Solved

Publishing an email server behind a NAT behind a NAT

Posted on 2010-09-18
7
830 Views
Last Modified: 2013-11-16
Hello experts,

I have an internet connection over ADSL through a Linksys SOHO router. The external IP address is dynamic. The linksys internal IP address is 192.168.200.1

Behind Linksys router, there is an ISA server with two LAN interfaces. The external interface is connected to the Linksys router with IP address 192.168.200.2. The internal interface is connected to the office network and has an IP address 192.168.0.4

There are many services in the internal network 192.168.0.0 which should be published to the Internet (Like SMTP 25, IAX2 4569, RDP 3389....)

The linksys router doesn't accept port forwarding to any destination outside it's local network (192.168.200.0).

I have tried to forward some port to the ISA 192.168.200.2, and then republish the desired port through ISA, but it didn't work.

Can anybody give me a solution when there are two NAT firewalls behind each other?
0
Comment
Question by:Muhajreen
  • 4
  • 3
7 Comments
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 33708465
Why not make the ISA server the DMZ target for the linksys (just forward everything there). than make Publishing rules on the ISA server to hit your internal service providers?

But, if your getting dynamic IP from your ISP how is the incoming traffic getting to the linksys? dynDNS?
0
 

Author Comment

by:Muhajreen
ID: 33708542
I am sorry for the mistake, I am using NetGear router, not Linksys.

In NetGear, there is no DMZ option, but there is an option of forwarding ALL traffic ports. I have tried it, but didn't succeed.

I am using CustomDNS service by dyndns.org
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 33708606
do you have a laptop you can put in the place of the ISA server's external NIC, and test the port forwarding?  enable remote and try an open RDP from an outside network?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 33708614
you could also try forwarding all the ports to your mail server on a very temperary basis to see of the problem is the ISA server or the router.
0
 

Author Comment

by:Muhajreen
ID: 33708620
RDP and other services are working from external, but all traffic is forwarded to ISA server external IP 192.168.200.2. It's not being forwarded by ISA itself to the 192.168.0.0 network
0
 
LVL 16

Accepted Solution

by:
R. Andrew Koffron earned 500 total points
ID: 33708627
did you add a network for NAT from 192.168.200.2 to 192.168.0.0 ?
0
 

Author Comment

by:Muhajreen
ID: 33708669
Thank you !! I have really forgotton to add a NAT rule from 192.168.0.0 to 192.168.200.0 (I think you meant so, not from 192.168.200.2 to 192.168.0.0)

Thank you
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question