Windows Tips & Tricks UPDATE, August 11, 2003, —brought to you by the Windows & .NET Magazine Network and the Windows 2000 FAQ site
This Issue Sponsored By
Windows Scripting Solutions
- Q. What's Network Address Translation (NAT)?
- Q. What types of Network Address Translation (NAT) exist?
- Q. What's the IPSec/L2TP NAT-T update for Windows XP and Windows 2000?
- Q. After I upgraded my hard disk to NTFS under Windows XP, my computer displays an ntfs.sys "missing or corrupt" error and fails to start. How can I resolve this error?
- Q. Why does the Disk Cleanup tool in Windows XP and Windows 2000 hang when I try to start it?
- Windows & .NET Magazine Connections: for Security-Minded IT Pros
- Try Windows & .NET Magazine!
- New—Mobile & Wireless Road Show!
5. Contact Us
- See this section for a list of ways to contact us.
Sponsor: Argent Software
NETWORK TESTING LABS COMPARES MOM TO THE ARGENT GUARDIAN
Network Testing Labs, one of the world's leading independent research companies, put together a comprehensive Comparison Paper on two leading enterprise monitoring solutions. Their conclusion: "The Argent Guardian easily beats out MOM in all our tests... The Argent Guardian will cost far less than MOM and yet provide significantly more functionality." Find out for yourself why organizations like Major League Baseball, GE Capital, AT& T, Harley Davidson, and Nokia all rely on The Argent Guardian for their enterprise monitoring and alerting needs. Download this Comparison Paper now:
by John Savill, FAQ Editor, firstname.lastname@example.org
This week, I explain Network Address Translation (NAT) and describe the different types of NAT that exist. I also describe the IPSec/L2TP NAT-T update for Windows XP and Windows 2000, how to resolve an error after upgrading to NTFS in XP, and why the Disk Cleanup tool in XP and Win2K might hang when you try to start it.
Sponsor: Windows Scripting Solutions
Windows Scripting Solutions for the Systems Administrator
You might not be a programmer, but that doesn't mean you can't learn to create and deploy timesaving, problem-solving scripts. Discover Windows Scripting Solutions, the monthly print publication that helps you tackle common problems and automate everyday tasks with simple tools, tricks, and scripts. Try a sample issue today at:
Q. What's Network Address Translation (NAT)?
A. NAT lets organizations hide their internal IP addresses and provides a means for connecting many more computers over TCP/IP than would be possible if every computer that accessed the Internet needed its own IP address. An organization or a site within an organization that uses NAT can use almost any IP address internally for any purpose, with the exception of a few IP address ranges that are reserved for internal network use (for information about these IP ranges, see the FAQ at http://www.windows2000faq.com/articles/index.cfm?articleid=14985).
Unlike machines on your internal network that can use just about any IP address, machines that connect to the Internet must use allocated (i.e., registered) IP addresses. However, you can use a NAT gateway to connect any machine on your internal network to the Internet. The gateway will communicate with the outside world on the internal machine's behalf and forward responses from the Internet to the originating machine on your internal network.
For example, if a company has 20 computers that all need Internet connectivity, you'd need to register 20 different IP addresses. However, if you used a NAT gateway, you'd need to register only one IP address for the gateway machine that connects to the Internet. (In practice, you'd probably establish several NAT gateways for fault tolerance and load-balancing purposes.) Then, you'd simply channel the other 19 machines through the gateway server. This figure illustrates how the three components (the internal network using an internal IP address subnet, the NAT with a registered Internet IP address, and the Internet) fit together.
The use of NAT has grown in popularity because the use of TCP/IP has grown in popularity. The original TCP/IP address format is based on a 32-bit structure, which provides 4,294,967,296 possible IP addresses. (Fewer addresses are actually available because certain classes or sets of addresses are allocated and reserved for specific purposes.) Because the need for new IP addresses is constant, we'll eventually run out of available addresses based on the original 32-bit format. In recognition of this shortcoming, the Internet Engineering Task Force (IETF) has prepared IPv6, which is the next-generation Internet protocol and will use a 128-bit format to provide an astronomical number of addresses (i.e., 3.4 x 10^38). The new protocol also does a better job than the current addressing scheme of concealing your internal IP address structure.
Q. What types of Network Address Translation (NAT) exist?
A. Three main types of NAT exist. In order of complexity (from simple to complex), they are
- static NAT—With this type of NAT, a NAT router maintains a table that associates each internal IP address with a corresponding external allocated (i.e., registered) Internet IP address. With static NAT, you must register an IP address for every machine that connects to the Internet. This approach isn't used very often because it doesn't save on registering IP addresses. However, static NAT can be useful for making devices accessible from the Internet—the external IP address will always point to the internal address stored on the NAT router.
- dynamic NAT—With dynamic NAT, a NAT router maintains a list of registered Internet IP addresses. Every time an internal client tries to access the Internet, the router maps it to one of the registered IP addresses that isn't currently in use. As a result, you need registered IP addresses only for the number of concurrent Internet users.
- single-address NAT/overloading/masquerading/Network Address Port Translation (NAPT)—With this type of NAT, a NAT router has only one registered IP address. The NAT router maps each internal client that needs to communicate with the Internet to a different port from the registered IP address. The router writes the address request in the form x.x.x.x:y—for example, 10.0.0.1:100 would be IP address 10.0.0.1, port 100. Responses from the Internet include the originating port so that the router knows which internal IP address to map the response to.
This figure illustrates the use of single-address NAT. The NAT router in the figure maintains a translation table that specifies the port that each internal IP address uses for external communication, as follows:
|Internal Address||External Address|
This type of NAT is the most popular form used.
Q. What's the IPSec/L2TP NAT-T update for Windows XP and Windows 2000?
A. The IPSec/L2TP NAT-T update is a Microsoft update for Layer Two Tunneling Protocol (L2TP) and IP Security (IPSec) for XP and Win2K. This update lets you operate VPN clients behind Network Address Translation (NAT) software or hardware. The update is available from the Windows Update Web site and requires XP Service Pack 1 (SP1) or later or Win2K SP3 or later.
After you install the update, clients behind the NAT device will be able to create IPSec connections and monitor those connections through the updated monitoring tool that installs as part of the update. For more information, see the Microsoft article "L2TP/IPSec NAT-T Update for Windows XP and Windows 2000".
Q. After I upgraded my hard disk to NTFS under Windows XP, my computer displays an ntfs.sys "missing or corrupt" error and fails to start. How can I resolve this error?
A. The full error you receive on start-up is
file is missing or corrupt:
To resolve this error, you need to use the Recovery Console (RC) to replace the ntfs.sys file by performing the following steps:
- Insert the XP installation CD-ROM and reboot your machine.
- When the installation menu appears, press the R key to start an RC session.
- When prompted, select the installation and enter the Administrator password.
- At the console, navigate to the system32\drivers folder, assuming your Windows folder is called "windows," by typing
- Rename the current ntfs.sys file by typing
- Copy the ntfs.sys file from your installation CD-ROM to your current location by tying
- Remove the XP installation CD-ROM, then restart your machine.
ren ntfs.sys ntfs.bad
copy <drive letter>:\i386\ntfs.sys .</drive>
Be sure you include the period at the end of the command to instruct your system to use the current location.
Q. Why does the Disk Cleanup tool in Windows XP and Windows 2000 hang when I try to start it?
A. A corrupt temporary file can often cause the Disk Cleanup utility to hang. To resolve this problem, try deleting all temporary files on your computer by performing the following steps:
- Close all running applications.
- From the Start menu, click Run and type
- Type Ctrl+A or from the Edit menu click Select All to select all the files, press Delete, then click Yes to the confirmation.
- Close Windows Explorer.
- Open the Control Panel Internet Options applet.
- Select the General tab, then click Delete Files.
- Select the "Delete all offline content" check box, then click OK.
to open the Temp folder on your computer.
You should now be able to run the Disk Cleanup tool.
Hot Release (Advertisement)
Window's Deployment & Settings Mgt. by AutoProf
AutoProf's new Profile Maker 8 Professional provides point and click management of OS upgrades, service packs, software patches, network drive mappings, shared and TCP/IP printer connections. Visually manage Office & IE application settings, Outlook profiles, files, folders, and shortcuts. Configure based on over 25 filters. Free Trial!
(from Windows & .NET Magazine and its partners)
How secure is your network? Have you ever been hacked? If you had to lock down 100 machines in 5 minutes, could you do it? How has Windows Server 2003 improved its security features? Want to stop spam? Register for Windows & .NET Magazine Connections 2003 coming this fall to Orlando, and get all the answers to these questions and much more!
Every issue of Windows & .NET Magazine includes intelligent, impartial, and independent coverage of security, Active Directory, Microsoft Exchange Server, and more. Our expert authors deliver how-to content you simply can't find anywhere else. Try a sample issue today, and find out what more than 100,000 readers know that you don't!
(brought to you by Windows & .NET Magazine)
Learn more about the wireless and mobility solutions that are available today! Register now for this free event!
FREE live trial-Backup & Disaster Recovery software w/ encryption
Free Download - NEW NetOp 7.6 - faster, more secure, remote support
5. Contact Us
Here's how to reach us with your comments and questions:
- About the newsletter — email@example.com
- About technical questions — http://www.winnetmag.com/forums
- About product news — firstname.lastname@example.org
- About your subscription — email@example.com
- About sponsoring UPDATE — firstname.lastname@example.org
This weekly email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.