[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Need Help forwarding ports in Windows SBS 2003 to Workstation on LAN for PC Anywhere

Posted on 2004-11-08
14
Medium Priority
?
553 Views
Last Modified: 2010-04-19
Hello,
I am trying to connect to a workstation on my LAN behind a firewall and a Windows SBS 2003 using PC Anywhere.

Here is the layout of my network from the Internet to the LAN.
I have a Netgear FVS318 connected to the Internet with a static public IP address.  The internal side has a static ip address of 192.168.1.1.
2.  Connected to that is a Windows SBS 2003 that has 2 NIC's.  The nic connected to the Netgear FVS318 has a static IP address of 192.168.1.2.  The Internal NIC that is connected to a switch which is for the LAN has a static IP address of 192.168.16.2.  
I have a workstation on the LAN with a static IP address of 192.168.16.133.

All Internet traffic goes through the sbs 2003, then through the netgear router to the Internet.

I have port forwarding enabled on the router to forward ports 5631, 5632, 5633, and 5634 to the server (IP address 192.68.1.2)

I have PC Anywhere on the server and can access this from the internet remotely, so I know the port forwarding is working on the Netgear Router.

I have PC Anywhere on the Workstation configured with ports 5633 and 5634.  

I have routing and remote access enabled on the server 2003.

dnstools.com shows ports 5631 and 5632 open, but not 5633 and 5634.  

Where in server SBS 2003 do I open these ports and point them to the workstation on the LAN?  
I want to continue to use pc anywhere, and not something else.  It is version 11 installed on both the server and workstation.  

I have went into routing and remote access and went to the properties of the network connection (external NIC on server 192.168.1.2) and added the ports (5633 and 5634)  on the SERVICES AND PORTS tab to the private ip address of the workstation.  This does not seem to do anything.  

From the server I can setup a remote to the workstion using PC Anywhere and remotely control it.  

So, here is what I have.

pc anywhere works on the server from a remote location
pc anywhere works from the server to the workstation
the ports are being blocked at the server, or not being let through to the workstation.
I have unistalled pc anywhere on the server and used the default ports (5631 and 5632) on the workstation with no luck either.
The Netgear FVS318 router is working properly and forwarding the ports to the server.

Thanks in advance, this site has saved my butt so many times in the past and it is probably the best site I have come across for solving problems, without the BS.
Tom
0
Comment
Question by:SSNS
  • 5
  • 5
  • 3
  • +1
14 Comments
 
LVL 11

Expert Comment

by:WeHe
ID: 12524763
you need 2 public ip addresses to get your goal.
the router will forward packets to the SBS, but how will the sbs decide to forward them or hold them localy?
you have to forward the ports to your sbs with 1 public ip and forward these ports to the workstation with a 2nd public ip.
maybe pcanyware can use a feature (like Remote Administrator has) named "connect through".
this way, you could connect to your workstation using your sbs as a proxy.
0
 
LVL 1

Author Comment

by:SSNS
ID: 12524804
I am not sure how to acheive what you are saying WeHe.  I would imagine that when I use pc anywhere from a remote location on ports 5633 and 5634, the server will see this and forward them to the workstation, just like the netgear router is doing with the port forwarding.  Basically it sees data coming in on these ports and forwards it to the designated intenal IP address.
0
 
LVL 11

Expert Comment

by:WeHe
ID: 12524850
i see, two different ports.
can you forward these 2 ports on the router to the workstation address?
it would be the easiest way.
the sbs then would only route the packets, without forwarding or altering.
so forward 5631 and 5632 to your sbs and
forward 5633 and 5634 to your workstation.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 1

Author Comment

by:SSNS
ID: 12525075
I can't forward the 5633 and 5634 from the router to the workstation because the workstation is not attatched to the router.  It is behind the sbs 2003 on a different subnet.  The IP address of the workstation is 192.168.16.133, while the Internal IP address of the router is 192.168.1.1.  Data goes from the workstation, through the sbs2003, and then through the router.  The only thing attatched to the router is the sbs2003.
Tom
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 1500 total points
ID: 12525479
Most companies are setup exactly like yours with PC Anywhere.  The correct way to remote internal workstations is to attach to the Server then run the remote session.  Why is this not acceptable?

As far as what WeHe said, if you port forward from the router to the workstation the packets should hit the server's external interface then be routed internally provided RRAS is setup to allow bi-directional traffic.

0
 
LVL 1

Author Comment

by:SSNS
ID: 12525685
Netman66,
I will use the terminal services to get to the server, and then use pc anywhere to go from there to the workstation.  I don't know enough about rras to setup the bi-directional traffic to get it to work.  It does seem as though I should be able to forward the ports in the server to the corresponding workstation though.  Thanks for the answer,
Tom
0
 
LVL 11

Expert Comment

by:WeHe
ID: 12525941
sorry to netman, but point distribution is not ok for me.
0
 
LVL 1

Author Comment

by:SSNS
ID: 12528357
Hey WeHe,
I gave netman66 the points because he came up with a solution that would work for me, although it was not the solution that I was looking for.  Is this what you were trying to say in your response?  I did not get that from your responses, but if it is, then I am willing to split the points if I can.
Tom
0
 
LVL 11

Expert Comment

by:WeHe
ID: 12528503
yes, it was this what i wanted to say.
i am sure, just forwarding to the workstation will work too, your sbs is just another router to the network.
but anyway, netman gave you your solution, so it has to be ok for me.
if you decide to split points, for sure netman should get the majority.
it's not my day, today.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 12532914
Guys,

I honestly could care less about the points...I'm here to help people fix things.

I'm still a little cloudy on why you would want to PCA directly to the PC instead of from the server.  For security you should only have a bare minimum of "holes" in your perimeter protection to get your job done.  If you have a second set of ports open you invite the possibilities of a breach.  Opening a port to TS to the server gives you a small attack surface as opposed to 4 listening ports using PCA the way you had mentioned above.

If you are worried about being on a production server when remoting a PC, then you can always create a basic user account to allow TS access and make that user a SuperUser in PCA for the local PC.  This way the account could effectively be prevented from doing anything bad on the server itself.

0
 
LVL 11

Expert Comment

by:WeHe
ID: 12533410
i am here to help too, but as i am relative new here, points do definitly count for me.
he gets what works for him, regardless if it is, what he wanted in his question.
i would open an VPN tunnel and so i could remote desktop any machine inside the network with minimum of holes in the perimeter.
but i see he do not know anything about ip basics, so i will forget this and do not think about anymore.
have a nice day you all.
0
 
LVL 1

Author Comment

by:SSNS
ID: 12535020
WeHe, Please don't cry about not getting the points.  As far as IP basics go, just because you don't know how to explain something does not mean that people don't know something.  BTW, nice job on piggy backing off of Netman66, using his wording, kinda makes you sound like you know what you are talking about.  Also, learn how to type proper english.
Have a great day sitting in front of your monitor,
Tom
0
 

Expert Comment

by:mistertokr
ID: 12712484
I may be a bit off topic & do apologize for that,  but this is the closest thing I can find to my issue. I have a similar problem. I have an XP Pro workstation that has a 4 port video camera surveillance card in it. I want to be able to access my cameras via internet. I am running a Win2000 SP4 PDC with 2 NIC's, one for internet & one for local
My local NIC uses 192.168.0.x ip range. The workstations connect to the internet via RRAS.
Ron
0
 
LVL 51

Expert Comment

by:Netman66
ID: 12712634
You should be able to RRAS into the server if you have a broadband connection and can find your public IP.

If you like, post another Question in Networking and let me know when it's there by this post.

NM
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Integration Management Part 2
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question