Link to home
Start Free TrialLog in
Avatar of stevendawson
stevendawson

asked on

How can I access this other server from web?

HI,

I have an SBS box (not ISA Server version) with 2 NIC's External is 192.168.1.200 (router on 192.168.1.1) Internal 192.168.16.1. I should say right now everthing works fine on this box including all remote access:-) This company have just had a VOIP telephone system installed which needs access on port 4000 through to the VOIP server on 192.168.16.201 (which has been set as static).

They have a single static IP address from the web so when a request comes in on port 4000 how do I get it directly through to that VOIP server? I have allowed access through the Broadband Router on port 4000 to the SBS box on 192.168.1.200, I have re run the internet connection wizard and opened port 4000, but I guess the part missing is to tell SBS, send port 4000 requests to 192.168.1.200

Can anybody help?

Thanks

Steve
Avatar of Coolie Sheppard
Coolie Sheppard
Flag of United States of America image

Normally if you need to access a server from the web, you'll need a public IP address.  Then in your firewall, do a one to one NAT and direct traffic to the private IP address.


Hope that helps some.
Avatar of bluetab
bluetab

What you need to do is configure the broadband router to forward port 4000 to 192.168.1.201 (VOIP server).  

When you configure the router you want to tell it to forward traffic to specific servers.  You don't want to foward everything to the SBS server and then have the SBS server forward the traffic.  If you were doing this you would need ISA Server on the SBS box.  
Avatar of stevendawson

ASKER

Thanks for the input, I only have a single static IP web facing and of course I dont want the internal network opened any further than neccesary. As the NIC on the SBS is the connection to the router and on 192.168.1. range, then configuring a port forward is not directly possible as the internal network is on 192.168.16 range which is why I figured it needs to somehow pass through SBS?

Any further thoughts?

Steve
If your VOIP server has an IP of 192.168.1.201 then you would need to plug that directly into your Router.

Have you not done that?

Jeff
TechSoEasy
Hi Jeff, The VOIP server has an IP of 192.168.16.201 as it is on the internal network (otherwise the phones wont work at all.) and with the SBS having 2 NIC cards, thats where I'm stumped.
Sorry... it's easy to get confused when you don't provide a complete IPCONFIG /ALL.  Please do that so we can see what's what.

Jeff
TechSoEasy
Hi Jeff,

domain name changed to example

Thanks


Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . :example-SERVER
   Primary Dns Suffix  . . . . . . . : example.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : example.local

Ethernet adapter Server Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 PT Server Adapter
   Physical Address. . . . . . . . . : 00-15-17-37-D8-B0
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.16.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.16.2
   Primary WINS Server . . . . . . . : 192.168.16.2

Ethernet adapter Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-18-8B-FD-65-E9
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.200
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.16.2
   Primary WINS Server . . . . . . . : 192.168.16.2
   NetBIOS over Tcpip. . . . . . . . : Disabled

C:\Documents and Settings\Administrator>
Okay... first you need to remove the WINS Server IP (192.168.16.2) from your External NIC.  This isn't related to your question, but it will cause other problems if you keep it there.  After removing that, rerun the CEICW to get the settings up-to-date with that.

Then... for your VOIP System...

If you need port 4000 forwarded to a specific IP within your LAN, you first need to forward it in your router from 192.168.1.1 to 192.168.1.200.

Then, to get it to 192.168.16.201, you need to do the following:
Open the Server Management Console > Advanced Management > Computer Management > Services and Applications > Routing and Remote Access > IP Routing > NAT/Basic Firewall > RIGHT Click on the External NIC > Properties>  Services and Ports tab.

Then just add your VOIP and it's IP/port just as you would on your router (since RRAS is just another router NAT device).  ie, enter port 4000 pointing to 192.168.16.201.

Jeff
TechSoEasy
Hi Jeff,

I changed the External NIC as per your reccomendation. Then I reran the CEICW, does this look ok to you now?

   Host Name . . . . . . . . . . . . : example-SERVER
   Primary Dns Suffix  . . . . . . . : example.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : example.local

Ethernet adapter Server Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 PT Server Adapter
   Physical Address. . . . . . . . . : 00-15-17-37-D8-B0
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.16.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.16.2
   Primary WINS Server . . . . . . . : 192.168.16.2

Ethernet adapter Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-18-8B-FD-65-E9
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.200
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.16.2
   NetBIOS over Tcpip. . . . . . . . : Disabled

C:\Documents and Settings\Administrator>

I then followed your information but I still dont seem to have access:-(
I am 100% confident the router is forwarding port 4000 to the SBS on 192.168.1.200

Then I did this...

Open the Server Management Console > Advanced Management > Computer Management > Services and Applications > Routing and Remote Access > IP Routing > NAT/Basic Firewall > 

FYI, In here I can see

Server local Area Connection
Network Connection
Loopback
Internal

Then you said...

RIGHT Click on the External NIC > Properties>  Services and Ports tab.

So Im doing that on the one labeled as "Network Connection" I have added the port forward to 192.168.16.201, 400 IN and 4000 out.

All that and it doesnt't work. Am I maybe missing something?

One other thing, on the  NAT/Basic Firewall >  page - Incoming packets rejected says Zero. Is that any sort of clue that things are not reaching that?

Thanks again

Steve




I would assume Network Connection is the correct one to configure.  I'll also assume that you made a typo above and you meant to say "4000 IN" instead of "400 IN".

Are you confident that your VOIP server is in fact set to 192.168.16.201?  Generally a DHCP reservation is the best way to accomplish this.

"One other thing, on the  NAT/Basic Firewall >  page - Incoming packets rejected says Zero. Is that any sort of clue that things are not reaching that?"

Inbound Packets Rejected should say Zero... you don't want any packets rejected you want them translated.

I would suggest that after checking the above, you rerun the CEICW and make sure that the "Firewall is enabled"  although it won't show your VOIP setting because settings made in the CEICW can only be set to 127.0.0.1, not other servers.

Then, reboot everything and see if it's working.

You might also check with the VOIP company to make sure that the NIC's you are using have the proper protocols installed and are capable of handling the VOIP traffic.

Jeff
TechSoEasy
Hi Jeff,

Yes I did make a typo, yes I am confident the VOIP servers IP is 192.168.16.201 because I can access it via web browser on that IP when I am logged into the SBS box remotely. there is also a port tester utility which I ran from the SBS server and test port 4000 on the VOIP server. It test as all OK.

I ran the wizard again and rebooted but it is the same. Could it be anything to do with the Nat/Basic settings tab?

I also noticed that when I right click and "show mappings" on the connection I do not see that port that I added in the list. Its definately in the services & ports tab and its ticked.

Any other thoughts.

Steve
ASKER CERTIFIED SOLUTION
Avatar of Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks Jeff, I will give this a look and get back to you.

Steve