?
Solved

Port Forwarding and Windows Domain Controller

Posted on 2005-05-02
13
Medium Priority
?
1,158 Views
Last Modified: 2013-11-29
 Hi, I've a Network of about 15 workstations (Net: 192.168.0.0, dynamic) and 1 server (192.168.0.2 fixed, with Windows 2000 Adv. Server, DHCP on) that is used as a Domain Controller. Then the computers are connected by a switch and a router (192.168.0.1 fixed, SMC Barricade, No DHCP) connects them to internet (ADSL). All is working fine, the domain controller use DNS forwarding to the ISP's ones for IP-Name translation. The big problems starts here: I need to use one machine as a FTP server (TCP port 21) When I try the Port forwarding option of the SMC Barricade (IE: Local Machine: 192.168.0.112, Internal Port: 21, External Port: 21) it seems not to be working, outside the network you cannot use the service... (of course you can use this service inside the local network but this isn't what i really need) I don't know if there is a problem with the Domain Controller or if I need to set up some things on it... For that thing I ask you any help that you can give.
  Than you very much

Juan.
0
Comment
Question by:jfazzini
  • 4
  • 3
  • 2
  • +3
12 Comments
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 13912608
since you can access the FTP server internally that means it is working fine and their must be a problem with the port fowarding on your router.

FTP uses port 20 to transfer data, 21 is used for control.  you need to foward 20 as well.
0
 
LVL 1

Author Comment

by:jfazzini
ID: 13912763
that's ok, i'm really forwarding ports: 20-21,80 as well but no luck... I still don't know if there is a router problem because I've no answer from SMC yet...
0
 
LVL 3

Expert Comment

by:miroofi75
ID: 13915821
the local machine have an static IP 112, isn't it.

you have IIS install on that computer which host FTP and you give proper permissions.

what else services are running on that compter.

you check this and letme know.

regards



Imran


0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
LVL 4

Expert Comment

by:Gen2003
ID: 13915914
While testing ensure you are trying to reach Public IP address of SMC from outside - not from your LAN (like sitting infront of your PC in the office), try to see if there is some firewall or Access lists on SMC or router or somwhere.
0
 
LVL 1

Author Comment

by:jfazzini
ID: 13916942
Thanks, there is no security or firewall issues (including all regarding the router) the machine has a fixed IP (192.168.0.112) the ftp service is working fine and is not a IIS one It's a WS_FTP Server program, no problems with the permissions. You can connect ok to the router from outside (you can ping for example, if I let the router do that) Also I tried DMZ and if I use that the service works very well, BUT I need to use more than ony one service from outside on differents servers, that means I can only use one DMZ tunnel and well I will need many. That's why I need to use port forwarding. I asked SMC and maybe there is a router problem, but just in case I wanna know if there is a "problem" using the Domain Controller and it's DNS's configuration.
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 13917336
there shouldn't be a problem using your DC as an FTP server (other than it being a security risk).  DNS isn't an issue if you are trying to FTP via IP, which i think you are trying to do right?  Get it working by IP address first, then if you need to FTP via DNS name just create the approprate DNS records on your public DNS server.
0
 
LVL 3

Expert Comment

by:miroofi75
ID: 13917903
Do following thing:

Redirect the ftp ports from your router to your ftp server and check permissions.

try to telnet from internet to your router on port 21.

telnet yourrouterip 21 / 20

and let me know.

regards,


Imran
0
 
LVL 1

Author Comment

by:jfazzini
ID: 13918420
 Yes i get the ftp server from it's IP mike, I don't need to use a host name. From outside I have the correct DNS's entries for the router Public IP. There is no firewall restriction, by the way.
 Yes I tried that too miroofi75 but I get Connect failed... (remember I can ping correctly the router public ip)
  I'm going nuts I think the router has some firmware problems on that feature (forwarding).
  Still asking SMC...
0
 
LVL 1

Expert Comment

by:jhowel
ID: 13923444
I've never used andy SMC products but if it's a relatively grown up product it will probably have the port forwarding and firewall rules as separate configurations. Obviously you need to enable the forwarding of the required ports to your internal address but does the firewall part of the router configuration allow you to specify the incoming port range i.e which port the source connection is coming from? As an outbound TCP connection can use a wide range of 'source' ports your router's firewall could be rejecting the packets if you're doing the following:

Source IP: Any
Source ports: 20-21
Subnet Mask: 255.255.255.255

Destination IP: 192.168.0.112
Destination Ports: 20-21
Subnet Mask: 255.255.255.0

Try:

Source IP: Any
Source ports: ANY
Subnet Mask: 255.255.255.255

Destination IP: 192.168.0.112
Destination Ports: 20-21
Subnet Mask: 255.255.255.0

Let us know if this helps...
0
 
LVL 3

Expert Comment

by:miroofi75
ID: 13924050
try in this way if it is possible; use wingate as your proxy server and goto extended network settings then port security and do as above mentioned port forwarding make sure that is not your ftp server its another machine connect to the internet. to make sure that it is only a problem of router or settings.

Let us know if this works.

regards,


Imran
0
 
LVL 1

Author Comment

by:jfazzini
ID: 13967729
Hello, the problem isn't on the Domain Controller configuration is just a hardware issue, the SMC router is not working property. I will change it as soon as posible. Thanks for your help anyway.

Juan.
0
 
LVL 1

Accepted Solution

by:
GhostMod earned 0 total points
ID: 14006377
PAQd, 250 points refunded.

GhostMod
Community Support Moderator
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question