Solved

Publishing an email server behind a NAT behind a NAT

Posted on 2010-09-18
7
828 Views
Last Modified: 2013-11-16
Hello experts,

I have an internet connection over ADSL through a Linksys SOHO router. The external IP address is dynamic. The linksys internal IP address is 192.168.200.1

Behind Linksys router, there is an ISA server with two LAN interfaces. The external interface is connected to the Linksys router with IP address 192.168.200.2. The internal interface is connected to the office network and has an IP address 192.168.0.4

There are many services in the internal network 192.168.0.0 which should be published to the Internet (Like SMTP 25, IAX2 4569, RDP 3389....)

The linksys router doesn't accept port forwarding to any destination outside it's local network (192.168.200.0).

I have tried to forward some port to the ISA 192.168.200.2, and then republish the desired port through ISA, but it didn't work.

Can anybody give me a solution when there are two NAT firewalls behind each other?
0
Comment
Question by:Muhajreen
  • 4
  • 3
7 Comments
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 33708465
Why not make the ISA server the DMZ target for the linksys (just forward everything there). than make Publishing rules on the ISA server to hit your internal service providers?

But, if your getting dynamic IP from your ISP how is the incoming traffic getting to the linksys? dynDNS?
0
 

Author Comment

by:Muhajreen
ID: 33708542
I am sorry for the mistake, I am using NetGear router, not Linksys.

In NetGear, there is no DMZ option, but there is an option of forwarding ALL traffic ports. I have tried it, but didn't succeed.

I am using CustomDNS service by dyndns.org
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 33708606
do you have a laptop you can put in the place of the ISA server's external NIC, and test the port forwarding?  enable remote and try an open RDP from an outside network?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 33708614
you could also try forwarding all the ports to your mail server on a very temperary basis to see of the problem is the ISA server or the router.
0
 

Author Comment

by:Muhajreen
ID: 33708620
RDP and other services are working from external, but all traffic is forwarded to ISA server external IP 192.168.200.2. It's not being forwarded by ISA itself to the 192.168.0.0 network
0
 
LVL 16

Accepted Solution

by:
R. Andrew Koffron earned 500 total points
ID: 33708627
did you add a network for NAT from 192.168.200.2 to 192.168.0.0 ?
0
 

Author Comment

by:Muhajreen
ID: 33708669
Thank you !! I have really forgotton to add a NAT rule from 192.168.0.0 to 192.168.200.0 (I think you meant so, not from 192.168.200.2 to 192.168.0.0)

Thank you
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question