Solved

I am trying to connect to a domain controller on my lan but can't get past my router?

Posted on 2006-06-19
15
215 Views
Last Modified: 2011-10-03
I have setup a small ms 2003 domain with one dc and a linksys WRT54GS router.  The router is receiving a dynamic address from the ISP, bellsouth.  The network is 192.168.2.x with smask 255.255.255.0.  The server has a static ip and is setup as a dhcp server for the internal network.  DHCP on the router has been disabled.  The internal network is working fine and everyone can access the internet, no problem.  I have opened rdp port 3389 on the router and forwarded to the 2k3 dc.  I enabled the server to receive remote connections.  I used the public ip to attempt to connect to the dc across the internet but it always fails.  I tried the same procedure with vnc remote access but it also failed.

Understand that I am not doing this for the first time.  I have successfully performed this many times in the past.

One odd thing I noticed is that from the internal network I can log into the router from a browser using 192.168.1.1 or 192.168.2.1.  The router is configured with the 192.168.2.1 address.  Any ideas experts?

Dale
0
Comment
Question by:DaleFrazier
  • 7
  • 5
  • 3
15 Comments
 
LVL 12

Expert Comment

by:Scotty_cisco
Comment Utility
So what is your outside IP address that you are forwarding ports from to the DC on port 3389?  Are you blocking the port from outside have you configured the pinholes I think they are called?

Thanks
Scott
0
 

Author Comment

by:DaleFrazier
Comment Utility
I am using PAT on my router to translate to the servers private ip.  The outside ip is dynamicly assigned by the isp.  I determine this ip by using the website www.whatismyip.com.  I then attempt to access the server across the internet using the outside/public ip.  I have done it before many times.  Not sure what pinholes are?  Thanks and I hope I answered your question.
0
 
LVL 12

Expert Comment

by:Scotty_cisco
Comment Utility
You did in a round about sort of way.... you said your port forwarding the port and your using 3389 from the outside to inside and you said you can reach it from the outsid address and inside address when you are on the local lan?  The pinholes I am talking about are usually firewall rule sets that say I allow anyone or a host to this port on this address... not sure if it is just a port forward or what.  do you have an option for a DMZ host?  If so is it enabled could this be causing an issue?  If not then try making the server the DMZ host and see if you can get to it.

Thanks
scott
0
 

Author Comment

by:DaleFrazier
Comment Utility
When I log into the router and check the status tab I see two main sections, router info and internet.  Router info contains firmware ver, mac address, etc.  The internet section has some interesting info.  

       
       Login Type:        Automatic Configuration - DHCP                  
                        IP Address:       192.168.1.1                
                      Subnet Mask:       255.255.255.0               
                      Default Gateway:       192.168.1.254               
                        DNS 1:       192.168.1.254                
                        DNS 2:                     
                        DNS 3:                     
                               
It also has two buttons, dhcp release and dhcp renew.  These ip addresses are assigned by the isp but they are in the private range?  Is this my problem?  If so what is the work around?                                    
                 
0
 
LVL 12

Expert Comment

by:Scotty_cisco
Comment Utility
that very well could be the problem ... they are NATing the range to give you a private..... when you go out to www.whatismyip.com what do you see at the top of the page?

Thanks
Scott
0
 

Author Comment

by:DaleFrazier
Comment Utility
I see a real public ip address, 70.102.x.x.  How do I work around this issue.  Ive never had an isp do this.
0
 
LVL 12

Expert Comment

by:public
Comment Utility
You have multiple nat in the path. The Bellsouth modem is probable configured as a nat router with the 192.168.1.254 lan side ip.
If you want to simplify this, put the modem into bridge mode.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:DaleFrazier
Comment Utility
How do you do that and what is bridge mode?  Thanks Dale
0
 
LVL 12

Expert Comment

by:public
Comment Utility
>How do you do that and what is bridge mode?

It is an option in one the modem setup pages.
Bridge mode does not perform any nat, or pppoe. The modem passes all ethernet packets to your other router.
0
 

Author Comment

by:DaleFrazier
Comment Utility
Can I access the modem the same way I do the router, with a web browser?
0
 

Author Comment

by:DaleFrazier
Comment Utility
Ok Experts, you have abandoned my question!!  Why, is it to hard?  I am always generous with the points.  True you have helped me to understand the problem but not fix it.  My question is this,

HOW DO I PUT THIS WESTEL DSL MODEM IN BRIDGE MODE?  and will it screw up my internet connection?  

If you don't know, its ok, I don't either.  Thanks Dale
0
 
LVL 12

Expert Comment

by:Scotty_cisco
Comment Utility
what kind of westel modem is it .... model number also they maybe running private addresses between the CO and your home location if this is the case you may not be able to work around it (doubtful though)

Thanks
Scott
0
 

Author Comment

by:DaleFrazier
Comment Utility
Scotty,

you are right, this exactly what the CO is doing.  Is there any way that I can connect to my private network across the internet in this situation?  Thanks

Dale
0
 
LVL 12

Expert Comment

by:Scotty_cisco
Comment Utility
This complicates the process if they are doing 1 to 1 nat not a problem if they are using that and a PAT pool then there is nothing you can do.

go out to www.whatismyip.com that should give you your real IP address and then see if you open up a connection to a host on the public side of your modem and fet through.  If not they are likely doing PAT and you can beg the ISP for a routable outside address, if they refuse which many IP's would rather pound sand than do anything that may help you out; your kind of stuck.

I have only seen this in leased office space so I hope I am wrong here.

Thanks
Scott
0
 
LVL 12

Accepted Solution

by:
public earned 500 total points
Comment Utility
>HOW DO I PUT THIS WESTEL DSL MODEM IN BRIDGE MODE?  
Find the Ip of the modem, probably 192.168.1.254 from your post, and log in via a browser.
Find the config page and select bridged mode.

>and will it screw up my internet connection?  
Only if you misconfigure the Linksys pppoe.

0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now