Link to home
Start Free TrialLog in
Avatar of prutter
prutter

asked on

NAT on Win2K3

I have an isue where i have an application i want to access from the public internet and i have a server setup in my DMZ.  This server in the dmz is supposed to have a few protocols running thru it and i'm having an issue with that.  All Firewall rules appear to work fine but i think that my routing issue is with the DMZ server itself.  I have two nics in it (Pub and Priv).  Both nics are setup with the default routes of the subnet they are on.  RDP traffic is supposed to go thru this server to a server on the public netowrk and get routed back thru the DMZ to the public internet.  My problem is that RDP is getting from the DMZ to the Priv network but not from the Priv network to the DMZ.  All traffic from the priv network OUT is open so there suould be no issue there.  I am trying to pass this traffic from the priv side to the pub side of the server is the DMZ and i think that's where teh problem lies.  I can telnet on port 3389 to the Priv nic but not to the pub nic.   Is there a way to do  NAT from a priv nic to a pub nic is Win2K3?  Any assiatance with this is appreciaeted
Avatar of peter41
peter41
Flag of Slovakia image
I am not sure if I understand your topology and succeeded/failed RDP connections, any simple schema/picture should be welcome.
My imagination of your topology is:

Private network <---> Server (gateway) <---> Internet .
Current state:
1. Clients from private network can normally access internet resources.
2. Unclean for me are your sentence:
"I can telnet on port 3389 to the Priv nic but not to the pub nic"
In this experiment: Where is placed client ? Do you mean server port 3389 - placed on you gateway server ?
(Or where is placed server you want to connect to ?)
What firewall and NAT product (or built-in NAT, built-in Windows firewall ?) do you use ?
Answer please on these questions.

One thing which is not right are two different default gateways on your gateway server.
Set default gateway only on public network interface - set there IP of route to internet and delete default gateway in TCP/IP of private network interface. Set default gateway equal to private network interface IP only on your client machines in private network.  

Avatar of prutter
prutter

ASKER

Not sure just what i wanted to type that's why so unclear. This is a security server for VMare View that sits in the DMZ.  There are only 4 ports that need to go in and out to make the connection.  Port 80 and/or 443, RDP (3389) and JMS (4001).  In troubleshooting with VMware they tell me that the 3389 has to be able to flow from the virtual desktop to the Security server.  Well, this isn't happening.  I can telnet on port 3389 to the nic on the private side but when i try to do the same on the public side i can't connect.  I was curious how i can NAT that traffic from the private side to the public side on that security server in the DMZ.  
ASKER CERTIFIED SOLUTION
Avatar of Rob Williams
Rob Williams
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial