• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1380
  • Last Modified:

Port Forwarding and Windows Domain Controller

 Hi, I've a Network of about 15 workstations (Net: 192.168.0.0, dynamic) and 1 server (192.168.0.2 fixed, with Windows 2000 Adv. Server, DHCP on) that is used as a Domain Controller. Then the computers are connected by a switch and a router (192.168.0.1 fixed, SMC Barricade, No DHCP) connects them to internet (ADSL). All is working fine, the domain controller use DNS forwarding to the ISP's ones for IP-Name translation. The big problems starts here: I need to use one machine as a FTP server (TCP port 21) When I try the Port forwarding option of the SMC Barricade (IE: Local Machine: 192.168.0.112, Internal Port: 21, External Port: 21) it seems not to be working, outside the network you cannot use the service... (of course you can use this service inside the local network but this isn't what i really need) I don't know if there is a problem with the Domain Controller or if I need to set up some things on it... For that thing I ask you any help that you can give.
  Than you very much

Juan.
0
jfazzini
Asked:
jfazzini
  • 4
  • 3
  • 2
  • +3
1 Solution
 
mikeleebrlaCommented:
since you can access the FTP server internally that means it is working fine and their must be a problem with the port fowarding on your router.

FTP uses port 20 to transfer data, 21 is used for control.  you need to foward 20 as well.
0
 
jfazziniAuthor Commented:
that's ok, i'm really forwarding ports: 20-21,80 as well but no luck... I still don't know if there is a router problem because I've no answer from SMC yet...
0
 
miroofi75Commented:
the local machine have an static IP 112, isn't it.

you have IIS install on that computer which host FTP and you give proper permissions.

what else services are running on that compter.

you check this and letme know.

regards



Imran


0
Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

 
Gen2003Commented:
While testing ensure you are trying to reach Public IP address of SMC from outside - not from your LAN (like sitting infront of your PC in the office), try to see if there is some firewall or Access lists on SMC or router or somwhere.
0
 
jfazziniAuthor Commented:
Thanks, there is no security or firewall issues (including all regarding the router) the machine has a fixed IP (192.168.0.112) the ftp service is working fine and is not a IIS one It's a WS_FTP Server program, no problems with the permissions. You can connect ok to the router from outside (you can ping for example, if I let the router do that) Also I tried DMZ and if I use that the service works very well, BUT I need to use more than ony one service from outside on differents servers, that means I can only use one DMZ tunnel and well I will need many. That's why I need to use port forwarding. I asked SMC and maybe there is a router problem, but just in case I wanna know if there is a "problem" using the Domain Controller and it's DNS's configuration.
0
 
mikeleebrlaCommented:
there shouldn't be a problem using your DC as an FTP server (other than it being a security risk).  DNS isn't an issue if you are trying to FTP via IP, which i think you are trying to do right?  Get it working by IP address first, then if you need to FTP via DNS name just create the approprate DNS records on your public DNS server.
0
 
miroofi75Commented:
Do following thing:

Redirect the ftp ports from your router to your ftp server and check permissions.

try to telnet from internet to your router on port 21.

telnet yourrouterip 21 / 20

and let me know.

regards,


Imran
0
 
jfazziniAuthor Commented:
 Yes i get the ftp server from it's IP mike, I don't need to use a host name. From outside I have the correct DNS's entries for the router Public IP. There is no firewall restriction, by the way.
 Yes I tried that too miroofi75 but I get Connect failed... (remember I can ping correctly the router public ip)
  I'm going nuts I think the router has some firmware problems on that feature (forwarding).
  Still asking SMC...
0
 
jhowelCommented:
I've never used andy SMC products but if it's a relatively grown up product it will probably have the port forwarding and firewall rules as separate configurations. Obviously you need to enable the forwarding of the required ports to your internal address but does the firewall part of the router configuration allow you to specify the incoming port range i.e which port the source connection is coming from? As an outbound TCP connection can use a wide range of 'source' ports your router's firewall could be rejecting the packets if you're doing the following:

Source IP: Any
Source ports: 20-21
Subnet Mask: 255.255.255.255

Destination IP: 192.168.0.112
Destination Ports: 20-21
Subnet Mask: 255.255.255.0

Try:

Source IP: Any
Source ports: ANY
Subnet Mask: 255.255.255.255

Destination IP: 192.168.0.112
Destination Ports: 20-21
Subnet Mask: 255.255.255.0

Let us know if this helps...
0
 
miroofi75Commented:
try in this way if it is possible; use wingate as your proxy server and goto extended network settings then port security and do as above mentioned port forwarding make sure that is not your ftp server its another machine connect to the internet. to make sure that it is only a problem of router or settings.

Let us know if this works.

regards,


Imran
0
 
jfazziniAuthor Commented:
Hello, the problem isn't on the Domain Controller configuration is just a hardware issue, the SMC router is not working property. I will change it as soon as posible. Thanks for your help anyway.

Juan.
0
 
GhostModCommented:
PAQd, 250 points refunded.

GhostMod
Community Support Moderator
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

  • 4
  • 3
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now