morten444
asked on
Can not use our external IP from LAN. Work fine from WAN
Hi
I have an odd problem that I can not resolve.
For the sake of demonstration I use example IP addresses (not the real ones)
We have 2 terminal Servers behind a router and proxy server.
Terminal Server 1 has the proxy software program installed. It has 2 netcard. one to the router and one to Lan. The proxy program is setup with port forwarding and filtering for the students internet.
Terminal Server 2 is totally behind the Proxy with 1 netcard. All comunication goes through Terminal Server 1's proxy.
On Lan everyone can access Terminal Server 1 and 2 using IP or Domain Name. This is working as it should.
For all the teachers, I have given our External IP so they can access the Terminal Servers from home. This is also working fine. Router has been setup to forward port coms for the 2 servers to our Proxy Server. Proxy server then forward one port to itself and one to terminal server2.
All happy, all working
Here is the problem.
When the teachers come to school, they sit on LAN and try to connect using External IP. Now it does not work. I am working with several schools and no problems else where.
We want to get this to work so the teachers do not have to change their settings based on if at home or on schools LAN.
Does anyone have an idea why I can not sit on Lan using my WAN ip to connect via RDP?
I was thinking if its possible for me to write something into local DNS Server (that all are using) so when writing WAN ip or domain name it can do the lookup on our own DNS and then connect straight away. Can this be done? If Yes can someone explain howto?
if not how to I go ahead trouble shooting this?
Kind regards
Morten
I have an odd problem that I can not resolve.
For the sake of demonstration I use example IP addresses (not the real ones)
We have 2 terminal Servers behind a router and proxy server.
Terminal Server 1 has the proxy software program installed. It has 2 netcard. one to the router and one to Lan. The proxy program is setup with port forwarding and filtering for the students internet.
Terminal Server 2 is totally behind the Proxy with 1 netcard. All comunication goes through Terminal Server 1's proxy.
On Lan everyone can access Terminal Server 1 and 2 using IP or Domain Name. This is working as it should.
For all the teachers, I have given our External IP so they can access the Terminal Servers from home. This is also working fine. Router has been setup to forward port coms for the 2 servers to our Proxy Server. Proxy server then forward one port to itself and one to terminal server2.
All happy, all working
Here is the problem.
When the teachers come to school, they sit on LAN and try to connect using External IP. Now it does not work. I am working with several schools and no problems else where.
We want to get this to work so the teachers do not have to change their settings based on if at home or on schools LAN.
Does anyone have an idea why I can not sit on Lan using my WAN ip to connect via RDP?
I was thinking if its possible for me to write something into local DNS Server (that all are using) so when writing WAN ip or domain name it can do the lookup on our own DNS and then connect straight away. Can this be done? If Yes can someone explain howto?
if not how to I go ahead trouble shooting this?
Kind regards
Morten
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I assume you use proxy 1 to port forward remote.domain.com:3390 to Terminal Server 2, or you have a router that do that?
When the teachers come back to school. Do they have problem accessing both terminal servers, or just Terminal Server 2?
When the teachers come back to school. Do they have problem accessing both terminal servers, or just Terminal Server 2?
> is it possible to set them bouth up in local DNS or only the defailt where no need to enter port number?
No sorry, DNS doesn't deal with Port Numbers I'm afraid.
Chris
ASKER
Hi
Thanks for your answer. It works with using domain name. regarding port numbers.. I will try to forward to proxy and let this do the job with forwarding.
Thanks for your help
Thanks for your answer. It works with using domain name. regarding port numbers.. I will try to forward to proxy and let this do the job with forwarding.
Thanks for your help
> Does anyone have an idea why I can not sit on Lan using my WAN ip to connect via RDP?
If you do not get ping replies from the external ip address of router from LAN, then it is the problem with the type or router and the way it is handling that type of packets. It happens because when a ping request is made on the external ip of router using a computer on LAN, the router looks at the received packet and replies to the internal computer of LAN. BUT what happens is that, this time the sender address on the reply packet from the router is the INTERNAL IP ADDRESS of the router(as it was received from the inner side of the LAN), whereas the internal computer which made the ping requests is expecting reply from the EXTERNAL IP ADDRESS (as ping was made on this address). So the internal computer discards all replies received from the INTERNAL IP ADDRESS of the router and keeps on waiting for a reply from the EXTERNAL IP ADDRESS, which is not received.
My router intelligently handles this type of traffic and doesnt suffer from this drawback.
If you do not get ping replies from the external ip address of router from LAN, then it is the problem with the type or router and the way it is handling that type of packets. It happens because when a ping request is made on the external ip of router using a computer on LAN, the router looks at the received packet and replies to the internal computer of LAN. BUT what happens is that, this time the sender address on the reply packet from the router is the INTERNAL IP ADDRESS of the router(as it was received from the inner side of the LAN), whereas the internal computer which made the ping requests is expecting reply from the EXTERNAL IP ADDRESS (as ping was made on this address). So the internal computer discards all replies received from the INTERNAL IP ADDRESS of the router and keeps on waiting for a reply from the EXTERNAL IP ADDRESS, which is not received.
My router intelligently handles this type of traffic and doesnt suffer from this drawback.
ASKER
Thanks for answer.
Yes I was looking for something like this.
I actually have a domain name. (will use fiktive here for the sake of the example)
I have 2 Terminal Server
One connects on "remote.domain.com" (port 3389 as default)
The other connects on "remote.domain.com:3390"
is it possible to set them bouth up in local DNS or only the defailt where no need to enter port number?
Kind Regards
Morten