In this article I’ll be setting up Windows Server 2016 as a NAT router to route traffic between my virtual lab LAN and the internet. Please note that this article was written in context with the configuration used in my virtual lab. You’ll have to adapt it to your network setup. Also, you will need to have a DHCP server to provide IP addresses to your client computers and a DNS server so that your client computers are able to resolve names. As a quick-ref, my LAB environment is as below:
|If you’d like to add another subnet to your router and have NAT working for both of them, please read LAN Routing and NAT with Windows Server 2016|
|If you’d like to read how to setup IPFire, a very simple to install Linux router and firewall, with a more generic configuration that will achieve the same goal, click here.|
If you’d like to continue following this article, you can read on how to install Windows Server 2016 and, after installing, read how to rename the server so that you can identify its primary role by its name. I called mine SRVGW01 (GW=Gateway).
The server must have two NICs, one configured for the internal network (LAN) and another one configured to access the internet. I’ll call it WAN.
The first thing I’ll do is to rename the network interfaces to better identify them.
Configuring the NICs
Choose “Network & Internet”
And choose “Change adapter options”
From the “Network Connections” window, it is pretty easy to spot what is the LAN connection (Unidentified network) and the WAN connection (bellow identified as Network). Let’s rename them. Select the connection to rename and press the “Rename this connection” button. Rename them accordingly.
It should look like this:
The LAN adapter needs to be configured with a static address, while the WAN adapter should be set to DHCP. The address configured on the LAN adapter is the address the client computers will use as their gateway. Right-click on the LAN adapter and select “Properties”.
Highlight “Internet Protocol Version 4 (TCP/IPv4)” and select “Properties”.
Setup the IP address settings to match your network configuration and press OK. Note that you need to have a DNS server setup on the network. It can the same server where this role is being installed.
Adding the “Remote Access” server role
Now it’s time to install the “Remote Access” server role. Open Server Manager and select “Add roles and features”.
Press “Next” until you reach the screen below. Select the “Remote Access” role and press “Next”.
Press “Next” at the following screen.
Press “Next” and then select “Routing”, as shown below:
Click on “Add Features”.
Go till the end of the wizard by pressing “Next”. Press “Install” at the confirmation screen.
Configuring the “NAT router”
Wait for the installation to finish and open the “Routing and Remote Access” console. Press “Start” and under “Windows Administrative Tools” find “Routing and Remote Access”.
Right-click on the server name and select “Configure and Enable Routing and Remote Access”.
Press “Next” at the wizard welcome screen. Choose “Network address translation (NAT)” and press “Next”.
Select the WAN adapter and press “Next”.
Press “Finish”, wait for the configuration to finish and verify that the NAT router is working properly. Expand the IPv4 node, select “NAT” and you should see that packets have been translated.
As always, if you found this article useful, share it with your friends.
If you have any question or suggestion, leave your comment.
Thank you for reading!