Re: Access internal server from public internet

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Inline

in RRAS forwarding it asks for source and destination ports, that means in
order for me to bypass server1 port 80 i would have to make the source
port
81 and map it to 80 on the internal ip. is this completly neccisary? can i
not forward a domain directly to an internal ip for access via DNS by
itself?
ie. s2.example.com:80 go directly to server2 instead of s2.example.com:81
go
to server2 port 80.

Source port= the client request port
Destination port= the server service port

for example, you can publish the service in one port (public) and internally
in a different port or viceversa.

I strongly recommend ISA server to this type of configuration.


--
I hope that the information above helps you

Good Luck
Jorge Silva
MCSA
Systems Administrator

"outsider via WinServerKB.com" <u24805@uwe> wrote in message
news:642fc70d7c664@xxxxxx
Thanks again, i took your advice, and got it to work with that
configuration
using RRAS and 'service and ports' routing via ports...
quick question:
in RRAS forwarding it asks for source and destination ports, that means in
order for me to bypass server1 port 80 i would have to make the source
port
81 and map it to 80 on the internal ip. is this completly neccisary? can i
not forward a domain directly to an internal ip for access via DNS by
itself?
ie. s2.example.com:80 go directly to server2 instead of s2.example.com:81
go
to server2 port 80.

thanks again.


Jorge Silva wrote:
Inline

I want to access server2 FROM the the internet via s2.example.com. I
only
want that subdomain routed to the internal address and back, is this a
Routing and remote access/NAT setup or strictly DNS?

- You need to create that Record (s2.example.com) on your ISP/DNS Public
provider to point to your public IPAddress (Public interface on server1).
so
when machines at public network (Internet) query the s2.example.com
they're
given the correct IpAddress.

server2 will be used for terminal server, exchange and wwwhosting
services,
so this goes beyond just port forarding because i want server1 to
continue
as
is.

- I don't recomend doing this on a DC because this represents security
issues. However is up to you, and if you want to publish www,
TS,Exchange,etc, make sure that internal NIC of the server1 is connected
to
the same network as the server2, and on the public interface (Assuming
that
you're talking about RRAS) you need to publish the needed ports to the
correct address of server2 (For instance: port 3389 TCP->(Terminal
server),;
port:25 TCP ->SMTP,etc...

Thanks guys for responding...

[quoted text clipped - 21 lines]

Thanks again,

--
Message posted via http://www.winserverkb.com



.

Relevant Pages

  • Samba over SSH
    ... I want to use PuTTY and ssh to port forward and map a samba share across the ... internet. ...
    (freebsd-questions)
  • Re: SPN creation
    ... webserver named server1. ... accounts. ... He wants to run the test website on port ... these websites also connect to sql backend ...
    (microsoft.public.windows.server.active_directory)
  • command-line reverse connection tunnel?
    ... have a machine behind a firewall that lets in only port 80, ... I need a program on SERVER1 that creates a connection to ... and SERVER1 needs to connect to itself on port 3389. ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: OpenSSH client and known_hosts
    ... Host server1 ... Port 221 ... HostKeyAlias server1 ... CheckHostIP no ...
    (SSH)
  • Re: command-line reverse connection tunnel?
    ... I need a program on SERVER1 that creates a connection to ... the connection that is created to CLIENT1 then needs to listen on ... and SERVER1 needs to connect to itself on port 3389. ...
    (Pen-Test)