Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 883
  • Last Modified:

Port forwarding in windows server 2008

Ok, i have a linksys router in front of a windows server 2008 machine. My router has a dozen slots for port forwarding. I don't like managing it within my router.
 

I want to use server as a DMZ pushing all of the ports coming into my router to my server 2008 machine. I can set this up through my router.

 At that point I would like to reroute all of the ports to the desired ip's through a windows server 2008 interface.

My questions:

Can I do this?
If so what roles do i need to have installed and where can i find the options for configuration?

Are there any security issues i should be aware of when dealing this this type of configuration?
0
talker2004
Asked:
talker2004
  • 3
  • 3
1 Solution
 
tigermattCommented:

You'd need your server to act as a 'router' in order for you to do this. It will need 2 NICs - one connected to the router and the other connected to the LAN. All traffic would pass through the server between the network and Internet.

If the server meets these requirements you'd have to install the Network Policy and Access Services role (the Routing and Remote Access Sub-Role, in particular) and configure it such that the server can act as a router.

In general, I would not consider using any server as my only firewall unless it was a dedicated server which was just acting as a gateway. If this is a DC or any other remotely critical server, don't set it up in this fashion, since a software firewall is generally considered much less secure than a hardware firewall. I'd only ever consider running ISA Server as an enterprise software firewall - and not the usual Server 2008 firewall.

-Matt
0
 
talker2004Author Commented:
I do have two nics, but i am not ready to compromise my security nor require all traffic to go through my server.  

Really I am a software developer who is tinkering with hyper-v to get myself experience with network administrative tasks.

So is the routing and remote access role the same role required to setup a vpn? The vpn should not require me to push all traffic through the server right?
0
 
tigermattCommented:

Yes - RRAS is the same role service as is required for VPN. A VPN Server can run on a single NIC - this is how I have my VPN server configured and it works well.

I really would not use your server as a router for your network if it will not be a dedicated box, as it just adds unnecessary confusion, complications and detriments your network's security.

-Matt
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
talker2004Author Commented:
Right, it's a vm and i am going to stick to the router for the port forwarding aspect, even though the vm is a dhcp server. I do have a need for a vpn as well. This way when i am outside of the network I will be able to connect to applications on my server, this will help me to connect to services outside of my network which I would not want to expose to the world. Like Hyper-v manager and a few other services.

One more question, when i get connected to the VPN from outside, will I also be able to access other machines behind my private network?

I have setup a vpn before, but all the times I did it it was between two hardware devices. Netgear FVS318 / PIX 501 are the ones i have the most experience with.
0
 
tigermattCommented:

If you use RRAS for a VPN then you can certainly still access devices at the far end. I VPN into many of my client's servers all the time, but then use VNC directly from my desktop to connect to their workstations. You're not limited to talking to the server and only the server when you initiate a VPN connection.

-Matt
0
 
talker2004Author Commented:
tigermatt, thanks so much.

Also sorry about the other post for the mac address stuff, you deserved the points for that one too. I jumped to quick to issue the points on that one.
0

Featured Post

Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now