Sonicwall public server setup

Either I've lost my mind, forgot an important step, or my sonicwall has an issue.

We are playing around with RD web access. We want to put it on port 9090. Setup in sonicwall should be simple;

1) Create a service object tcp port 9090 in sonicwall (RD-WEB 9090)
2) Run the public server wizard and select the custom service we just created
3) Specify the internal IP of the VM 10.8.10.30
4) Viola we're done

Except it doesnt work. Cant detect port 9090 being open. Ran netstat to make sure it wasnt in use.

Strage part, sonicwall shows limited traffic on the rule that references the port. I thought it was a windows firewall problem, but even with the firwall turned off, we get the same result.

Did I miss something?
kassant7Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David AtkinTechnical DirectorCommented:
Are you opening a port or doing a port redirection from 9090 to 3389?

If the wizard isn't working then I would do it manually.

If you've just opened the port then have you changed the RDP port on the VM?
0
masnrockCommented:
Is the port open on the VM? And if so, is it using port 9090? Most likely, you've forgotten to make sure 9090 is the port to be used on the VM.. Sonicwall by default assumes that the host is using the same port you're opening up.
0
kassant7Author Commented:
We set the remote app to port 9090.

I know RDC is on 3389 and I "assumed" by changing the settings of remote app, we wouldn't have to change the actual RDC port.

Sounds like you are saying remote app uses the same port that RDC uses correct?

Furthermore, even if remote app wasnt working, we should still see port 9090 as being open from the machine. I use a site http://yougetsignal.com/tools/open-ports/ and it says 9090 is closed.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

masnrockCommented:
Your test means that no connection was successfully made to anything. But that could be a firewall blocking (which you've already opened), or a server misconfiguration. Can you visit the site from a machine internally using port 9090? If not, then we need to check to see if there are other ports that need to be utilized, or a different setting to be tweaked.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kassant7Author Commented:
I checked yougetsignal from the machine. The internet works normally from the VM.

As another test i created another port forward for port 90 to the same VM and doesnt show as open either.

I thought maybe the sonicwall was showing the ports as closed even though they were indeed open, so i tested from another VM that is running a web program on port 5151 and it shows open.

It is almost as if sonicwall doesn't like the internal IP of the server. I wonder if we've used that ip in the past and sonicwall is somehow gummed up.

I will change the IP of the VM and test again. Try to pick something different.

Could I use something like wireshark to trace the traffic? I have 0 experience with it, but i hear its great for things like this.
0
masnrockCommented:
You did not specify trying to visit from another  machine behind the sonicwall. Have you tried that?
0
masnrockCommented:
Also look at your existing rules. Check for conflicts.
0
kassant7Author Commented:
I didnt try from another machine on the lan. I am going to break out angry ip Scanner and see if the ports are really open or if the firewall is being a A$$.
0
kassant7Author Commented:
So it seems even though the rule is in there, the port is not open.

Even with the firewall turned off for private, the port is not open (or any of the other 65K ports)

How do you open ports on 2008R2 if not by turnning off the firewall?
0
masnrockCommented:
If the firewall is off, the port has to be open. Have you tried any connections from the lan?
0
kassant7Author Commented:
Well even with the firewall off the port was not open. Even with the service disabled port 9090 was not open.

With the firewall service disabled the port scan revealed a few open ports, just not 9090. 6009 was open. Netstat said it wasnt in use so I made a windows firewall exception for 6009, then turned the windows firewall back on.

Then i went to sonicwall and changed the server object port to 6009 and now it shows open.

WTH. I remember why i never liked the windows firewall. What a joke. Off isnt off.

Curse you M$!

I wasted a few hours on this. Still begs the question of why off is not off. Next time I will turn off the firewall, and do a lan port scan before we chose a port to use.

Angry ip scnnaer took 30+ minutes to do a scan of port 1-65000, is there something that is faster to use?

I tried advanced port scanner 1.3 but it crashed twice. Something portable would be preferable.
0
David AtkinTechnical DirectorCommented:
Angry IP Scanner is the one I would use as well.

It sounds like you need to check your RDP configuration.  If the VM isn't answering on port 9090 with no firewall on then it generally means nothing is listening for the port.
0
kassant7Author Commented:
Even if nothing was listing, it would still show open, right?

For now I will just use ports that show open with the firewall off until I run out, or have a better solution.

Thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.