I have 2 servers both Windows Server 2003. One has IIS on it and has the web remote desktop client on it and has an external IP. The other is a terminal server and allows terminal server access. In front of both of these we have a linux firewall.
We have allowed access just to the IIS server through the firewall by letting anybody access port 80 on the IIS server and i can access the remote web client on http://
<ipaddress>/tsweb absolutely fine!! The problem comes when trying to access the terminal server through the IIS web remote desktop. It cant connect to it!!
I have put trace on the linux firewall to find out why and i know whats happening but i dont know why!!! It seems that all IIS does it gives the external browser the info to make a terminal services connection itself.
This means we had to "punch" another hole for the same address through the firewall to the terminal server!! Is there any way that we can not do this and make the IIS server make the connection straight to the terminal server not having to open the firwall up for the termianl server? At the moment in the firewall we allow tcp to port 3389 and allow ICMP to both local and external adresses of the terminal server. With these rules it accesses the terminal server fine through the IIS web connection client. BUT ideally id like to not have any ports open for this authentication and let the IIS web connection client authenticate locally. Is this possible??