Port Address Translation

Can Server 2003 do this?

It can except for the ports which are displayed by default under NAT -
Services & Port.
And this limitation hampers most of the common ports translations
requirements (eg. no translation for ftp, http, https, pop, smtp, ftp,
telent ... etc, ports.)

Sharad
"Sherwin" <(E-Mail Removed)> wrote in message
news:088e01c3d3a5$2d74cdc0$(E-Mail Removed)...
> Can Server 2003 do this?

In article <#(E-Mail Removed)>, (E-Mail Removed)
says...
> It can except for the ports which are displayed by default under NAT -
> Services & Port.
> And this limitation hampers most of the common ports translations
> requirements (eg. no translation for ftp, http, https, pop, smtp, ftp,
> telent ... etc, ports.)
>
Can you clarify what you mean by this? Are you saying that Win2K3 RRAS
cannot do port translations for outgoing FTP, HTTPS, etc.? If so, where
did you get this information?

Laura

Let me explain a little farther.

We have one public IP address. I need to map
that single IP address to three internal IP
address. i.e.

68.106.158.69:80 -----> 10.1.1.17:80
68.106.158.69:80 -----> 10.1.1.21:80
68.106.158.69:80 -----> 10.1.1.100:80

NAT is a one to one IP mapping. Is there a way
around this within NAT or with some third part
software?

Thanks!

Sherwin
>-----Original Message-----
>It can except for the ports which are displayed by
default under NAT -
>Services & Port.
>And this limitation hampers most of the common ports
translations
>requirements (eg. no translation for ftp, http, https,
pop, smtp, ftp,
>telent ... etc, ports.)
>
>Sharad
>"Sherwin" <(E-Mail Removed)> wrote in
message
>news:088e01c3d3a5$2d74cdc0$(E-Mail Removed)...
>> Can Server 2003 do this?
>
>
>.
>

In article <006b01c3d3c0$46519880$(E-Mail Removed)>,
(E-Mail Removed) says...
> Let me explain a little farther.
>
> We have one public IP address. I need to map
> that single IP address to three internal IP
> address. i.e.
>
> 68.106.158.69:80 -----> 10.1.1.17:80
> 68.106.158.69:80 -----> 10.1.1.21:80
> 68.106.158.69:80 -----> 10.1.1.100:80
>
> NAT is a one to one IP mapping. Is there a way
> around this within NAT or with some third part
> software?
>
With the exception of the fact that you have everything listed on the
same port on the public side, yes, you can do port translation with the
built-in NAT functionality. Bring up the properties of the public
interface and go to the "Services and Ports" tab. You can use the
default mappings or make your own using the Add button. However, I don't
get the impression that this is actually the right solution for you,
since it sounds more like you want to do redirection to different web
sites on different servers. Is this the case, or did you just pick port
80 because it was simple for your scenario?

Laura

On Mon, 5 Jan 2004 11:15:26 -0800, "Sherwin"
<(E-Mail Removed)> wrote:

>Let me explain a little farther.
>
>We have one public IP address. I need to map
>that single IP address to three internal IP
>address. i.e.
>
>68.106.158.69:80 -----> 10.1.1.17:80
>68.106.158.69:80 -----> 10.1.1.21:80
>68.106.158.69:80 -----> 10.1.1.100:80
>
>NAT is a one to one IP mapping. Is there a way
>around this within NAT or with some third part
>software?

This is outside of NAT's ability, since there's no way for the system
to tell the difference in requests at the network level. It's kind of
like asking the doorman to send any girls to room 220, but if girls
come in send them to room 214 and if they happen to be girls, they
should go to room 218. No matter how big a tip you give him, he's
still going to realize you've hadd too many Margaritas already.

Best you can do is NAT all of port 80 on the external address to a
specific web server internally, and use host headers to separate the
requests and pull content off other servers.

Perhaps if you explained even further, as to why you think you wnat it
this way.

Jeff

The reason I want it this way it to keep from
purchasing addition exteral IP address at $25
per month each.

68.106.158.69:80 -----> 10.1.1.17:80
68.106.158.70:80 -----> 10.1.1.21:80
68.106.158.71:80 -----> 10.1.1.100:80

In our current configuration, we would need three
external IP address to run the three different web
servers that we have behind our firewall (NAT) see
above chart.

But I was just trying to find out our NAT had the
capability to do route on the port level.
I know some cisco routers have this function in it.
I guess we are going to have to invest in one.

Thanks!
Sherwin


>-----Original Message-----
>On Mon, 5 Jan 2004 11:15:26 -0800, "Sherwin"
><(E-Mail Removed)> wrote:
>
>>Let me explain a little farther.
>>
>>We have one public IP address. I need to map
>>that single IP address to three internal IP
>>address. i.e.
>>
>>68.106.158.69:80 -----> 10.1.1.17:80
>>68.106.158.69:80 -----> 10.1.1.21:80
>>68.106.158.69:80 -----> 10.1.1.100:80
>>
>>NAT is a one to one IP mapping. Is there a way
>>around this within NAT or with some third part
>>software?
>
>This is outside of NAT's ability, since there's no way
for the system
>to tell the difference in requests at the network level.
It's kind of
>like asking the doorman to send any girls to room 220,
but if girls
>come in send them to room 214 and if they happen to be
girls, they
>should go to room 218. No matter how big a tip you give
him, he's
>still going to realize you've hadd too many Margaritas
already.
>
>Best you can do is NAT all of port 80 on the external
address to a
>specific web server internally, and use host headers to
separate the
>requests and pull content off other servers.
>
>Perhaps if you explained even further, as to why you
think you wnat it
>this way.
>
>Jeff
>.
>

Laura, I had assumed that he meant port translation for incoming requests,
and by port translation, I thought he want to pass a request on one port
to another, e.g. request on port 80 to be directed to port 8080 or other,
etc.
Sharad
"Laura A. Robinson [MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed).. .
> In article <#(E-Mail Removed)>, (E-Mail Removed)
> says...
> > It can except for the ports which are displayed by default under NAT -
> > Services & Port.
> > And this limitation hampers most of the common ports translations
> > requirements (eg. no translation for ftp, http, https, pop, smtp, ftp,
> > telent ... etc, ports.)
> >
> Can you clarify what you mean by this? Are you saying that Win2K3 RRAS
> cannot do port translations for outgoing FTP, HTTPS, etc.? If so, where
> did you get this information?
>
> Laura

Did you actually read Jeff's posting? How does the router decide which
machine to send the packet to, if the incoming IP address and port number
are
identical?

If the IP addresses are different, you can use IP mapping. If the port
numbers are different, you can use port mapping. If both IP and port numbers
are identical, you have to use something else (such as the host headers) to
differentiate.

"Sherwin" <(E-Mail Removed)> wrote in message
news:043201c3d3f7$cfa07c50$(E-Mail Removed)...
> The reason I want it this way it to keep from
> purchasing addition exteral IP address at $25
> per month each.
>
> 68.106.158.69:80 -----> 10.1.1.17:80
> 68.106.158.70:80 -----> 10.1.1.21:80
> 68.106.158.71:80 -----> 10.1.1.100:80
>
> In our current configuration, we would need three
> external IP address to run the three different web
> servers that we have behind our firewall (NAT) see
> above chart.
>
> But I was just trying to find out our NAT had the
> capability to do route on the port level.
> I know some cisco routers have this function in it.
> I guess we are going to have to invest in one.
>
> Thanks!
> Sherwin
>
>
> >-----Original Message-----
> >On Mon, 5 Jan 2004 11:15:26 -0800, "Sherwin"
> ><(E-Mail Removed)> wrote:
> >
> >>Let me explain a little farther.
> >>
> >>We have one public IP address. I need to map
> >>that single IP address to three internal IP
> >>address. i.e.
> >>
> >>68.106.158.69:80 -----> 10.1.1.17:80
> >>68.106.158.69:80 -----> 10.1.1.21:80
> >>68.106.158.69:80 -----> 10.1.1.100:80
> >>
> >>NAT is a one to one IP mapping. Is there a way
> >>around this within NAT or with some third part
> >>software?
> >
> >This is outside of NAT's ability, since there's no way
> for the system
> >to tell the difference in requests at the network level.
> It's kind of
> >like asking the doorman to send any girls to room 220,
> but if girls
> >come in send them to room 214 and if they happen to be
> girls, they
> >should go to room 218. No matter how big a tip you give
> him, he's
> >still going to realize you've hadd too many Margaritas
> already.
> >
> >Best you can do is NAT all of port 80 on the external
> address to a
> >specific web server internally, and use host headers to
> separate the
> >requests and pull content off other servers.
> >
> >Perhaps if you explained even further, as to why you
> think you wnat it
> >this way.
> >
> >Jeff
> >.
> >