question

JohnHull-8913 avatar image
0 Votes"
JohnHull-8913 asked ·

Windows Server 2019 NAT

I want to use Windows Server 2019 as a NAT device. The application works with Linux, but the software I want to run seems to need Windows to work in my setting. I've done everything to set up Routing and Remote Access up to receiving inbound packets but them being rejected from a device on the network. Trouble shooting steps so far: 1. Inbound packet filtering - removed all, then added filter to allow only desired traffic. 2. Firewall - on or off, doesn't seem to matter. 3. Registry Editor - Set enable IP router = 1. Any thoughts on what to try next? Thanks, image of state included. ![73339-whatisdeal.png][1] [1]: /answers/storage/attachments/73339-whatisdeal.png

windows-server-2019
whatisdeal.png (53.3 KiB)
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CandyLuo-MSFT avatar image
0 Votes"
CandyLuo-MSFT answered ·

Hi ,

If you want to deploy NAT on windows server, the server must have two NICs, one configured for the internal network (LAN) and another one configured to access the internet.

If NAT router is working properly, then you will see that packets have been translated as below:

73649-image.png

For how to setup Windows Server as a NAT, you can refer to the following article:

Setup Windows Server 2016 as a NAT Router

Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

Best Regards,

Candy


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.





image.png (27.2 KiB)
· 2 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you @CandyLuo-MSFT, I eventually got to that point and the extra "network card" was indeed the trick. To add to the solution posted (in case anyone else comes across this), in a cloud (AWS) setting I attached an additional Network Interface to the VM instance and directed traffic from the subnet I wanted to route with the NAT to the network interface instead of the VM instance. Then, going through the documented steps of setting up the NAT with RRAS worked as expected. Thanks again for your help!

Because I'm always trying to learn, if anyone wants to comment on why two network interfaces are necessary in the WIndows setting as opposed to the Linux setting where no extra interface is needed, I'd be interested to hear.

0 Votes 0 ·

You are welcome. Have a nice day!:)

0 Votes 0 ·
JohnHull-8913 avatar image
0 Votes"
JohnHull-8913 answered ·

I am adding this link as the "why" you need 2 NICs in Windows and not in Linux. Short answer, Windows uses the Strong Host Model, and Linux uses the Weak Host Model. For more details:

https://www.cainetworks.com/support/training/strong-weak-host-oop.html#:~:text=With%20strong%20host%20receive%20model,the%20computer%20will%20receive%20it.

https://help.fortinet.com/fadc/4-1-1/html-e/Content/ServerCx/Weak_and_Strong_Host_Mod.htm

· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Nice sharing~

0 Votes 0 ·