Jump to content
Forum²

Recommended Posts

Posted

I have Windows Server 2008 Routing and Remote Access set up as a NAT server. Clients drop occasional packets, and the server gives Destination Host Unreachable when I ping. I believe I have narrowed this problem down to the routing tables. It seems as though some old configurations are stuck in the Persistent Routes, and causing packet loss. I have restarted the server, but the persistent routes are still listed.

 

My network is configured like this:

 

Public IP

T1

10.8.1.1

|

10.8.1.2

Adtran TA600 Router

172.16.1.254

|

172.16.1.1

Windows Server 2008

192.168.1.2

|

192.168.1.x

Clients

 

This is what happens when I ping from the server:

 

ping google.com -n 10

Pinging google.com [209.85.171.100] with 32 bytes of data:

Reply from 192.168.1.2: Destination host unreachable.

Reply from 209.85.171.100: bytes=32time=94msTTL=244

Reply from 209.85.171.100: bytes=32time=93msTTL=244

Reply from 209.85.171.100: bytes=32time=94msTTL=244

Reply from 209.85.171.100: bytes=32time=94msTTL=244

Reply from 209.85.171.100: bytes=32time=94msTTL=244

Reply from 209.85.171.100: bytes=32time=94msTTL=244

Reply from 209.85.171.100: bytes=32time=94msTTL=244

Reply from 209.85.171.100: bytes=32time=94msTTL=244

Reply from 209.85.171.100: bytes=32time=95msTTL=244

Ping statistics for 209.85.171.100: Packets: Sent = 10,

Received = 10, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 93ms, Maximum = 95ms, Average = 94ms

 

Notice the first reply, "Reply from 192.168.1.2: Destination host unreachable."

It looks like instead of using the external IP address to find google, it's trying the internal IP address.

 

Posted

Here is my Route Print from the server

 

[font=Courier New]route print 
=========================================================================== 
Interface List 
11 ...00 1f e2 61 95 ff ...... Broadcom NetLink (TM) Gigabit Ethernet 
10 ...00 40 05 02 ed e1 ...... D-Link DFE-530TX+ PCI Adapter 
1 ........................... Software Loopback Interface 1 
12 ...00 00 00 00 00 00 00 e0 isatap.{E17568D3-BAEE-444C-98AC-798EF78BFA0C} 
14 ...00 00 00 00 00 00 00 e0 isatap.{DC503EBC-8BAE-4D1A-93CE-02C2958A5483} 
=========================================================================== 

IPv4 Route Table 
=========================================================================== 
Active Routes: 
Network Destination Netmask Gateway Interface Metric 
0.0.0.0 0.0.0.0 On-link 192.168.1.2 276 
0.0.0.0 0.0.0.0 172.16.1.254 172.16.1.1 276 
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 
172.16.1.0 255.255.255.0 On-link 172.16.1.1 276 
172.16.1.1 255.255.255.255 On-link 172.16.1.1 276 
172.16.1.255 255.255.255.255 On-link 172.16.1.1 276 
192.168.1.0 255.255.255.0 On-link 192.168.1.2 276 
192.168.1.2 255.255.255.255 On-link 192.168.1.2 276 
192.168.1.255 255.255.255.255 On-link 192.168.1.2 276 
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 
224.0.0.0 240.0.0.0 On-link 172.16.1.1 276 
224.0.0.0 240.0.0.0 On-link 192.168.1.2 276 
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 
255.255.255.255 255.255.255.255 On-link 172.16.1.1 276 
255.255.255.255 255.255.255.255 On-link 192.168.1.2 276 
=========================================================================== 
Persistent Routes: 
Network Address Netmask Gateway Address Metric 
0.0.0.0 0.0.0.0 192.168.1.2 Default 
0.0.0.0 0.0.0.0 172.16.1.254 Default 
0.0.0.0 0.0.0.0 172.16.1.254 Default 
=========================================================================== [/font]

Notice the Persistent Routes, the first entry is the internal IP address, for some reason it shows my external IP twice. 192.168.1.2 Should never actually be a gateway for the server, but only for the clients.

 

the server IP configuration is as follows:

 

ipconfig /all

 

Windows IP Configuration

 

Host Name . . . . . . . . . . . . : SERVERNAME

Primary Dns Suffix . . . . . . . : domain.mydomain.org

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domain.mydomain.org

mydomain.org

 

Ethernet adapter Local Area Connection 2:

 

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetLink Gigabit Ethernet

Physical Address. . . . . . . . . : 00-1F-E2-61-95-FF

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::4120:ec84:fb19:9837%11(Preferred)

IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 0.0.0.0

DNS Servers . . . . . . . . . . . : 127.0.0.1

NetBIOS over Tcpip. . . . . . . . : Disabled

 

Ethernet adapter Local Area Connection:

 

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : D-Link DFE-530TX+ PCI Adapter

Physical Address. . . . . . . . . : 00-40-05-02-ED-E1

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::28d2:8730:ae1d:796d%10(Preferred)

IPv4 Address. . . . . . . . . . . : 172.16.1.1(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 172.16.1.254

DNS Servers . . . . . . . . . . . : 127.0.0.1

NetBIOS over Tcpip. . . . . . . . : Enabled

 

Tunnel adapter Local Area Connection* 8:

 

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : isatap.{E17568D3-BAEE-444C-98AC-798EF78BF

A0C}

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.2%12(Preferred)

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : 127.0.0.1

NetBIOS over Tcpip. . . . . . . . : Disabled

 

Tunnel adapter Local Area Connection* 9:

 

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : isatap.{DC503EBC-8BAE-4D1A-93CE-02C2958A5

483}

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::5efe:172.16.1.1%14(Preferred)

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : 127.0.0.1

NetBIOS over Tcpip. . . . . . . . : Disabled

 

Its been quite the headache, but I believe that I've got it narrowed down. I just can't figure out how to fix it.

  • Forum² Admin
Posted

Looks to me like your gateway is configured to filter ICMP requests. Most do that by default to make them invisible to the world.

 

Check your router configuration.

Posted

Sorry about this, but are you saying to check the RRAS router config, or the Adtran router before the server?

 

Or should both of them allow ICMP requests?

 

I'm not real sure what you are suggesting I do.

Posted

Currently the RRAS server is set to receive all packets. This was the default setting, and I have not changed anything.

 

The adtran total access router was configured with our previous server, and passed the necessary packets, and did not give any errors like this, so I assume the problem is on my new server. But, I can't seem to find the setting on the adtran router for packet filtering. I doubt I need to adjust it, though.

 

While I was trying to find the setting on the server to allow ICMP I disabled it by accident, and no ping replies came through at all. But as soon as I enabled it, just the first reply timed out, and the rest made it just fine.

 

can you think of any screen shots, or information I could provide that would clarify the problem?

Posted

I really think the problem is here, as 192.168.1.2 should not be the gateway for the server at all, and is not set to the gateway in the IP config. this should only be the gateway on the clients.

 

 

Persistent Routes: 
Network Address Netmask Gateway Address Metric 
0.0.0.0 0.0.0.0 192.168.1.2 Default 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...