TechSpot

DHCP Server behind a NAT Router

By sgilmour
Apr 16, 2009
  1. Hi,
    We have a Local Area Network at work and on this network we have a VM Server with Windows 2003 Server R2 that we plan on using for Active Directory and this server also has DHCP and DNS Server configured on it. 10.1.0.18 is the Server IP. NAT is not configured on the server but is configured on the router.
    From this Network I have my own private address range 10.1.146.1-255
    which connects to my NAT Router. I am able to get an ip address of 10.1.146.100 from the DHCP Server for my XP Client

    interface vlan10
    ip address 10.1.146.1 255.255.128.0
    ip nat outside
    no shutdown

    Next I setup a second interface on my NAT Router.
    Interface Vlan 300
    ip address 30.1.180.1 255.255.255.0
    ip nat inside
    ip helper address 10.1.0.18
    no shutdown

    I set up the range on the same DHCP Server
    When I connect my Windows XP Client to Interface Vlan 300 I am unable to get a DHCP address on this client but on the server it says that it received an ip address.
    DHCP Server address
    ip address 10.1.0.18
    netmask 255.255.254.0
    Gateway 10.1.0.1

    DHCP Server Setup
    Vlan 300
    ip range 30.1.180.100 -30.1.180.200
    Gateway 30.1.180.1
    DHCP Options:
    003 Router 10.1.146.1
    006 DNS Server 10.1.0.18
    015 DNS Domain Name SQA.com
    044 WINS/NBNS 10.1.0.18
    046 WINS/NBT Node Type 0x8



    Any Ideas on how to fix this so I can get a DHCP address on Interface Vlan 300 I am assuming it is a configuration issue.
    Thanks
    Scott
     
  2. jobeard

    jobeard TS Ambassador Posts: 9,322   +619

    it's actually a routing issue; if you can add proper routing from the router to the server,
    it will all work.

    HOWEVER, it would be far easier to just place all systems in the same subnet.
     
  3. sgilmour

    sgilmour TS Rookie Topic Starter

    If it is a routing issue do you have any tips or ideas.
    I have Nat setup on the router as well as OSPF. The router can contact the server just fine. I was thinking it had something to do with my DHCP options on the server.
     
  4. jobeard

    jobeard TS Ambassador Posts: 9,322   +619

    routing tables (especially in Windows) is non-trivial, compared to Linux.

    Your biggest issue is the huge difference in the IP ranges:
    (A)ip address 10.1.146.1 / 255.255.128.0
    vs.
    (B)ip address 30.1.180.1 / 255.255.255.0​
    If (B) 30.*.*.* were at least the same as (A) 10.*.*.*, then you would have some
    hope of routing into a Class A address of 10.a.b.c / 255.0.0.0

    The 30.* addresses are public and the 10.* are non-routable LAN addresses and
    typically we allow LAN access to the Public resources but not the other way around.

    Using two routers
    Code:
    modem--fw--router#1--(a)subnet ---public(30.*)
                  |
                 fw#2
                  |
                router#2 --(b)subset---lan(10.*)
    
    Let router#2 have its own DHCP service and create the 10.x.y.z subnet (call it (B).
    Requests from any (B) node will find all (A) devices, but (A) devices and the public
    internet can not get to (B) devices.
    Any infrastructure servers in the (B) subnet will need static addresses, not DHCP supplied.
     
  5. sgilmour

    sgilmour TS Rookie Topic Starter

    Basically you are saying since I have a different subnet that DHCP won't work unless I change the 30 subnet to 255.255.128.0 address.
    Couldn't I add a route to make it work as I currently have it setup?
    I am just waying my options since even when I had an internal DHCP Server I was having issues getting PEAP and TLS authentication to work using the 10.1.0.18 Server with Active Directory and Certificates working.
    Thanks for all your replies.
    Scott
     
  6. jobeard

    jobeard TS Ambassador Posts: 9,322   +619

    the change would need to be in the HIGH end and that becomes so broad that
    far too much traffic would flow on your network.

    basically 30.x.y.z is incompatible with 10.x.y.z for good reasons
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...