NAT on Win2K3

Posted on 2009-02-16
Medium Priority
Last Modified: 2012-08-13
I have an isue where i have an application i want to access from the public internet and i have a server setup in my DMZ.  This server in the dmz is supposed to have a few protocols running thru it and i'm having an issue with that.  All Firewall rules appear to work fine but i think that my routing issue is with the DMZ server itself.  I have two nics in it (Pub and Priv).  Both nics are setup with the default routes of the subnet they are on.  RDP traffic is supposed to go thru this server to a server on the public netowrk and get routed back thru the DMZ to the public internet.  My problem is that RDP is getting from the DMZ to the Priv network but not from the Priv network to the DMZ.  All traffic from the priv network OUT is open so there suould be no issue there.  I am trying to pass this traffic from the priv side to the pub side of the server is the DMZ and i think that's where teh problem lies.  I can telnet on port 3389 to the Priv nic but not to the pub nic.   Is there a way to do  NAT from a priv nic to a pub nic is Win2K3?  Any assiatance with this is appreciaeted
Question by:prutter

Expert Comment

ID: 23657492
I am not sure if I understand your topology and succeeded/failed RDP connections, any simple schema/picture should be welcome.
My imagination of your topology is:

Private network <---> Server (gateway) <---> Internet .
Current state:
1. Clients from private network can normally access internet resources.
2. Unclean for me are your sentence:
"I can telnet on port 3389 to the Priv nic but not to the pub nic"
In this experiment: Where is placed client ? Do you mean server port 3389 - placed on you gateway server ?
(Or where is placed server you want to connect to ?)
What firewall and NAT product (or built-in NAT, built-in Windows firewall ?) do you use ?
Answer please on these questions.

One thing which is not right are two different default gateways on your gateway server.
Set default gateway only on public network interface - set there IP of route to internet and delete default gateway in TCP/IP of private network interface. Set default gateway equal to private network interface IP only on your client machines in private network.  


Author Comment

ID: 23659527
Not sure just what i wanted to type that's why so unclear. This is a security server for VMare View that sits in the DMZ.  There are only 4 ports that need to go in and out to make the connection.  Port 80 and/or 443, RDP (3389) and JMS (4001).  In troubleshooting with VMware they tell me that the 3389 has to be able to flow from the virtual desktop to the Security server.  Well, this isn't happening.  I can telnet on port 3389 to the nic on the private side but when i try to do the same on the public side i can't connect.  I was curious how i can NAT that traffic from the private side to the public side on that security server in the DMZ.  
LVL 78

Accepted Solution

Rob Williams earned 250 total points
ID: 23662444
It is often not possible to make an outgoing connection to the public side of a router (or server acting as a router). This requires hair-pinning being supported which it is not on most routers, and may not be on server 2003. I have never tested it.

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSL is a very common protocol used these days when browsing the web.  The purpose is to provide security to communication, but how does it do it?  There are several pieces at work that have to be setup before SSL will even work and it requires both …
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses
Course of the Month14 days, 15 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question