▷ How to install routing service on windows server 2016

We continue with our Windows Server tutorials, seeing in this case how to install Windows Server 2016 routing service. This procedure is complementary to the configuration of the DHCP role for our server, since, thanks to this, we can provide Internet connection to the computers connected to an internal LAN network.

Index of contents

The normal operation in the LAN networks of companies and educational centers is precisely this, to connect a server with direct access to the Internet by means of a dedicated network card in this regard, and on the other hand, to connect the LAN network of the workplace. This is why today we will see how to make the bridge with our Windows Server 2016 server to provide NAT services to our LAN and that it can access the Internet through it.

What is a NAT Service

Before starting we must know some concepts quickly to better understand what we intend to do. Carrying out a procedure understanding what we are really doing will provide us with knowledge to solve possible errors that may occur in the future.

NAT or Network Address Translation, in Spanish translation of network addresses, consists of a procedure in which a device, usually a router or a server with the IP protocol, is capable of exchanging data packets between two networks with different IP addresses or incompatible with each other.

The procedure is that a DHCP server assigns IP addresses to the clients that are connected to it within a network, in a normal situation our DHCP server will be our own router. Thanks to it, when we connect a computer via Wi-Fi or Ethernet to it, it will provide us with an IP address of a certain range, normally it will be 192.168.0.xxx or similar. Each router has in its firmware assigned this range of IP addresses that, in any case, we can configure ourselves by accessing its configuration.

Well, once our DHCP server (router) gives us an IP, so that we can communicate with it, it, in turn, has an IP address that it has obtained from the network of networks, the Internet, which will be totally different from ours internal. Then, on the other hand, there will be another server in charge of distributing these IP addresses throughout the internet to routers, servers and everything that is connected to it.

The point is then to connect our IP with the external IP of the router. For this, a router must have enabled the network address translation (NAT) procedure through which it is responsible for passing packets from our internal IP to its external IP, so that they continue their journey to the destination. The same will happen when an external node provides us with information that we have requested, the NAT service is in charge of translating its external IP address into our internal IP, and makes these reach us.

So why do we want a NAT server if we have a router?

Well, very simple, imagine that behind a router there were 1000 computers connected in a network by switch equipment that would be in charge of distributing the connection. Nobody in their right mind would connect the last of the switches to the router to take the LAN network abroad, mainly because a simple router does not have enough means to route the packets of 1000 computers working at the same time.

Another reason is because by installing a server located between the LAN and the Internet (WAN) we can install, for example, Active Directory Domain services, our own DHCP server, or a firewall that will allow us to have much greater protection from Internet attacks that if we connected with a simple router.

In short, we are going to place a Windows Server 2016 computer between our internal network and the Internet to act as a "router" between the two networks. Of course, the server will also be connected in turn with our normal and current router.

Connection scheme approach

To perform this procedure, we have used a virtualized server through VirtualBox with two virtual network cards. One of them is used in bridge mode to connect the server to the Internet, and the other in Internal network mode to simulate a LAN network where computers connect to the server to obtain IP addresses through a DHCP role previously installed on the server.

Visit this tutorial, to install a DHCP server in Windows Server 2016

In any case, virtual machines mounted on VirtualBox will only be able to access the Internet if the server is the one that provides the routing services. And it is precisely what we will test here.

The situation that we would be in would be clients connected to the server with a DHCP role that provides IPs but it is not possible to connect to the Internet. So let's start.

Install Routing Service in Windows Server 2016

We are going to proceed to install the routing service in Windows Server 2016.

As always, we are going to open the Server Manager and we are going to click on the “ Manage ” option. Here we will choose " Add roles and characteristics ".

We start with a wizard similar to the other roles. We leave the preset option of “ Installation based on characteristics or roles ”. Click next.

In the next window of interest, we will have to select the server to which we want to install the role. As we only have one, because the step will be a truism.

The next thing we will have to do is select the “ Remote access ” option from the list of features. If we look at the right side, a lot of information about this functionality appears. What we are not interested in is precisely the routing function with NAT, to take our computers from the domain to the Internet.

In the new role service selection window, we will have to select the " Routing " window. Automatically we will open a window where we are shown a list of all the functions that will be installed when selecting this option.

We will also notice that the first option will automatically be selected. This is because, when installing routing, we will also need added functions in case we ever want to configure a VPN network on our server. Therefore, we leave these two boxes marked, in principle the proxy does not interest us.

Next, we go through another of the feature selection windows where we will not have to touch anything, since the interesting function was in the previous one.

Finally we will be located on the installation summary window. We will be able to select the “ Automatically restart the destination server ” box. Although we already warn that we will not have the need to restart, a strange thing being Windows.

Then click on " Install ".

When the procedure ends, we will have the option " Open the introduction wizard ". We will click there.

Yes, we will close it directly because we want to do none of the three things that appear here. Although we see that, through this, we can implement for example a VPN server.

Routing role configuration

Now it's time to set the configuration of our routing so that the server redirects the packets of our client equipment to the network card that is connected to the Internet.

To do this, click on " Tools " in the Server Manager. We must choose " Routing and remote access"

In the administration window, we will see that a red icon appears in the status tree, a symbol that we still need to do the correct configuration.

Then we right click on the server name, and choose the option “ Configure and enable Routing and remote access ”.

In the first configuration screen we will have to select “ Network Address Translation (NAT) ”.

We could also select the option of “ Access to virtual private network (VPN) and NAT ”, which combines the previous option with the possibility of creating VPNs with access from abroad. Each one you select the one you want, we have chosen, for now, the first one.

In the next window it is possible that when we go to it, absolutely nothing will appear in the text box. This is due to a fairly common error that occurs on Windows Server in the first configuration of this role.

In case we do not see the network cards placed in the text box, we will exit the wizard and start the configuration again.

When the corresponding information appears, we will have to select the network card with Internet access. If we have doubts, in case we don't have a name like us, we will go to the configuration of the adapters using the command " ncpa.cpl " and we will verify which is the network card with the Internet connection.

We will identify it because it has as a gateway the IP address of the router, or the device that is in charge of taking the connection to the outside, for example, a firewall.

Well, with this we will have configured our routing server. We will see that a tree has been generated with different sections for IPv4 and IPv6, and we will see the list of network adapters and other data.

Check that we can access the Internet

Now what remains to be checked is if we can access the Internet with the client. It is assumed that, at this point, all of us will have the client's network card configured in VirtualBox as " internal ". It is also assumed that we will have the configuration of IP allocation in dynamic mode and that the DHCP server has correctly assigned an IP to the client.

If we start the machine, virtual or physical with similar characteristics, we will see that the system immediately indicates that we already have access to the Internet.

We are going to open the web browser to try to access a page. We check that we can effectively access the Internet and we also see that the DNS role works correctly and resolves the domains in their respective IP addresses

As with the DHCP server, we will not need to be connected to a domain, nor to have it configured in a client to be able to connect through a server with DHCP, DNS and routing service. We will only need to be connected to a LAN network connected to the corresponding network card of the server.

This is all for now, about installing the routing role in Windows Server 2016.

If you have skipped any of our tutorials to complete the Active Directory pack:

We hope that you have been able to correctly configure your routing role. If you have any problems please let us know. We will be back with more.