YWCAofA Posted January 6, 2009 Posted January 6, 2009 I have Windows Server 2008 Routing and Remote Access set up as a NAT server. Clients drop occasional packets, and the server gives Destination Host Unreachable when I ping. I believe I have narrowed this problem down to the routing tables. It seems as though some old configurations are stuck in the Persistent Routes, and causing packet loss. I have restarted the server, but the persistent routes are still listed. My network is configured like this: Public IP T1 10.8.1.1 | 10.8.1.2 Adtran TA600 Router 172.16.1.254 | 172.16.1.1 Windows Server 2008 192.168.1.2 | 192.168.1.x Clients This is what happens when I ping from the server: ping google.com -n 10 Pinging google.com [209.85.171.100] with 32 bytes of data: Reply from 192.168.1.2: Destination host unreachable. Reply from 209.85.171.100: bytes=32time=94msTTL=244 Reply from 209.85.171.100: bytes=32time=93msTTL=244 Reply from 209.85.171.100: bytes=32time=94msTTL=244 Reply from 209.85.171.100: bytes=32time=94msTTL=244 Reply from 209.85.171.100: bytes=32time=94msTTL=244 Reply from 209.85.171.100: bytes=32time=94msTTL=244 Reply from 209.85.171.100: bytes=32time=94msTTL=244 Reply from 209.85.171.100: bytes=32time=94msTTL=244 Reply from 209.85.171.100: bytes=32time=95msTTL=244 Ping statistics for 209.85.171.100: Packets: Sent = 10, Received = 10, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 93ms, Maximum = 95ms, Average = 94ms Notice the first reply, "Reply from 192.168.1.2: Destination host unreachable." It looks like instead of using the external IP address to find google, it's trying the internal IP address. Quote
YWCAofA Posted January 6, 2009 Author Posted January 6, 2009 Here is my Route Print from the server [font=Courier New]route print =========================================================================== Interface List 11 ...00 1f e2 61 95 ff ...... Broadcom NetLink (TM) Gigabit Ethernet 10 ...00 40 05 02 ed e1 ...... D-Link DFE-530TX+ PCI Adapter 1 ........................... Software Loopback Interface 1 12 ...00 00 00 00 00 00 00 e0 isatap.{E17568D3-BAEE-444C-98AC-798EF78BFA0C} 14 ...00 00 00 00 00 00 00 e0 isatap.{DC503EBC-8BAE-4D1A-93CE-02C2958A5483} =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 On-link 192.168.1.2 276 0.0.0.0 0.0.0.0 172.16.1.254 172.16.1.1 276 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 172.16.1.0 255.255.255.0 On-link 172.16.1.1 276 172.16.1.1 255.255.255.255 On-link 172.16.1.1 276 172.16.1.255 255.255.255.255 On-link 172.16.1.1 276 192.168.1.0 255.255.255.0 On-link 192.168.1.2 276 192.168.1.2 255.255.255.255 On-link 192.168.1.2 276 192.168.1.255 255.255.255.255 On-link 192.168.1.2 276 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 172.16.1.1 276 224.0.0.0 240.0.0.0 On-link 192.168.1.2 276 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 172.16.1.1 276 255.255.255.255 255.255.255.255 On-link 192.168.1.2 276 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 192.168.1.2 Default 0.0.0.0 0.0.0.0 172.16.1.254 Default 0.0.0.0 0.0.0.0 172.16.1.254 Default =========================================================================== [/font] Notice the Persistent Routes, the first entry is the internal IP address, for some reason it shows my external IP twice. 192.168.1.2 Should never actually be a gateway for the server, but only for the clients. the server IP configuration is as follows: ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : SERVERNAME Primary Dns Suffix . . . . . . . : domain.mydomain.org Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : Yes WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : domain.mydomain.org mydomain.org Ethernet adapter Local Area Connection 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetLink Gigabit Ethernet Physical Address. . . . . . . . . : 00-1F-E2-61-95-FF DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::4120:ec84:fb19:9837%11(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 0.0.0.0 DNS Servers . . . . . . . . . . . : 127.0.0.1 NetBIOS over Tcpip. . . . . . . . : Disabled Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : D-Link DFE-530TX+ PCI Adapter Physical Address. . . . . . . . . : 00-40-05-02-ED-E1 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::28d2:8730:ae1d:796d%10(Preferred) IPv4 Address. . . . . . . . . . . : 172.16.1.1(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 172.16.1.254 DNS Servers . . . . . . . . . . . : 127.0.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Local Area Connection* 8: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{E17568D3-BAEE-444C-98AC-798EF78BF A0C} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.2%12(Preferred) Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 127.0.0.1 NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter Local Area Connection* 9: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{DC503EBC-8BAE-4D1A-93CE-02C2958A5 483} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::5efe:172.16.1.1%14(Preferred) Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 127.0.0.1 NetBIOS over Tcpip. . . . . . . . : Disabled Its been quite the headache, but I believe that I've got it narrowed down. I just can't figure out how to fix it. Quote
FPCH Admin AWS Posted January 6, 2009 FPCH Admin Posted January 6, 2009 Looks to me like your gateway is configured to filter ICMP requests. Most do that by default to make them invisible to the world. Check your router configuration. Quote Off Topic Forum - Unlike the Rest
YWCAofA Posted January 6, 2009 Author Posted January 6, 2009 Sorry about this, but are you saying to check the RRAS router config, or the Adtran router before the server? Or should both of them allow ICMP requests? I'm not real sure what you are suggesting I do. Quote
FPCH Admin AWS Posted January 6, 2009 FPCH Admin Posted January 6, 2009 Both should pass through ICMP packets. If they don't you'll get the ping results you are showing. Quote Off Topic Forum - Unlike the Rest
YWCAofA Posted January 6, 2009 Author Posted January 6, 2009 Currently the RRAS server is set to receive all packets. This was the default setting, and I have not changed anything. The adtran total access router was configured with our previous server, and passed the necessary packets, and did not give any errors like this, so I assume the problem is on my new server. But, I can't seem to find the setting on the adtran router for packet filtering. I doubt I need to adjust it, though. While I was trying to find the setting on the server to allow ICMP I disabled it by accident, and no ping replies came through at all. But as soon as I enabled it, just the first reply timed out, and the rest made it just fine. can you think of any screen shots, or information I could provide that would clarify the problem? Quote
YWCAofA Posted January 7, 2009 Author Posted January 7, 2009 I really think the problem is here, as 192.168.1.2 should not be the gateway for the server at all, and is not set to the gateway in the IP config. this should only be the gateway on the clients. Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 192.168.1.2 Default Quote
YWCAofA Posted January 14, 2009 Author Posted January 14, 2009 I have still not found a solution for this problem. Does anyone have any additional suggestions? Quote
Recommended Posts