Newbie: NAT Entries with DHCP

We have a SBS 2003 server with 2 network interface (router and switch)
and it handles DHCP, DNS and Internet connectivity. All clients are
using the internet nicely and everything is working fine. But it seems
that any ports which are not the usual (80, 21, etc.) do not get routed
correctly to client computers. I tried to manually add NAT entries to
the external network interface but it asks for the client IP address
which should be assigned through DHCP. In my tests I assigned a static
IP address to one client PC and added an entry in NAT for the needed
port and IP. It worked exactly like I expected. But how can I allow
this port for all clients without having to assign static IPs. For
example, how can I allow port 4383 to be routed correctly to all client
computers that communicate through it?

"shadysamir" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> We have a SBS 2003 server with 2 network interface (router and switch)
> and it handles DHCP, DNS and Internet connectivity. All clients are
> using the internet nicely and everything is working fine. But it seems
> that any ports which are not the usual (80, 21, etc.) do not get routed
> correctly to client computers.

Ports meaning what, exactly? And why would you want to open those up *to*
the client computers?

> I tried to manually add NAT entries to
> the external network interface but it asks for the client IP address
> which should be assigned through DHCP. In my tests I assigned a static
> IP address to one client PC and added an entry in NAT for the needed
> port and IP. It worked exactly like I expected. But how can I allow
> this port for all clients without having to assign static IPs. For
> example, how can I allow port 4383 to be routed correctly to all client
> computers that communicate through it?

I'm confused as to what you're trying to do - you can't do port forwarding
to more than one IP address/host and expect all of them to work. What
exactly is it you're trying to accomplish, exactly?

"shadysamir" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> We have a SBS 2003 server with 2 network interface (router and switch)
> and it handles DHCP, DNS and Internet connectivity. All clients are
> using the internet nicely and everything is working fine. But it seems
> that any ports which are not the usual (80, 21, etc.) do not get routed
> correctly to client computers. I tried to manually add NAT entries to
> the external network interface but it asks for the client IP address
> which should be assigned through DHCP.

I think you are misunderstanding what is even supposed to happen. What you
did isn't "NAT", it is "Static-NAT" (aka Reverse-NAT) and is used to
"publish" server that are behind the NAT Device to the Internet,...which is
not what you are supposed to be doing.

What does "do not get routed correctly to client computers" mean? You are
not "routing" anything,..routing means something specific and this is not
it. Clients are *not* supposed to be accessable from the outside
Internet,...that is the whole point of protecting them behind a NAT Server.
You can make specific Services available to the Internet from the inside
(via Static-NAT), but that has nothing to do with Clients.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------

Hello Shady,

Let me try and restate the problem and offer a solution.

You have a NAT used for connection to the outside world. It happens to be
running on SBS2003.

You have a "router" that connects to the outside world.

Clients resolve and connect to HTTP sites and FTP sites.

You can not get internal clients to connect to a service that runs on port
4383 (which is not registered with the IANA in any way so I don't what
service it is, though I know cryptoheaven uses this port).

External systems do not need to com into your network to access local
resources.

Answer:
NAT entries, as you described them are not the answer. Pull out the mapping.

There are filters here. Either filters on the interfaces of the NAT(not
likely) or filters on your "router".

I placed the word router in quotes because most networks do not have
routers, they have firewall/NATs. Which means your server running NAT adds
defensive depth, but probably doesn't have to do the NATing.

I would place good money on the "router". If it was set up correctly it will
have rules on what kinds of traffic to let in and out. This one sounds like
it was set in a very draconian manner (fun link
http://en.wikipedia.org/wiki/Draco).

"shadysamir" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> We have a SBS 2003 server with 2 network interface (router and switch)
> and it handles DHCP, DNS and Internet connectivity. All clients are
> using the internet nicely and everything is working fine. But it seems
> that any ports which are not the usual (80, 21, etc.) do not get routed
> correctly to client computers. I tried to manually add NAT entries to
> the external network interface but it asks for the client IP address
> which should be assigned through DHCP. In my tests I assigned a static
> IP address to one client PC and added an entry in NAT for the needed
> port and IP. It worked exactly like I expected. But how can I allow
> this port for all clients without having to assign static IPs. For
> example, how can I allow port 4383 to be routed correctly to all client
> computers that communicate through it?
>