We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

NAT on Win2K3

Medium Priority
320 Views
Last Modified: 2012-08-13
I have an isue where i have an application i want to access from the public internet and i have a server setup in my DMZ.  This server in the dmz is supposed to have a few protocols running thru it and i'm having an issue with that.  All Firewall rules appear to work fine but i think that my routing issue is with the DMZ server itself.  I have two nics in it (Pub and Priv).  Both nics are setup with the default routes of the subnet they are on.  RDP traffic is supposed to go thru this server to a server on the public netowrk and get routed back thru the DMZ to the public internet.  My problem is that RDP is getting from the DMZ to the Priv network but not from the Priv network to the DMZ.  All traffic from the priv network OUT is open so there suould be no issue there.  I am trying to pass this traffic from the priv side to the pub side of the server is the DMZ and i think that's where teh problem lies.  I can telnet on port 3389 to the Priv nic but not to the pub nic.   Is there a way to do  NAT from a priv nic to a pub nic is Win2K3?  Any assiatance with this is appreciaeted
Comment
Watch Question

Commented:
I am not sure if I understand your topology and succeeded/failed RDP connections, any simple schema/picture should be welcome.
My imagination of your topology is:

Private network <---> Server (gateway) <---> Internet .
Current state:
1. Clients from private network can normally access internet resources.
2. Unclean for me are your sentence:
"I can telnet on port 3389 to the Priv nic but not to the pub nic"
In this experiment: Where is placed client ? Do you mean server port 3389 - placed on you gateway server ?
(Or where is placed server you want to connect to ?)
What firewall and NAT product (or built-in NAT, built-in Windows firewall ?) do you use ?
Answer please on these questions.

One thing which is not right are two different default gateways on your gateway server.
Set default gateway only on public network interface - set there IP of route to internet and delete default gateway in TCP/IP of private network interface. Set default gateway equal to private network interface IP only on your client machines in private network.  

Author

Commented:
Not sure just what i wanted to type that's why so unclear. This is a security server for VMare View that sits in the DMZ.  There are only 4 ports that need to go in and out to make the connection.  Port 80 and/or 443, RDP (3389) and JMS (4001).  In troubleshooting with VMware they tell me that the 3389 has to be able to flow from the virtual desktop to the Security server.  Well, this isn't happening.  I can telnet on port 3389 to the nic on the private side but when i try to do the same on the public side i can't connect.  I was curious how i can NAT that traffic from the private side to the public side on that security server in the DMZ.  
CERTIFIED EXPERT
Top Expert 2013
Commented:
It is often not possible to make an outgoing connection to the public side of a router (or server acting as a router). This requires hair-pinning being supported which it is not on most routers, and may not be on server 2003. I have never tested it.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.