Solved

Publishing an email server behind a NAT behind a NAT

Posted on 2010-09-18
7
833 Views
Last Modified: 2013-11-16
Hello experts,

I have an internet connection over ADSL through a Linksys SOHO router. The external IP address is dynamic. The linksys internal IP address is 192.168.200.1

Behind Linksys router, there is an ISA server with two LAN interfaces. The external interface is connected to the Linksys router with IP address 192.168.200.2. The internal interface is connected to the office network and has an IP address 192.168.0.4

There are many services in the internal network 192.168.0.0 which should be published to the Internet (Like SMTP 25, IAX2 4569, RDP 3389....)

The linksys router doesn't accept port forwarding to any destination outside it's local network (192.168.200.0).

I have tried to forward some port to the ISA 192.168.200.2, and then republish the desired port through ISA, but it didn't work.

Can anybody give me a solution when there are two NAT firewalls behind each other?
0
Comment
Question by:Muhajreen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 33708465
Why not make the ISA server the DMZ target for the linksys (just forward everything there). than make Publishing rules on the ISA server to hit your internal service providers?

But, if your getting dynamic IP from your ISP how is the incoming traffic getting to the linksys? dynDNS?
0
 

Author Comment

by:Muhajreen
ID: 33708542
I am sorry for the mistake, I am using NetGear router, not Linksys.

In NetGear, there is no DMZ option, but there is an option of forwarding ALL traffic ports. I have tried it, but didn't succeed.

I am using CustomDNS service by dyndns.org
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 33708606
do you have a laptop you can put in the place of the ISA server's external NIC, and test the port forwarding?  enable remote and try an open RDP from an outside network?
0
Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 33708614
you could also try forwarding all the ports to your mail server on a very temperary basis to see of the problem is the ISA server or the router.
0
 

Author Comment

by:Muhajreen
ID: 33708620
RDP and other services are working from external, but all traffic is forwarded to ISA server external IP 192.168.200.2. It's not being forwarded by ISA itself to the 192.168.0.0 network
0
 
LVL 16

Accepted Solution

by:
R. Andrew Koffron earned 500 total points
ID: 33708627
did you add a network for NAT from 192.168.200.2 to 192.168.0.0 ?
0
 

Author Comment

by:Muhajreen
ID: 33708669
Thank you !! I have really forgotton to add a NAT rule from 192.168.0.0 to 192.168.200.0 (I think you meant so, not from 192.168.200.2 to 192.168.0.0)

Thank you
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question