0

I have a dual nic Windows 2008 Server setup with one public interface connected to the internet and another to a switch which is hooked into my LAN. I am running RRAS on the Windows 2008 box and doing NAT. The windows 2008 Server also runs IIS and hosts a small web site. All of my PCs on the LAN can access the internet just fine by means of the routing being done by the Windows 2008 RRAS service. The hosted website on the Windows 2008 Server box is accessible just fine from the outside, however when machines on the LAN attempt to access it via the external host name (ie: www.contoso.com) DNS resolves the address fine to the public IP, the browser starts to load the page but then everything just stops and the page is never rendered properly (a partial page render does occur). Accessing the site via the LAN using the local machine or ip address bound to the private nic causes the page to load successfully.

How do i fix this? I'm a developer by profession and I dable in networking (enough to be dangerous). Any help or guidance would be greatly appreciated.

Internet    |       |                  [SMC] -- [public nic]                           \                            -[Win 2008 Server]                           /          [private nic]               |               |               |            [switch]               |               |                LAN  
Art
  • 123
  • 9

1 Answers1

1

Does your external NIC on the server have a public ip / connected straight to a router or does it go in to another router?

What is happening is (if your setup is as I expect above)-

Client looks up IP and sees that it is outside of your local network Client goes to its default gateway (your Windows 2008 Box) and says the ip. Windows 2008 says not here, looks up the default gateway and forwards the request to your router. Router says, that IP is mine, but then hangs and times out!

See if your router supports NAT Loop-back. Basically, NAT inside Windows 2008 is working, but the DNS IP is your public one and RRAS does not realise that it is it's own IP, and therefore doing its job and routing to its external network.

If you say the make/model of your router, I can help you further (if it supports it)

Another way that can get awkward is to install your own local DNS server on the Windows 2008 box and refer all clients to it (make it forward queries to your current DNS servers) and force in a zone for each of your domains that have your internal records.

... Or if you only have a handful of machines and the router does not support NAT Loop-back, and you understandably do not want to buy new hardware, insert your record in to the machines' host file. This is a surprisingly efficent technique and providing you have admin access to shares, you can script this VERY easily by just placing it in a directory then doing 

copy hosts \\\computer_name\c$\windows\system32\drivers\etc\hosts

And all done without a reboot!

Of course, the prefrence is just to enable NAT Loopback!

Anyway, hope I helped and this was the issue... Dreading your reply of "I only have a modem and the server is using a external ip in it's config!!"

William Hilsum
  • 3,536
  • 6
  • 29
  • 39
  • The external NIC has a public IP and goes directly into another router, it is an SMC 8014. It is the only connection going into the router. The SMC router is capable of doing NAT (which I currently have disabled). Does the NAT loop-back concept consist of me enabling NAT on the router and then multi-homing the Public Interface with a private IP on the same subnet as my LAN? – Art Aug 08 '09 at 12:26
  • Not exactly - but I could be wrong, (only had a few hours sleep :( ) So, is it you have multiple IP's and use one on the external interface of the router, and assigned one to the public NIC of the server? I am unsure as to why RRAS is not doing loopback (see if it is a option you can enable), other than that, try to enable it on the router and see if it does work, but I am not sure if your setup is now what I think it is. – William Hilsum Aug 08 '09 at 15:34
  • The server has two nics, the external one is bound to a public ip address and pluged into the SMC 8014. The server also has a private interface plugged into a switch (which connects all of the other LAN computers). The SMC 8014 should be serving as a bridge and RRAS should be doing all of the routing. I do have multiple IPs and from what I have read the SMC 8014 does have a public broadcast address that is different than any of my public IPs. I looked all in the config options for the SMC and say no reference to NAT Loopback, and since I an not doing NAT on that device does it matter? – Art Aug 08 '09 at 15:55
  • I added a primative ASCII diagram above :) – Art Aug 08 '09 at 16:12
  • I ended up taking the DNS approach. I added forward loop zones for the hosted website and all works fine. Thanks for the suggestions, the explanation and time time. – Art Aug 10 '09 at 20:37