jfazzini
asked on
Port Forwarding and Windows Domain Controller
Hi, I've a Network of about 15 workstations (Net: 192.168.0.0, dynamic) and 1 server (192.168.0.2 fixed, with Windows 2000 Adv. Server, DHCP on) that is used as a Domain Controller. Then the computers are connected by a switch and a router (192.168.0.1 fixed, SMC Barricade, No DHCP) connects them to internet (ADSL). All is working fine, the domain controller use DNS forwarding to the ISP's ones for IP-Name translation. The big problems starts here: I need to use one machine as a FTP server (TCP port 21) When I try the Port forwarding option of the SMC Barricade (IE: Local Machine: 192.168.0.112, Internal Port: 21, External Port: 21) it seems not to be working, outside the network you cannot use the service... (of course you can use this service inside the local network but this isn't what i really need) I don't know if there is a problem with the Domain Controller or if I need to set up some things on it... For that thing I ask you any help that you can give.
Than you very much
Juan.
Than you very much
Juan.
ASKER
that's ok, i'm really forwarding ports: 20-21,80 as well but no luck... I still don't know if there is a router problem because I've no answer from SMC yet...
the local machine have an static IP 112, isn't it.
you have IIS install on that computer which host FTP and you give proper permissions.
what else services are running on that compter.
you check this and letme know.
regards
Imran
you have IIS install on that computer which host FTP and you give proper permissions.
what else services are running on that compter.
you check this and letme know.
regards
Imran
While testing ensure you are trying to reach Public IP address of SMC from outside - not from your LAN (like sitting infront of your PC in the office), try to see if there is some firewall or Access lists on SMC or router or somwhere.
ASKER
Thanks, there is no security or firewall issues (including all regarding the router) the machine has a fixed IP (192.168.0.112) the ftp service is working fine and is not a IIS one It's a WS_FTP Server program, no problems with the permissions. You can connect ok to the router from outside (you can ping for example, if I let the router do that) Also I tried DMZ and if I use that the service works very well, BUT I need to use more than ony one service from outside on differents servers, that means I can only use one DMZ tunnel and well I will need many. That's why I need to use port forwarding. I asked SMC and maybe there is a router problem, but just in case I wanna know if there is a "problem" using the Domain Controller and it's DNS's configuration.
there shouldn't be a problem using your DC as an FTP server (other than it being a security risk). DNS isn't an issue if you are trying to FTP via IP, which i think you are trying to do right? Get it working by IP address first, then if you need to FTP via DNS name just create the approprate DNS records on your public DNS server.
Do following thing:
Redirect the ftp ports from your router to your ftp server and check permissions.
try to telnet from internet to your router on port 21.
telnet yourrouterip 21 / 20
and let me know.
regards,
Imran
Redirect the ftp ports from your router to your ftp server and check permissions.
try to telnet from internet to your router on port 21.
telnet yourrouterip 21 / 20
and let me know.
regards,
Imran
ASKER
Yes i get the ftp server from it's IP mike, I don't need to use a host name. From outside I have the correct DNS's entries for the router Public IP. There is no firewall restriction, by the way.
Yes I tried that too miroofi75 but I get Connect failed... (remember I can ping correctly the router public ip)
I'm going nuts I think the router has some firmware problems on that feature (forwarding).
Still asking SMC...
Yes I tried that too miroofi75 but I get Connect failed... (remember I can ping correctly the router public ip)
I'm going nuts I think the router has some firmware problems on that feature (forwarding).
Still asking SMC...
I've never used andy SMC products but if it's a relatively grown up product it will probably have the port forwarding and firewall rules as separate configurations. Obviously you need to enable the forwarding of the required ports to your internal address but does the firewall part of the router configuration allow you to specify the incoming port range i.e which port the source connection is coming from? As an outbound TCP connection can use a wide range of 'source' ports your router's firewall could be rejecting the packets if you're doing the following:
Source IP: Any
Source ports: 20-21
Subnet Mask: 255.255.255.255
Destination IP: 192.168.0.112
Destination Ports: 20-21
Subnet Mask: 255.255.255.0
Try:
Source IP: Any
Source ports: ANY
Subnet Mask: 255.255.255.255
Destination IP: 192.168.0.112
Destination Ports: 20-21
Subnet Mask: 255.255.255.0
Let us know if this helps...
Source IP: Any
Source ports: 20-21
Subnet Mask: 255.255.255.255
Destination IP: 192.168.0.112
Destination Ports: 20-21
Subnet Mask: 255.255.255.0
Try:
Source IP: Any
Source ports: ANY
Subnet Mask: 255.255.255.255
Destination IP: 192.168.0.112
Destination Ports: 20-21
Subnet Mask: 255.255.255.0
Let us know if this helps...
try in this way if it is possible; use wingate as your proxy server and goto extended network settings then port security and do as above mentioned port forwarding make sure that is not your ftp server its another machine connect to the internet. to make sure that it is only a problem of router or settings.
Let us know if this works.
regards,
Imran
Let us know if this works.
regards,
Imran
ASKER
Hello, the problem isn't on the Domain Controller configuration is just a hardware issue, the SMC router is not working property. I will change it as soon as posible. Thanks for your help anyway.
Juan.
Juan.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
FTP uses port 20 to transfer data, 21 is used for control. you need to foward 20 as well.