Need Help forwarding ports in Windows SBS 2003 to Workstation on LAN for PC Anywhere

Hello,
I am trying to connect to a workstation on my LAN behind a firewall and a Windows SBS 2003 using PC Anywhere.

Here is the layout of my network from the Internet to the LAN.
I have a Netgear FVS318 connected to the Internet with a static public IP address.  The internal side has a static ip address of 192.168.1.1.
2.  Connected to that is a Windows SBS 2003 that has 2 NIC's.  The nic connected to the Netgear FVS318 has a static IP address of 192.168.1.2.  The Internal NIC that is connected to a switch which is for the LAN has a static IP address of 192.168.16.2.  
I have a workstation on the LAN with a static IP address of 192.168.16.133.

All Internet traffic goes through the sbs 2003, then through the netgear router to the Internet.

I have port forwarding enabled on the router to forward ports 5631, 5632, 5633, and 5634 to the server (IP address 192.68.1.2)

I have PC Anywhere on the server and can access this from the internet remotely, so I know the port forwarding is working on the Netgear Router.

I have PC Anywhere on the Workstation configured with ports 5633 and 5634.  

I have routing and remote access enabled on the server 2003.

dnstools.com shows ports 5631 and 5632 open, but not 5633 and 5634.  

Where in server SBS 2003 do I open these ports and point them to the workstation on the LAN?  
I want to continue to use pc anywhere, and not something else.  It is version 11 installed on both the server and workstation.  

I have went into routing and remote access and went to the properties of the network connection (external NIC on server 192.168.1.2) and added the ports (5633 and 5634)  on the SERVICES AND PORTS tab to the private ip address of the workstation.  This does not seem to do anything.  

From the server I can setup a remote to the workstion using PC Anywhere and remotely control it.  

So, here is what I have.

pc anywhere works on the server from a remote location
pc anywhere works from the server to the workstation
the ports are being blocked at the server, or not being let through to the workstation.
I have unistalled pc anywhere on the server and used the default ports (5631 and 5632) on the workstation with no luck either.
The Netgear FVS318 router is working properly and forwarding the ports to the server.

Thanks in advance, this site has saved my butt so many times in the past and it is probably the best site I have come across for solving problems, without the BS.
Tom
LVL 1
SSNSAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

WeHeCommented:
you need 2 public ip addresses to get your goal.
the router will forward packets to the SBS, but how will the sbs decide to forward them or hold them localy?
you have to forward the ports to your sbs with 1 public ip and forward these ports to the workstation with a 2nd public ip.
maybe pcanyware can use a feature (like Remote Administrator has) named "connect through".
this way, you could connect to your workstation using your sbs as a proxy.
0
SSNSAuthor Commented:
I am not sure how to acheive what you are saying WeHe.  I would imagine that when I use pc anywhere from a remote location on ports 5633 and 5634, the server will see this and forward them to the workstation, just like the netgear router is doing with the port forwarding.  Basically it sees data coming in on these ports and forwards it to the designated intenal IP address.
0
WeHeCommented:
i see, two different ports.
can you forward these 2 ports on the router to the workstation address?
it would be the easiest way.
the sbs then would only route the packets, without forwarding or altering.
so forward 5631 and 5632 to your sbs and
forward 5633 and 5634 to your workstation.
0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

SSNSAuthor Commented:
I can't forward the 5633 and 5634 from the router to the workstation because the workstation is not attatched to the router.  It is behind the sbs 2003 on a different subnet.  The IP address of the workstation is 192.168.16.133, while the Internal IP address of the router is 192.168.1.1.  Data goes from the workstation, through the sbs2003, and then through the router.  The only thing attatched to the router is the sbs2003.
Tom
0
Netman66Commented:
Most companies are setup exactly like yours with PC Anywhere.  The correct way to remote internal workstations is to attach to the Server then run the remote session.  Why is this not acceptable?

As far as what WeHe said, if you port forward from the router to the workstation the packets should hit the server's external interface then be routed internally provided RRAS is setup to allow bi-directional traffic.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SSNSAuthor Commented:
Netman66,
I will use the terminal services to get to the server, and then use pc anywhere to go from there to the workstation.  I don't know enough about rras to setup the bi-directional traffic to get it to work.  It does seem as though I should be able to forward the ports in the server to the corresponding workstation though.  Thanks for the answer,
Tom
0
WeHeCommented:
sorry to netman, but point distribution is not ok for me.
0
SSNSAuthor Commented:
Hey WeHe,
I gave netman66 the points because he came up with a solution that would work for me, although it was not the solution that I was looking for.  Is this what you were trying to say in your response?  I did not get that from your responses, but if it is, then I am willing to split the points if I can.
Tom
0
WeHeCommented:
yes, it was this what i wanted to say.
i am sure, just forwarding to the workstation will work too, your sbs is just another router to the network.
but anyway, netman gave you your solution, so it has to be ok for me.
if you decide to split points, for sure netman should get the majority.
it's not my day, today.
0
Netman66Commented:
Guys,

I honestly could care less about the points...I'm here to help people fix things.

I'm still a little cloudy on why you would want to PCA directly to the PC instead of from the server.  For security you should only have a bare minimum of "holes" in your perimeter protection to get your job done.  If you have a second set of ports open you invite the possibilities of a breach.  Opening a port to TS to the server gives you a small attack surface as opposed to 4 listening ports using PCA the way you had mentioned above.

If you are worried about being on a production server when remoting a PC, then you can always create a basic user account to allow TS access and make that user a SuperUser in PCA for the local PC.  This way the account could effectively be prevented from doing anything bad on the server itself.

0
WeHeCommented:
i am here to help too, but as i am relative new here, points do definitly count for me.
he gets what works for him, regardless if it is, what he wanted in his question.
i would open an VPN tunnel and so i could remote desktop any machine inside the network with minimum of holes in the perimeter.
but i see he do not know anything about ip basics, so i will forget this and do not think about anymore.
have a nice day you all.
0
SSNSAuthor Commented:
WeHe, Please don't cry about not getting the points.  As far as IP basics go, just because you don't know how to explain something does not mean that people don't know something.  BTW, nice job on piggy backing off of Netman66, using his wording, kinda makes you sound like you know what you are talking about.  Also, learn how to type proper english.
Have a great day sitting in front of your monitor,
Tom
0
mistertokrCommented:
I may be a bit off topic & do apologize for that,  but this is the closest thing I can find to my issue. I have a similar problem. I have an XP Pro workstation that has a 4 port video camera surveillance card in it. I want to be able to access my cameras via internet. I am running a Win2000 SP4 PDC with 2 NIC's, one for internet & one for local
My local NIC uses 192.168.0.x ip range. The workstations connect to the internet via RRAS.
Ron
0
Netman66Commented:
You should be able to RRAS into the server if you have a broadband connection and can find your public IP.

If you like, post another Question in Networking and let me know when it's there by this post.

NM
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.