Improve company productivity with a Business Account.Sign Up

x
?
Solved

Publishing an email server behind a NAT behind a NAT

Posted on 2010-09-18
7
Medium Priority
?
841 Views
Last Modified: 2013-11-16
Hello experts,

I have an internet connection over ADSL through a Linksys SOHO router. The external IP address is dynamic. The linksys internal IP address is 192.168.200.1

Behind Linksys router, there is an ISA server with two LAN interfaces. The external interface is connected to the Linksys router with IP address 192.168.200.2. The internal interface is connected to the office network and has an IP address 192.168.0.4

There are many services in the internal network 192.168.0.0 which should be published to the Internet (Like SMTP 25, IAX2 4569, RDP 3389....)

The linksys router doesn't accept port forwarding to any destination outside it's local network (192.168.200.0).

I have tried to forward some port to the ISA 192.168.200.2, and then republish the desired port through ISA, but it didn't work.

Can anybody give me a solution when there are two NAT firewalls behind each other?
0
Comment
Question by:Muhajreen
  • 4
  • 3
7 Comments
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 33708465
Why not make the ISA server the DMZ target for the linksys (just forward everything there). than make Publishing rules on the ISA server to hit your internal service providers?

But, if your getting dynamic IP from your ISP how is the incoming traffic getting to the linksys? dynDNS?
0
 

Author Comment

by:Muhajreen
ID: 33708542
I am sorry for the mistake, I am using NetGear router, not Linksys.

In NetGear, there is no DMZ option, but there is an option of forwarding ALL traffic ports. I have tried it, but didn't succeed.

I am using CustomDNS service by dyndns.org
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 33708606
do you have a laptop you can put in the place of the ISA server's external NIC, and test the port forwarding?  enable remote and try an open RDP from an outside network?
0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 33708614
you could also try forwarding all the ports to your mail server on a very temperary basis to see of the problem is the ISA server or the router.
0
 

Author Comment

by:Muhajreen
ID: 33708620
RDP and other services are working from external, but all traffic is forwarded to ISA server external IP 192.168.200.2. It's not being forwarded by ISA itself to the 192.168.0.0 network
0
 
LVL 16

Accepted Solution

by:
R. Andrew Koffron earned 2000 total points
ID: 33708627
did you add a network for NAT from 192.168.200.2 to 192.168.0.0 ?
0
 

Author Comment

by:Muhajreen
ID: 33708669
Thank you !! I have really forgotton to add a NAT rule from 192.168.0.0 to 192.168.200.0 (I think you meant so, not from 192.168.200.2 to 192.168.0.0)

Thank you
0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
To export Lotus Notes to Outlook PST or Exchange and Domino Server files to Exchange Server or PST files with ease, go for Kernel for Lotus Notes to Outlook conversion tool. Through the video, you can watch the conversion process. A common user with…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question