Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 839
  • Last Modified:

Publishing an email server behind a NAT behind a NAT

Hello experts,

I have an internet connection over ADSL through a Linksys SOHO router. The external IP address is dynamic. The linksys internal IP address is 192.168.200.1

Behind Linksys router, there is an ISA server with two LAN interfaces. The external interface is connected to the Linksys router with IP address 192.168.200.2. The internal interface is connected to the office network and has an IP address 192.168.0.4

There are many services in the internal network 192.168.0.0 which should be published to the Internet (Like SMTP 25, IAX2 4569, RDP 3389....)

The linksys router doesn't accept port forwarding to any destination outside it's local network (192.168.200.0).

I have tried to forward some port to the ISA 192.168.200.2, and then republish the desired port through ISA, but it didn't work.

Can anybody give me a solution when there are two NAT firewalls behind each other?
0
Muhajreen
Asked:
Muhajreen
  • 4
  • 3
1 Solution
 
R. Andrew KoffronCommented:
Why not make the ISA server the DMZ target for the linksys (just forward everything there). than make Publishing rules on the ISA server to hit your internal service providers?

But, if your getting dynamic IP from your ISP how is the incoming traffic getting to the linksys? dynDNS?
0
 
MuhajreenAuthor Commented:
I am sorry for the mistake, I am using NetGear router, not Linksys.

In NetGear, there is no DMZ option, but there is an option of forwarding ALL traffic ports. I have tried it, but didn't succeed.

I am using CustomDNS service by dyndns.org
0
 
R. Andrew KoffronCommented:
do you have a laptop you can put in the place of the ISA server's external NIC, and test the port forwarding?  enable remote and try an open RDP from an outside network?
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
R. Andrew KoffronCommented:
you could also try forwarding all the ports to your mail server on a very temperary basis to see of the problem is the ISA server or the router.
0
 
MuhajreenAuthor Commented:
RDP and other services are working from external, but all traffic is forwarded to ISA server external IP 192.168.200.2. It's not being forwarded by ISA itself to the 192.168.0.0 network
0
 
R. Andrew KoffronCommented:
did you add a network for NAT from 192.168.200.2 to 192.168.0.0 ?
0
 
MuhajreenAuthor Commented:
Thank you !! I have really forgotton to add a NAT rule from 192.168.0.0 to 192.168.200.0 (I think you meant so, not from 192.168.200.2 to 192.168.0.0)

Thank you
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now