Troubleshooting NAT

Most NAT problems deal with the inability of the NAT to translate packets. Other problems are related to address allocation and name resolution.

The network address translation computer is not properly translating packets

  • Verify that the interface on the Windows 2000 Router that connects to the Internet is added to the Network Address Translation (NAT) routing protocol.

  • Verify that the Public interface connected to the Internet option on the General tab on the properties page of the Internet interface is selected.

  • Verify that the Private interface connected to private network option on the General tab on the properties page of the private network interface is selected.

  • If you only have a single public IP address, verify that the Translate TCP/UDP headers option on the General tab on the properties page of the Internet interface is selected.

  • If you have multiple public IP addresses, verify that they are typed correctly in text boxes provided on the Address Pool tab on the properties page of the Internet interface. If your address pool includes an IP address that was not allocated to you by your ISP, inbound Internet traffic that is mapped to that IP address is routed by the ISP to another location.

  • If you have some applications that do not seem to work through the NAT, try running them from the NAT computer. If they work from the NAT computer and not from a computer on the private network, the payload of the application might not be translatable. Check the protocol being used by the application against the list of supported NAT editors. If needed, contact the vendor of the application for information about how their application works in translated environments.

  • Verify that IP packet filtering on the private network and Internet interfaces is not preventing the receiving (through input filters) or sending (through output filters) of Internet-based traffic.

  • Verify that TCP/IP filtering on the private network and Internet interfaces is not preventing the receiving of traffic.

  • For special ports, verify the configuration of the public address and port and the private address and port.

Private network hosts are not receiving IP address configuration

  • Verify that the DHCP allocator is enabled from the Address Assignment tab of the properties of the Network Address Translation (NAT) routing protocol.

Name resolution for private network hosts is not working

  • Verify that the DNS proxy is enabled from the Address Assignment tab of the properties of the Network Address Translation (NAT) routing protocol.

  • Verify the name resolution configuration of the network address translation computer by using the ipconfig command. There are two ways that you can configure name resolution when dialing an ISP:

    • Statically assigned name servers

    You must manually configure the TCP/IP protocol with the IP address (or addresses) of the name servers provided by the ISP. If you have statically assigned name servers, you can use the ipconfig command at any time to get the IP addresses of your configured name servers.

    • Dynamically assigned name servers

    Manual configuration is not required. The IP addresses of the name servers provided by the ISP are dynamically assigned whenever you dial the ISP. If you have dynamically assigned name servers, you must run the ipconfig command after a connection to the ISP has been made.