Windows 10 as a router: NAT incoming NIC 1 traffic out via NIC 2

Question

I have a Windows 10 LTSB PC that I am trying to treat as a server (Running IIS and SQL) and a router, but the router side is giving me issues.
I have 1 Ethernet based NIC (192.168.1.180 no gateway) and 1 cell modem based NIC (100.100.7.31 gateway: 100.100.7.1).
My goal is to route all 100.100.X.X (255.255.0.0) to the cell modem so my device(s) connected to the ethernet NIC can communicate with the 100.100.X.X devices.

I currently get ping time out errors when pinging 100.100.X.X from my ethernet device, but I can ping the ethernet and modem NICs. In addition, my server can ping the 100.100.X.X devices and it can ping my ethernet devices, so it is only "ethernet -> server -> 100.100.X.X device" that doesn't work. My routing table is as follows:

===========================================================================
Interface List
 14...b4 9d 9f 5a 5f 48 ......Generic Mobile Broadband Adapter
 16...74 fe 48 21 b0 52 ......Realtek PCIe GBE Family Controller
  2...00 0b ab d8 69 90 ......Intel(R) I210 Gigabit Network Connection
  1...........................Software Loopback Interface 1
  9...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
  7...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      100.100.7.1     100.100.7.31      2
      100.100.7.0  255.255.255.192         On-link      100.100.7.31    257
     100.100.7.31  255.255.255.255         On-link      100.100.7.31    257
     100.100.7.63  255.255.255.255         On-link      100.100.7.31    257
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link     192.168.1.180     11
    192.168.1.255  255.255.255.255         On-link     192.168.1.180    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.1.180    266
        224.0.0.0        240.0.0.0         On-link      100.100.7.31    257
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.1.180    266
  255.255.255.255  255.255.255.255         On-link      100.100.7.31    257
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      100.100.7.1       1
===========================================================================

From my understanding, when I ping 100.100.X.X from my ethernet connected device, the server will not find a specific route for it, so it will use the default route of 0.0.0.0 and send the traffic to 100.100.7.1.
However, when I ping from my ethernet device, I do not get any replies. What am I doing wrong?

UPDATED THOUGHT AS A TYPED THIS:
Is this the flaw in my logic?: The server will route ALL 100.100.X.X traffic to the cell modem, including replies from 100.100.X.X devices, which causes a loop?
I send a ping to a 100.100.X.X device from my ethernet device, then the server routes the ping to 100.100.7.1, then gets a reply from 100.100.X.X, then routes that reply back through the 100.100.X.X route to 100.100.7.1 resulting in an infinite loop, causing the timeout (Explains why I don't receive net/host not found errors)

Other info:

The server has IP Routing (via regedit) turned on, and is reported as: IP Routing Enabled. . . . . . . . : Yes via ipconfig /all.
My ethernet device can successfully ping the cell adapter and ethernet adapter on the server (100.100.7.31 and 192.168.1.180 respectively)
My ethernet device does not receive any 'host not found' or 'net not found' errors when pinging

Pathping result when pinging a 100.100.X.X device from my ethernet device:

C:\>pathping 100.100.X.X

Tracing route to 100.100.X.X over a maximum of 30 hops

  0  DESKTOP-BFB4MID [192.168.1.5]
  1  DESKTOP-UGFIN0H [192.168.1.180]
  2     *        *        *
Computing statistics for 25 seconds...

            Source to Here   This Node/Link
Hop  RTT    Lost/Sent = Pct  Lost/Sent = Pct  Address
  0                                           DESKTOP-BFB4MID [192.168.1.5]
                                0/ 100 =  0%   |
  1    0ms     0/ 100 =  0%     0/ 100 =  0%  DESKTOP-UGFIN0H [192.168.1.180]

Trace complete.

I truly hope you mean `10.10.7.x` or `10.100.7.x`. Then, your netmask is `255.255.255.192` so your goal shouldn't be to route all `255.255.0.0` - that simply wouldn't work with your current network configuration. — Esa Jokinen, Oct 05 '17 at 16:32
@EsaJokinen Let me say, I am very new to networking, so I don't see what the issue is. Why wouldn't the current setup work? Lets say I wanted to ping 100.100.14.30, would the routing table as-is handle that? If not why? (I'm at the point that I'm grasping to understand tid-bits of info, so some clarity on the flaw of my scenario would really help me out) — heyufool1, Oct 05 '17 at 16:59
Windows 10 is never meant to work as a router, get a Layer 3 switch or a Windows Server with RRAS installed, or even a Linux Distro, pfSense comes to mind. — Noor Khaldi, Oct 05 '17 at 17:39
My goal is to avoid using a 2nd piece of hardware (My setup is for a specialized purpose, so one of the goals is reducing the necessary amount of hardware [which also reduces space use and cost]). Worst case scenario, I'm going to look into running pfSense that you mentioned on the windows machine via hyper-v (All which is new to me, so I'd like to avoid the overhead of learning/setting all that up) — heyufool1, Oct 05 '17 at 18:52

Ben Personick · Answer 1 · 2017-10-05T20:36:11.820

1

Follow these steps:

Plug laptop to Server on 192.168.1.x/24 network, Server IP .180 Laptop .5
Open the RRAS MMC (Start, control panel, admin tools, Routing and Remote Access)
Expand IPv4, right-click General, and then click New Routing Protocol.
In Routing protocols, click NAT, and then click OK.
Right-click NAT, and then click New Interface.
Select the interface that connects to the public Internet (Cell Modem 100.100.7.31), and then click OK.
Select both Public interface connected to the Internet and Enable NAT on this interface, and then click OK.
Restart the RRAS Service.

This should allow you to communicate as expected.

:)

I think this is an issue of not understanding some basic networking constraints.

I believe you are saying you have.

An internal network that is 100.100.x.x

--- Are these devices local and on a switch?  are you using any vlans?

A Cell Modem which is on the network 100.100.7.1
```
--- Plugged into a Switch?
```

A NIC on the server assigned IP 100.100.7.31

--- Plugged into the same switch and VLAN?

Another local network of 192.168.1.180

--- Guessing this is a LAN behind your router at home

I suspect you are just assigning servers IPs in the 100.100.x.x range without actually owning that address space (It is a public address space, not a private range, and must be purchased)

I also suspect that you assigned them all on a Layer 2 switch and subnetted down your cell modem to be the actual rage you have purchased from the provider.

So, I believe what you are intending to do is something like this:

Ditch the 100.100.x.x network and use say a 10.10.x.x/16 network for your servers

--- (Unless they are live on the internet on those 100.100.x.x/16 IP addresses and you want to reach them through the internet)

Setup a VLAN on the switch for each of the networks you want to route through the Windows 10 host.

--- IE the 100.100.7.x/26 network to the Cell modem, the 10.10.x.x/16 Network for the servers, and the 192.168.1/24 network for your VMs.

On the Windows 10 NIC create VLAN interfaces for each of these Networks.
In the RRAS Setup on your Windows 10 System configure it to use these vlan interfaces with appropriate network settings
Your default W on your Windows 10 system remains the same.
Your servers and other equipment on your 10.10.x.x/16 and 192.168.1.x/24 networks either change to the local IP of your Windows 10 machine on each of these networks or have a route added to them to reach appropriate networks through that path.
Your Cell modem is added a route to the 10.10.x.x/16 network and the 192.168.1.x/24 the network through the Ip of the windows 10 host on that network.

Clear?

edited Oct 05 '17 at 20:36

answered Oct 05 '17 at 17:50

Ben Personick

119
6

PS, I can't comment in the above thread but Windows 10 includes Routing and Remote access and can be used as a router when that role is enabled. I am assuming he's done this. – Ben Personick Oct 05 '17 at 17:53
Also, I would message you directly to straighten this all out if preferable, I'm not sure if ServerFault is open to these sort of open-ended questions but I generally handle them for fun on another site (don't know if Server fault is open to me posting a link to another site of similar intention so I will not for now) – Ben Personick Oct 05 '17 at 17:56
Thanks for the response! I have a single PC with a cell modem attached via mPCIe, and I have a device (my laptop) directly connected to the PC's ethernet port 1. The 100.100.X.X is a private cell based network. No vlans, no switch. 2. No switches/routers/anything, just a single PC with an embedded modem and my 2nd ethernet based device (my laptop) 3. The modem's IP is 100.100.7.31 with a gateway of 100.100.7.1 4. The ethernet NIC is assigned 192.168.1.180 and my laptop is assigned 192.168.1.5 with its default gateway set to 192.168.1.180 – heyufool1 Oct 05 '17 at 18:17
1) How do you have your RRAS configured? You'll need to make sure there is an interface on the 100.100.7.31IP and one on the 192.168.1.5 network. – Ben Personick Oct 05 '17 at 18:29
2) a device (my laptop) directly connected to the PC's ethernet port --- With a cross-over cable? Can you ping 192.168.1.180 from the Laptop (192.168.1.5) – Ben Personick Oct 05 '17 at 18:30
1. I'm not familiar with RRAS other than the service being turned on. In window's network connections there is 1 interface for the modem (100.100.7.31) and 1 interface for the ethernet port (192.168.1.180) 2. It is connected directly via a standard ethernet cable. I can ping the server's ethernet interface (192.168.1.180) and I ping its cell adapter (100.100.7.31) from my laptop. But I can not ping any devices on the 100.100.x.x/16 network that the cell modem is on – heyufool1 Oct 05 '17 at 18:39
You would need to setup RRAS or "Windows Internet Connection Sharing" (If that is still a thing) in order to route through the servers correctly. Since it's pinging the cell modem, perhaps the default is 'good enough' not certain. – Ben Personick Oct 05 '17 at 19:41
1st off can you ping these 100.100.x.x systems from the PC? – Ben Personick Oct 05 '17 at 19:42
Yeah, the server can ping everything (local adapters, ethernet connected laptop, and 100.100.x.x based devices). To ease my mind on how routing works, I connected a Raspberry Pi as 192.168.2.5, added a route (route add 192.168.2.0 mask 255.255.255.0 192.168.2.180) to send 192.168.2.x traffic to the ethernet adapter at 192.168.2.180, and could successfully ping from my laptop at 192.168.1.5. Point of that is: routing is working, and it is working how I expected it to. I now have a feeling my problem is related to my cell modem itself. Going to test a different external modem tomorrow.. – heyufool1 Oct 05 '17 at 20:11
no need for the raspberry pit you already proved windows was routing, but I wanted to confirm the PC was getting through the Modem. So Next steps are the same regardless. The issue is that your 100.100.x.x servers don't know anything about this 192.168.1.x/24 network, even if they did those IPs can't route through the internet and would be discarded by the up-steam routers. – Ben Personick Oct 05 '17 at 20:19
SO either you need to work with the ISP to allow these servers to talk to your 192.168.1.180 network (no they are about 0% chance of doing that it's a rhetorical option) OR you need to configure your RRAS Server to NAt the traffic to the 100.100.7.31 address of he server (Or configure the Raspberry Pie to NAT the Traffic - whichever you feel more comfortable working with, both will work equally well.) – Ben Personick Oct 05 '17 at 20:23
I think I see what you're getting at, but why would the 100.100.x.x server care about the 192.168.1.x/24 network? Since the 100.100.x.x traffic got routed through the 100.100.7.31 modem, then wouldn't the 100.100.x.x server respond to the 100.100.7.31 IP, which is visible to it? (The 100.100.x.x can ping 100.100.7.31) – heyufool1 Oct 05 '17 at 20:27
Yes, if it had the 100.100.7.32. Routers Route. an IP packet contains your original IP, so unless you fall through a NAt along your way the end-point server gets the original IP address. That's what the whole thing boils down to, but it was completely unclear in the initial question, thanks for working through the Q&As with me that cleared it up. – Ben Personick Oct 05 '17 at 20:32
I updated the answer to have steps for configuring NAT on an RRAS setup at the top of the original Q&A. – Ben Personick Oct 05 '17 at 20:32
Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/66678/discussion-between-ben-personick-and-heyufool1). – Ben Personick Oct 05 '17 at 20:36
@BenPersonick I'm not sure how to do this chat thing, but I have a question here. https://chat.stackexchange.com/rooms/86691/room-for-n73k-and-ben-personick – N73k Dec 06 '18 at 04:09

Windows 10 as a router: NAT incoming NIC 1 traffic out via NIC 2

1 Answers1