Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Urgent : Port forwarding/routing/mapping win 2000 server (sbs)

Status
Not open for further replies.
Leozack

Leozack

MIS
Oct 25, 2002
867
GB
Ok - I've spent hours todays earching the internet and some win2k books on hwo to setup port forwarding. I've found plenty of stuff about printer and com ports which I don't care about, and found the easy way to do it if I was using ICS, which I'm not ( see I've now found ways to do it using NAT instead (see But my server (windows 2000 sbs server) is already configured for clients to access the net just by running MS firewall client. I've found that ICS is turned off (dont' wanna port forward that way then) but NAT wasn't in the "routing & remote access / IP routing" section of admin panel either. I added it and tried a test forward from a port to an ip and port, but that didn't work either.
Can anyone help!!?? o_O I fail to see what it is my server is using to share the net therefore, and more to the point, how to port forward that way. I mean - WHY is the whole world trying NOT to tell me how to do it? It's ridiculously hard to find any help and none of it has applied yet at all! Best solutions have been to go buy some 3rd party routing software! Ugh! I could do this in 10 seconds with a router, just goto the port forwarding screen =( _________________________________
Leozack
Code: 
MakeUniverse($infinity,1,42);
 
Sort by date Sort by votes
Leozack,

First of all - are your clients getting their IP addresses dynamically? If so - where from? Is it a registered DHCP server on your Win2k domain, or do you have a domain? If ICS isn't enabled then they have to be getting them from somewhere unless they're statically assigned or assigned using the DHCP Allocator function in the NAT configuration.

Second - What is the IP address range that your client machines are using? (e.g. 192.168.0.0/24 - 192.168.0.100/24)

Third - If you have the DHCP server configured to assign IP addresses then you need to uncheck "Automatically Assign IP Addresses by using DHCP".

Fourth - Once you have all of the clients getting IP addresses from somewhere then you need to set up some translators to forward certain ports to certain machines on the internal network. Mind you if you don't allocate static IP addresses for the clients or servers that are running a service such as FTP or HTTP then the IP addresses will change. You must make an Exclusion on the DHCP server to allocate a static address for that machine otherwise some other machine may obtain the IP address that you have forwarded that doesn't provide the service you are requesting. If you're using the NAT feature to assign IP addresses using the built in DHCP allocator then all you have to do is enable the "Automatically Assign IP Addresses by using DHCP" option, specify your network, and add an exclusion by clicking the exclusion button.

This should work...
HTH!

--James
 
Upvote 0 Downvote
Comments:

First - We get dynamic addresses from our Win 2K server, which includes DHCP for our local domain. We can set our local addresses to be fixed on the local network. We do not and cannot use ICS, which is far inferior.

Second - we use 192.168.16.0 - I do not know what the /24 on the end means, but I would like to know, since our router at church uses the same notation.

Third - we can do this for any specific PC. We may also need to tell the DHCP server that these addresses are not available for distribution. I have not done so, but we could investigate that. I have done so for one setup in the past.

Fourth - as above _________________________________
Leozack
Code: 
MakeUniverse($infinity,1,42);
 
Upvote 0 Downvote
/24 is your subnet mask. What happens when you try, it just doesn't do anything? Glen A. Johnson
Microsoft Certified Professional
glen@nellsgiftbox.com
[americanflag]

"What really happens is trivial in comparison to what could occur."
Robert von Musil (1880-1942); Austrian author.
 
Upvote 0 Downvote
/24 is my subnet mask? That doesn't mean much to me at all, subnet masks as far as I'm concerned are 255.255.255.0 in my case, or so I beleive.
And what do you mean "have I tried it"? _________________________________
Leozack
Code: 
MakeUniverse($infinity,1,42);
 
Upvote 0 Downvote
11111111=255
11111111=255
11111111=255
00000000=0
11111111+11111111+11111111+00000000=24

11111111+11111111+11111111+00000000=255.255.255.0
8 octets added together equals 255. 8 ones added together equals 8. This is how I understand how it works. Just that 24 is easier to type than 255.255.255.0.
That help? Also, I didn't ask if you've tried it, I said what happens when you do. Sorry for the confusion. Glen A. Johnson
Microsoft Certified Professional
glen@nellsgiftbox.com
[americanflag]

"What really happens is trivial in comparison to what could occur."
Robert von Musil (1880-1942); Austrian author.
 
Upvote 0 Downvote
Hmmm, all that subnet mask stuff is weird. I'll just try n remember that /24 is the same as 255.255.255.0 =P
As for "what happens when I try it" - what is it I should be trying? Everything works, I'm just unable to find any way to forward 1 particular port to another particular port on another particular local pc. You'd think it would just be a table on a page same as routers have. But no, the only way I've found is in the ICS, which we're not using. Is that what you wanted to know what happened when I tried? Because, well, we don't use it, so I'm not about to turn it on =P There MUST be a way to port forward/redirect without the advanced/settings (whatever it was) button of ICS? _________________________________
Leozack
Code: 
MakeUniverse($infinity,1,42);
 
Upvote 0 Downvote
Leozack,

You said you're running MS Firewall Client - What exactly is the MS Firewall Client? Are you talking about the Personal Firewall that is built into Windows XP? Before NAT will work you're going to have to punch a hole in the firewall to allow that port to pass on the given protocol (e.g. tcp or udp) since most firewalls route packets after they've passed some sort of filtering mechanism such as a firewall. This is especially true in NAT situations. Here is a brief explanation of how NAT works:

[ol][li]Packet from x.x.x.x comes in to the external interface which contains a destination ip address in the header as well as protocol and Type of Service (ToS) information.[/li][li]The NAT checks its routing table for a post-routing entry for this particular service against its records to forward the packet to a different ip address.[/li][li]The destination ip address in the packet header is then modified with the ip address that is matched in the NAT table for the particular ToS and protocol.[/li][li]The packet is then forwarded to the ip address.[/li][/ol]
In order for all of this to take place the NAT has to receive the packet. If the packet is being dropped by the firewall then the NAT will not receive it.

HTH!

--James
 
Upvote 0 Downvote
The MS Firewall Client is purely what clients run in order to connect to the NET through the SBS win2k server. I use the MS Internet Security and Acceleration Server (ISA), and the MS Internet Information Server (IIS). I need advice from someone who knows how to use these. So far I know how to port forward using ICS (turn it on and goto settings etc) but we're not using ICS and that isn't an option. I can't beleive this is so hard to do on the behemoth that is win2k server. Little 3rd party tools for port forward, why the heck has win2k made it so hard to do? I'll be reduced to getting a 3rd party freeware tool should one exist (or buying a router), but SURELY someone knows how to do it on win2k server? =/ _________________________________
Leozack
Code: 
MakeUniverse($infinity,1,42);
 
Upvote 0 Downvote
SUCCESS!
Well, to a degree. I now have all traffic on port 8000 of my server going to my pc which runs apache on port 8000 thus the world at large can see my personal webserver even though I'm behind a network =)
The procedure? (which required 2 of us remotely controlling the pc working away for a couple of hours) (and yes, I'm using IAS and IIS)

1 - Added the protocol definition..
2 - Added the packet filter..
3 - Added the server publishing rule..

1 - Within AIS (MS internet security & administration server 2000) connect to your server (if it's not already in the list) open it, open "protocol definitions", rightclick "protocol definitions" and say "new -> definition".
Give it a name, give it the port number you want to forward (8000 in my case) and tcp (if that's what you wanna use) and inbound (to goto the networked PC) and tell it not to use secondary connections. ok.

2 - Back up 2 levels from "protocol definitions" (back within your main server under AIS) open "access policy", open "IP packet filters", rightclick "IP packet filters" and say "new -> filter".
Give it a name, say it's an "allow" filter, say it's a "custom" filter, say "TCPIP", say local port "fixed" and local port number "8000" if that's what you want, say "inbound" or "both", say "this comuter on the perimeter network" and enter in the IP of the PC yuo want to forward to, say all remote computers. ok.

3 - Back up 2 levels from "IP packet filters" (back within your main server under AIS) open "publishing", open "server publishing rules", rightclick "server publishing rules" and say "new -> rule".
Give it a name, enter the internal IP address of the server as the PC your'e forwarding to, same as you did for the filter above, enter the external IP address as your main server pc's internet address (this may need changing whenever your main server pc changes internet ip address), select to use the protocol you made in step one, eg "My Http Redirect", say "any request". ok.

Now, as long as the ip address you told all traffic to forward to is listening on the port you told to forward, (8000 in my case) the destination IP address will take all traffic to that port as if it had come to itself - wooo!

If I find any problems I'll repost, but I think this is what I've wanted for a long time! _________________________________
Leozack
Code: 
MakeUniverse($infinity,1,42);
 
Upvote 0 Downvote
Congrats. I know what it's like to suffer through something and finally get resolution. Enjoy. Glen A. Johnson
Johnson Computer Consulting
MCP W2K
glen@nellsgiftbox.com
[americanflag]

"What really happens is trivial in comparison to what could occur."
Robert von Musil (1880-1942); Austrian author.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
255
Aquiles Vidal
Aquiles Vidal
MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
205
MaioMaio
MaioMaio
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
192
DTGMI
DTGMI
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
292
suncit
suncit
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
215
antonio_dsanchez
antonio_dsanchez

Part and Inventory Search

Sponsor

Back
Top