird. I'm logged in as pollackalex but my posts are being labeled nomenclator, even though I signed nomenclator out, before signing in as pollackalex. Pollackalex is the "main" user with ability to make subaccounts, and nomenclator is one of the subaccounts he set up. Weird weird weird.

0 Likes
Re: ActionTec router connected to Windows Server 2003 running routing and remote access
nomenclator
Newbie

I don't want to use internet connection sharing instead of WinServ RRAS, because, yes, I'm trying to solidify my networking knowledge of things such as Win Server and RRAS - I want to take MCSA certification tests.

0 Likes
Re: ActionTec router connected to Windows Server 2003 running routing and remote access
nomenclator
Newbie

Actually, if the AT isn't applying NAT to the packets coming from 12.0 on WinServ, why is it applying NAT to packets coming from 1.5 on Win Serv. It is the job of WinServ RRAS to get the packets thru from the 12.0 network to the 1.0 network, not the job of the AT router.

Maybe there is something on the WinServ's RRAS I have to set up. But if that were the case, why did I not have to do it when I had a Buffalo router instead of the AT router?

0 Likes
Re: ActionTec router connected to Windows Server 2003 running routing and remote access
nomenclator
Newbie

I should have attributed "Most every commercially available NAT router (Linksys, Buffalo, Netgear, Belkin, etc.) will apply the NAT/PAT automatically to any packet that passes thru it unless you turn off that function and set them up in router mode.   The AT acts more like a traditional router in that you need to tell it everything." to viafax999, not to lasagna, I apologize.

0 Likes