NAT on Win2K3

Posted on 2009-02-16
Last Modified: 2012-08-13
I have an isue where i have an application i want to access from the public internet and i have a server setup in my DMZ.  This server in the dmz is supposed to have a few protocols running thru it and i'm having an issue with that.  All Firewall rules appear to work fine but i think that my routing issue is with the DMZ server itself.  I have two nics in it (Pub and Priv).  Both nics are setup with the default routes of the subnet they are on.  RDP traffic is supposed to go thru this server to a server on the public netowrk and get routed back thru the DMZ to the public internet.  My problem is that RDP is getting from the DMZ to the Priv network but not from the Priv network to the DMZ.  All traffic from the priv network OUT is open so there suould be no issue there.  I am trying to pass this traffic from the priv side to the pub side of the server is the DMZ and i think that's where teh problem lies.  I can telnet on port 3389 to the Priv nic but not to the pub nic.   Is there a way to do  NAT from a priv nic to a pub nic is Win2K3?  Any assiatance with this is appreciaeted
Question by:prutter
    LVL 6

    Expert Comment

    I am not sure if I understand your topology and succeeded/failed RDP connections, any simple schema/picture should be welcome.
    My imagination of your topology is:

    Private network <---> Server (gateway) <---> Internet .
    Current state:
    1. Clients from private network can normally access internet resources.
    2. Unclean for me are your sentence:
    "I can telnet on port 3389 to the Priv nic but not to the pub nic"
    In this experiment: Where is placed client ? Do you mean server port 3389 - placed on you gateway server ?
    (Or where is placed server you want to connect to ?)
    What firewall and NAT product (or built-in NAT, built-in Windows firewall ?) do you use ?
    Answer please on these questions.

    One thing which is not right are two different default gateways on your gateway server.
    Set default gateway only on public network interface - set there IP of route to internet and delete default gateway in TCP/IP of private network interface. Set default gateway equal to private network interface IP only on your client machines in private network.  


    Author Comment

    Not sure just what i wanted to type that's why so unclear. This is a security server for VMare View that sits in the DMZ.  There are only 4 ports that need to go in and out to make the connection.  Port 80 and/or 443, RDP (3389) and JMS (4001).  In troubleshooting with VMware they tell me that the 3389 has to be able to flow from the virtual desktop to the Security server.  Well, this isn't happening.  I can telnet on port 3389 to the nic on the private side but when i try to do the same on the public side i can't connect.  I was curious how i can NAT that traffic from the private side to the public side on that security server in the DMZ.  
    LVL 77

    Accepted Solution

    It is often not possible to make an outgoing connection to the public side of a router (or server acting as a router). This requires hair-pinning being supported which it is not on most routers, and may not be on server 2003. I have never tested it.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Understanding FTPS File transfer is a common requirement in most Enterprises. While there are numerous ways to get a file from Point A to Point B over a network, perhaps the most common method still in use is FTP – File Transfer Protocol. FTP is …
    Please see preceding article here: Figure 1 After Root Bridge has been elected, then what?..... Let's start by defining a Root Port in la…
    Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now