Go Back   AnandTech Forums > Hardware and Technology > Networking

Forums
· Hardware and Technology
· CPUs and Overclocking
· Motherboards
· Video Cards and Graphics
· Memory and Storage
· Power Supplies
· Cases & Cooling
· SFF, Notebooks, Pre-Built/Barebones PCs
· Networking
· Peripherals
· General Hardware
· Highly Technical
· Computer Help
· Home Theater PCs
· Consumer Electronics
· Digital and Video Cameras
· Mobile Devices & Gadgets
· Audio/Video & Home Theater
· Software
· Software for Windows
· All Things Apple
· *nix Software
· Operating Systems
· Programming
· PC Gaming
· Console Gaming
· Distributed Computing
· Security
· Social
· Off Topic
· Politics and News
· Discussion Club
· Love and Relationships
· The Garage
· Health and Fitness
· Merchandise and Shopping
· For Sale/Trade
· Hot Deals with Free Stuff/Contests
· Black Friday 2014
· Forum Issues
· Technical Forum Issues
· Personal Forum Issues
· Suggestion Box
· Moderator Resources
· Moderator Discussions
   

Reply
 
Thread Tools
Old 11-08-2012, 04:00 PM   #1
Booshanky
Member
 
Join Date: Dec 2001
Posts: 124
Default Huge headache with AD, DNS, DHCP, Server 2003

I know the title isn't very telling, but that's how vague and weird this little group of problems is.

Here's the layout of the network.

We have three public IP's from our ISP that are routed through an older sonicwall router using one-to-one NAT. We'll call them .241 .242 and .243. The way it's currently set up, on the WAN settings of the Router, it has .241 listed as the "WAN Gateway (Router) address", and .242 as the "SonicWall WAN IP (NAT Public) Address". Under "one-to-one NAT", it has .243 pointed to the local server here, at 192.168.10.3. The server functions as the local DNS server and DHCP server.

Now, for some STRANGE reason, it hands out IP addresses no problem and everything works awesomely up until we get past 192.168.10.50. Once IP addresses start getting assigned higher than that, they just refuse to connect to the internet. All of the IP info is coming correct,

IP 192.168.10.52
SUBNET 255.255.255.0
GATEWAY 192.168.10.1

DNS 192.168.10.3

But it just goes nowhere. I have DHCP set up to assign IP's all the way up to .75 so that's good. I just have no idea where this could be locking up as I don't use windows servers as DHCP servers very often. Someone set this up a LONG time ago.


Any clue what the problem might be? I'm tearing my hair out here.
__________________
Meh...
Booshanky is offline   Reply With Quote
Old 11-08-2012, 04:27 PM   #2
imagoon
Diamond Member
 
imagoon's Avatar
 
Join Date: Feb 2003
Location: Chicagoland, IL
Posts: 4,787
Default

Some Sonicwalls are licensed per node. Do you have access to the licensing page? It is also possible the NAT rules only allow 192.168.10.1-50 which means anything above that would not have a NAT rule to transverse.
imagoon is online now   Reply With Quote
Old 11-08-2012, 05:07 PM   #3
drebo
Diamond Member
 
Join Date: Feb 2006
Posts: 6,601
Default

Get rid of the SonicWall, fire the "tech" or "IT guy" that suggested it and get a real firewall.

Cisco 891 or Juniper SRX100 would be a good start.
__________________
"All men are not created equal, and if you believe they are, there's something seriously wrong with you. Some men are destined for greatness. Most aren't. End of story." - Jose Canseco
drebo is online now   Reply With Quote
Old 11-09-2012, 10:56 AM   #4
Booshanky
Member
 
Join Date: Dec 2001
Posts: 124
Default

Ahhhh, THAT could be it! So one of those routers does one-to-one NAT or whatever they call it?

It's just a really old setup.
__________________
Meh...
Booshanky is offline   Reply With Quote
Old 11-09-2012, 12:04 PM   #5
imagoon
Diamond Member
 
imagoon's Avatar
 
Join Date: Feb 2003
Location: Chicagoland, IL
Posts: 4,787
Default

Nearly all Enterprise firewalls do 1:1 NAT. My question is... why do you need 1:1 NAT. The description in the OP shows no good reason for it. You should also be looking at your NAT pool. Most workstations will run in 1:Many and it is very possible that the "many" pool for your environment is ".243" : 192.168.10.1 - .50 so there is no rule available for .51+
imagoon is online now   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 12:30 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.