Link to home
Start Free TrialLog in
Avatar of tim95030
tim95030

asked on

Trouble setting up a NAT within my private network

I currently have a configuration as such:

                                        Internet
                                             |
                                   SOHO Firewall
                                             |
       Server (Public IP and private ip of 192.168.10.3)
             /                                                         \
    Database1 (192.168.10.1)         Database2 (192.168.10.2)

So, what I have is the webserver connected to the internet and it is also connected to a private network(192.168.10.*) with two database server. The database servers are connected this way to keep them off the internet for security. Currently we use RDP to connect to the web server then RDP to either database which all works fine, but now we have a new Client who needs access to one of the Databases, but we do not want to give them access to the server or the other database. My thought on this was to use a NAT on the server so that when they RDP to say (1.1.1.1:9000) it would nat to the server. I searched around and found out how to enable routing to do this on windows server 2003, but when I enabled the routing my website and all other services went down.

My question is how can I setup this NAT without touching any other ports I want everything to remain as is I just want port 9000 forwarded or NATed to 192.168.10.1.
Avatar of dynamixone
dynamixone

i may be reading it wrong, but you cannot have a public IP of 192.168.x.x

NAT is simply creating a static route for a specifc port or service to a private interal IP
Avatar of tim95030

ASKER

I didn't list the public IP for security. 192.168.10.* is the internal private ip there is another router on the backend I believe its remotely hosted so I am not sure exactly on that. But basically I want to use the Server as a NAT router which I know it can do I, but when I did that it stopped all the ports and took my site offline. I need it to only NAT the one port and not do anything to the other ports.
To clarify it further  the server has multiple ip addresses including several public ip addresses and a single private ip address (192.168.10.3) When I enabled Routing via right clicking the server in the RRAS management window I lost external access to my website, and all other services. So, what I need to know is what I need to do to setup the NAT without losing all the other services.

I used this website for setup:

 http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html

I did what it said and the NAT worked, but the website and everything else stopped working.
you have to insure now that you have NAT, that all needed ports are open. such as port 80 for the website.
I guess what I was really interested in knowing is if there is a way I can set a default that stays on the server and then just set the one NAT.
I am not understanding you... Please elaborate.

1. If I might ask what database server are you running mssql or mysql?
2. Do they need access to just the database or to the whole server?
3. What Firewall are you using?

I will give you an example. 246.128.11.211 -------------------> 192.168.15.11 port or service which ever is called on your firewall 1433 to connect to MSSQL. There lock it down from a sql perspective you don't have to give them rights on the domain.
 
This article you just put up is basically so clients can share the same internet for sending out.

http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html

This would be internally not externally.
Yea so as mentioned what that article says didn't help me. i can't do it through the firewall as the firewall is only connected to the server the databases are separate computer that are connected to the server but not directly to the firewall. I just need to forward the port to the private server essentially making an external tunnel.  I want it so that I can RDP to  "ServerIP:9000" and the server will recieve the packets and forward them to the 192.168.10.1 computer which is accessible to the server but not directly to the internet. How do I do that?


ASKER CERTIFIED SOLUTION
Avatar of tim95030
tim95030

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I am glad you figured it out.