RRAS / NAT / Port forwarding

Hi All, will someone who knows please answer the following:
Can 2003 server do port forwarding from an outside IP addressort to and
internal IP addressort. I can see that many people ask this question but no
one really answers the question. The docs imply it does, but I can not find
anyone who had trouble with this, and then got it to work.
thanks,
Keith

Details:

Hi All,
I am having a bit of trouble getting this to work. What I need to do is get
an internal web server exposed to the outside world.
I followed the instructions in the online help to create a static address
reservation inside the RRAS -> IP Route -> NAT/basic firewall -> Outside LAN
properties. Also created a custom service & ports entry. But it doesn't
work. I used Active Ports to look for the proxy that is listening for the
connection, and I don't see one.

The outside LAN interface has 1 IP 192.168.6.100 assigned to it.
The inside LAN interface is 192.168.15.1 with .50 to .100 assigned by DHCP
The DHCP Address 192.168.15.52 is reserved for the internal web server (it
gets it, local machines can hit it)
The RRAS NAT address pool is 192.168.6.100 to .110
The RRAS NAT address pool has a reservation it is 192.168.6.102 maps to
192.168.15.52 (allow incoming sessions)
The RRAS NAT Services and Ports has a custom entry that maps
192.168.6.102:80 to 192.168.15.52:80

Should not the NAT server be listening on 192.168.6.102:80 for connections?

Does anyone know what steps I left out? the MS docs & TechNet don't imply
that there is more to this than this.....

Keith

"Keith Vinson" <(E-Mail Removed)> wrote in message
news:04369776-5756-40DD-8BA6-(E-Mail Removed)...
> I followed the instructions in the online help to create a static address
> reservation inside the RRAS -> IP Route -> NAT/basic firewall -> Outside
> LAN
> properties. Also created a custom service & ports entry. But it doesn't
> work.

Don't create anything. There is already on there for HTTP,..just use that.

> Does anyone know what steps I left out? the MS docs & TechNet don't imply
> that there is more to this than this.....

There isn't anything else that I know of. Anything "extra" that you might
do will not fix anything but will often screw things up. I see that happen
with people all the time, it is usually the "extra" things they do that mess
it up.

BTW - there is no such thing as Port Forwarding,...the ports aren't "going
anywhere", they aren't doing anything. That term is a "creation" of the
SOHO market when they started pumping out the low quality Home User NAT
Firewalls that they then proceeded to incorrectly call "routers" when they
are not routers. The correct term for what you are asking about is called
"Static NAT" but it is doubtfull you will see that term used in any of the
Home User Devices.

If the ports are the same number on both sides it is just simply Static NAT.
If the port number varies on each side then it is Static NAT combined with
Port Address Translation (PAT)....."Static NAT with PAT",...I kinda rhymes I
guess,.. :-)

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------

Hi Phillip, thanks for the reply.
Would you please qualify your remark "don't create anything"
outside win2003 server ip 192.168.6.100, 192.168.6.101, 192.168.6.102
inside win2003 server ip 192.168.15.1
internal http server I wish to "expose" 192.168.15.52:80 on 192.168.6.102:80

1) don't I need a RRAS NAT address pool ?
2) don't I need a NAT address pool reservation?
3) don't I need a RRAS NAT Services and Ports custom map?

For example:
The RRAS NAT address pool is 192.168.6.101 to .102
The RRAS NAT address pool has a reservation it is 192.168.6.102 maps to
192.168.15.52 (allow incoming sessions)
The RRAS NAT Services and Ports has a custom entry that maps
192.168.6.102:80 to 192.168.15.52:80

thanks for your input....

Keith

"Phillip Windell" wrote:

> "Keith Vinson" <(E-Mail Removed)> wrote in message
> news:04369776-5756-40DD-8BA6-(E-Mail Removed)...
> > I followed the instructions in the online help to create a static address
> > reservation inside the RRAS -> IP Route -> NAT/basic firewall -> Outside
> > LAN
> > properties. Also created a custom service & ports entry. But it doesn't
> > work.
>
> Don't create anything. There is already on there for HTTP,..just use that.
>
> > Does anyone know what steps I left out? the MS docs & TechNet don't imply
> > that there is more to this than this.....
>
> There isn't anything else that I know of. Anything "extra" that you might
> do will not fix anything but will often screw things up. I see that happen
> with people all the time, it is usually the "extra" things they do that mess
> it up.
>
> BTW - there is no such thing as Port Forwarding,...the ports aren't "going
> anywhere", they aren't doing anything. That term is a "creation" of the
> SOHO market when they started pumping out the low quality Home User NAT
> Firewalls that they then proceeded to incorrectly call "routers" when they
> are not routers. The correct term for what you are asking about is called
> "Static NAT" but it is doubtfull you will see that term used in any of the
> Home User Devices.
>
> If the ports are the same number on both sides it is just simply Static NAT.
> If the port number varies on each side then it is Static NAT combined with
> Port Address Translation (PAT)....."Static NAT with PAT",...I kinda rhymes I
> guess,.. :-)
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
> -----------------------------------------------------
>
>
>
>
>

I think I was confusing the "pool" with an address pool for automatic
addressing for dialin users. I need to think this over for a while and get
back to you. I'm in the middle of something right now.

If anyone else has any ideas, they are welcomed to jump in.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com



"Keith Vinson" <(E-Mail Removed)> wrote in message
news:C60592F6-FBDF-4E5B-A4F5-(E-Mail Removed)...
> Hi Phillip, thanks for the reply.
> Would you please qualify your remark "don't create anything"
> outside win2003 server ip 192.168.6.100, 192.168.6.101, 192.168.6.102
> inside win2003 server ip 192.168.15.1
> internal http server I wish to "expose" 192.168.15.52:80 on
> 192.168.6.102:80
>
> 1) don't I need a RRAS NAT address pool ?
> 2) don't I need a NAT address pool reservation?
> 3) don't I need a RRAS NAT Services and Ports custom map?
>
> For example:
> The RRAS NAT address pool is 192.168.6.101 to .102
> The RRAS NAT address pool has a reservation it is 192.168.6.102 maps to
> 192.168.15.52 (allow incoming sessions)
> The RRAS NAT Services and Ports has a custom entry that maps
> 192.168.6.102:80 to 192.168.15.52:80
>
> thanks for your input....
>
> Keith
>
> "Phillip Windell" wrote:
>
>> "Keith Vinson" <(E-Mail Removed)> wrote in message
>> news:04369776-5756-40DD-8BA6-(E-Mail Removed)...
>> > I followed the instructions in the online help to create a static
>> > address
>> > reservation inside the RRAS -> IP Route -> NAT/basic firewall ->
>> > Outside
>> > LAN
>> > properties. Also created a custom service & ports entry. But it doesn't
>> > work.
>>
>> Don't create anything. There is already on there for HTTP,..just use
>> that.
>>
>> > Does anyone know what steps I left out? the MS docs & TechNet don't
>> > imply
>> > that there is more to this than this.....
>>
>> There isn't anything else that I know of. Anything "extra" that you
>> might
>> do will not fix anything but will often screw things up. I see that
>> happen
>> with people all the time, it is usually the "extra" things they do that
>> mess
>> it up.
>>
>> BTW - there is no such thing as Port Forwarding,...the ports aren't
>> "going
>> anywhere", they aren't doing anything. That term is a "creation" of the
>> SOHO market when they started pumping out the low quality Home User NAT
>> Firewalls that they then proceeded to incorrectly call "routers" when
>> they
>> are not routers. The correct term for what you are asking about is
>> called
>> "Static NAT" but it is doubtfull you will see that term used in any of
>> the
>> Home User Devices.
>>
>> If the ports are the same number on both sides it is just simply Static
>> NAT.
>> If the port number varies on each side then it is Static NAT combined
>> with
>> Port Address Translation (PAT)....."Static NAT with PAT",...I kinda
>> rhymes I
>> guess,.. :-)
>>
>> --
>> Phillip Windell [MCP, MVP, CCNA]
>> www.wandtv.com
>> -----------------------------------------------------
>>
>>
>>
>>
>>

Ok.
I had to create the Pool in a test lab before I could choose a particular
address on the external side,...but I did not do any "reservations". I then
used the HTTP Service that is already there.
The Reservations as best I can tell is for doing 1:1 NAT using RRAS which
does not apply to this.

But I haven't been able to get it to work either. I don't know what to tell
you.


--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com




"Phillip Windell" <@.> wrote in message
news:(E-Mail Removed)...
>I think I was confusing the "pool" with an address pool for automatic
>addressing for dialin users. I need to think this over for a while and get
>back to you. I'm in the middle of something right now.
>
> If anyone else has any ideas, they are welcomed to jump in.
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
>
> "Keith Vinson" <(E-Mail Removed)> wrote in message
> news:C60592F6-FBDF-4E5B-A4F5-(E-Mail Removed)...
>> Hi Phillip, thanks for the reply.
>> Would you please qualify your remark "don't create anything"
>> outside win2003 server ip 192.168.6.100, 192.168.6.101, 192.168.6.102
>> inside win2003 server ip 192.168.15.1
>> internal http server I wish to "expose" 192.168.15.52:80 on
>> 192.168.6.102:80
>>
>> 1) don't I need a RRAS NAT address pool ?
>> 2) don't I need a NAT address pool reservation?
>> 3) don't I need a RRAS NAT Services and Ports custom map?
>>
>> For example:
>> The RRAS NAT address pool is 192.168.6.101 to .102
>> The RRAS NAT address pool has a reservation it is 192.168.6.102 maps to
>> 192.168.15.52 (allow incoming sessions)
>> The RRAS NAT Services and Ports has a custom entry that maps
>> 192.168.6.102:80 to 192.168.15.52:80
>>
>> thanks for your input....
>>
>> Keith
>>
>> "Phillip Windell" wrote:
>>
>>> "Keith Vinson" <(E-Mail Removed)> wrote in message
>>> news:04369776-5756-40DD-8BA6-(E-Mail Removed)...
>>> > I followed the instructions in the online help to create a static
>>> > address
>>> > reservation inside the RRAS -> IP Route -> NAT/basic firewall ->
>>> > Outside
>>> > LAN
>>> > properties. Also created a custom service & ports entry. But it
>>> > doesn't
>>> > work.
>>>
>>> Don't create anything. There is already on there for HTTP,..just use
>>> that.
>>>
>>> > Does anyone know what steps I left out? the MS docs & TechNet don't
>>> > imply
>>> > that there is more to this than this.....
>>>
>>> There isn't anything else that I know of. Anything "extra" that you
>>> might
>>> do will not fix anything but will often screw things up. I see that
>>> happen
>>> with people all the time, it is usually the "extra" things they do that
>>> mess
>>> it up.
>>>
>>> BTW - there is no such thing as Port Forwarding,...the ports aren't
>>> "going
>>> anywhere", they aren't doing anything. That term is a "creation" of the
>>> SOHO market when they started pumping out the low quality Home User NAT
>>> Firewalls that they then proceeded to incorrectly call "routers" when
>>> they
>>> are not routers. The correct term for what you are asking about is
>>> called
>>> "Static NAT" but it is doubtfull you will see that term used in any of
>>> the
>>> Home User Devices.
>>>
>>> If the ports are the same number on both sides it is just simply Static
>>> NAT.
>>> If the port number varies on each side then it is Static NAT combined
>>> with
>>> Port Address Translation (PAT)....."Static NAT with PAT",...I kinda
>>> rhymes I
>>> guess,.. :-)
>>>
>>> --
>>> Phillip Windell [MCP, MVP, CCNA]
>>> www.wandtv.com
>>> -----------------------------------------------------
>>>
>>>
>>>
>>>
>>>
>
>

Hi Phillip,
I see where you were headed. Heck, at this point I would gladly take 1:1 NAT
if it would work.
Once again, no one can get this to work. Hum, At some point I guess we must
assume that it can't work. Too bad they don't make that fact easier to find
out....

Phillip, Thanks, so much for your help...
ps. If you have an epiphany please post back, I will monitor the thread...

Keith

"Phillip Windell" wrote:

> Ok.
> I had to create the Pool in a test lab before I could choose a particular
> address on the external side,...but I did not do any "reservations". I then
> used the HTTP Service that is already there.
> The Reservations as best I can tell is for doing 1:1 NAT using RRAS which
> does not apply to this.
>
> But I haven't been able to get it to work either. I don't know what to tell
> you.
>
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
>
>
> "Phillip Windell" <@.> wrote in message
> news:(E-Mail Removed)...
> >I think I was confusing the "pool" with an address pool for automatic
> >addressing for dialin users. I need to think this over for a while and get
> >back to you. I'm in the middle of something right now.
> >
> > If anyone else has any ideas, they are welcomed to jump in.
> >
> > --
> > Phillip Windell [MCP, MVP, CCNA]
> > www.wandtv.com
> >
> >
> >
> > "Keith Vinson" <(E-Mail Removed)> wrote in message
> > news:C60592F6-FBDF-4E5B-A4F5-(E-Mail Removed)...
> >> Hi Phillip, thanks for the reply.
> >> Would you please qualify your remark "don't create anything"
> >> outside win2003 server ip 192.168.6.100, 192.168.6.101, 192.168.6.102
> >> inside win2003 server ip 192.168.15.1
> >> internal http server I wish to "expose" 192.168.15.52:80 on
> >> 192.168.6.102:80
> >>
> >> 1) don't I need a RRAS NAT address pool ?
> >> 2) don't I need a NAT address pool reservation?
> >> 3) don't I need a RRAS NAT Services and Ports custom map?
> >>
> >> For example:
> >> The RRAS NAT address pool is 192.168.6.101 to .102
> >> The RRAS NAT address pool has a reservation it is 192.168.6.102 maps to
> >> 192.168.15.52 (allow incoming sessions)
> >> The RRAS NAT Services and Ports has a custom entry that maps
> >> 192.168.6.102:80 to 192.168.15.52:80
> >>
> >> thanks for your input....
> >>
> >> Keith
> >>
> >> "Phillip Windell" wrote:
> >>
> >>> "Keith Vinson" <(E-Mail Removed)> wrote in message
> >>> news:04369776-5756-40DD-8BA6-(E-Mail Removed)...
> >>> > I followed the instructions in the online help to create a static
> >>> > address
> >>> > reservation inside the RRAS -> IP Route -> NAT/basic firewall ->
> >>> > Outside
> >>> > LAN
> >>> > properties. Also created a custom service & ports entry. But it
> >>> > doesn't
> >>> > work.
> >>>
> >>> Don't create anything. There is already on there for HTTP,..just use
> >>> that.
> >>>
> >>> > Does anyone know what steps I left out? the MS docs & TechNet don't
> >>> > imply
> >>> > that there is more to this than this.....
> >>>
> >>> There isn't anything else that I know of. Anything "extra" that you
> >>> might
> >>> do will not fix anything but will often screw things up. I see that
> >>> happen
> >>> with people all the time, it is usually the "extra" things they do that
> >>> mess
> >>> it up.
> >>>
> >>> BTW - there is no such thing as Port Forwarding,...the ports aren't
> >>> "going
> >>> anywhere", they aren't doing anything. That term is a "creation" of the
> >>> SOHO market when they started pumping out the low quality Home User NAT
> >>> Firewalls that they then proceeded to incorrectly call "routers" when
> >>> they
> >>> are not routers. The correct term for what you are asking about is
> >>> called
> >>> "Static NAT" but it is doubtfull you will see that term used in any of
> >>> the
> >>> Home User Devices.
> >>>
> >>> If the ports are the same number on both sides it is just simply Static
> >>> NAT.
> >>> If the port number varies on each side then it is Static NAT combined
> >>> with
> >>> Port Address Translation (PAT)....."Static NAT with PAT",...I kinda
> >>> rhymes I
> >>> guess,.. :-)
> >>>
> >>> --
> >>> Phillip Windell [MCP, MVP, CCNA]
> >>> www.wandtv.com
> >>> -----------------------------------------------------
> >>>
> >>>
> >>>
> >>>
> >>>
> >
> >
>
>
>