NAT Settings for exposing an internal web server to the outside world?

Discussion in 'Windows Networking' started by Keith Vinson, Aug 11, 2006.

  1. Keith Vinson

    Keith Vinson Guest

    Hi All,
    I am having a bit of trouble getting this to work. What I need to do is get
    an internal web server exposed to the outside world.
    I followed the instructions in the online help to create a static address
    reservation inside the RRAS -> IP Route -> NAT/basic firewall -> Outside LAN
    properties. Also created a custom service & ports entry. But it doesn't
    work. I used Active Ports to look for the proxy that is listening for the
    connection, and I don't see one.

    The outside LAN interface has 1 IP 192.168.6.100 assigned to it.
    The inside LAN interface is 192.168.15.1 with .50 to .100 assigned by DHCP
    The DHCP Address 192.168.15.52 is reserved for the internal web server (it
    gets it, local machines can hit it)
    The RRAS NAT address pool is 192.168.6.100 to .110
    The RRAS NAT address pool has a reservation it is 192.168.6.102 maps to
    192.168.15.52 (allow incoming sessions)
    The RRAS NAT Services and Ports has a custom entry that maps
    192.168.6.102:80 to 192.168.15.52:80

    Should not the NAT server be listening on 192.168.6.102:80 for connections?

    Does anyone know what steps I left out? the MS docs & TechNet don't imply
    that there is more to this than this.....

    Thanks,

    Keith
     
    Keith Vinson, Aug 11, 2006
    #1
    1. Advertisements

  2. is the server behind a router?

    Bob Lin, MS-MVP, MCSE & CNE
    Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
    How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
    Hi All,
    I am having a bit of trouble getting this to work. What I need to do is get
    an internal web server exposed to the outside world.
    I followed the instructions in the online help to create a static address
    reservation inside the RRAS -> IP Route -> NAT/basic firewall -> Outside LAN
    properties. Also created a custom service & ports entry. But it doesn't
    work. I used Active Ports to look for the proxy that is listening for the
    connection, and I don't see one.

    The outside LAN interface has 1 IP 192.168.6.100 assigned to it.
    The inside LAN interface is 192.168.15.1 with .50 to .100 assigned by DHCP
    The DHCP Address 192.168.15.52 is reserved for the internal web server (it
    gets it, local machines can hit it)
    The RRAS NAT address pool is 192.168.6.100 to .110
    The RRAS NAT address pool has a reservation it is 192.168.6.102 maps to
    192.168.15.52 (allow incoming sessions)
    The RRAS NAT Services and Ports has a custom entry that maps
    192.168.6.102:80 to 192.168.15.52:80

    Should not the NAT server be listening on 192.168.6.102:80 for connections?

    Does anyone know what steps I left out? the MS docs & TechNet don't imply
    that there is more to this than this.....

    Thanks,

    Keith
     
    Robert L [MS-MVP], Aug 12, 2006
    #2
    1. Advertisements

  3. Keith Vinson

    Keith Vinson Guest

    Yes it is. However the client machines that are trying to access the web server are behind the same router. Let me detail the network configuration:

    Main Router NATs the private class C netblocks to our public IP address range.

    Network A: (Building network) 192.168.6.0/24 Call this the backbone network.
    Network B: 192.168.15.0/24 network containing the web server we are trying to access.
    Network C: 192.168.12.0/24 network containing the client machines that are trying to access the web server.

    2003 server multihomed on the 192.168.6.0 and 192.168.15.0 networks (this is the machine we are trying to configure).
    2003 SBS Premium Edition multihomed on the 192.168.6.0 and 192.168.12.0 networks (ISA server used)

    web server that is being exposed (embedded web server inside a high speed scanner) 192.168.15.52 port 80
    Client machines are behind the SBS's firewall getting IPs from its DHCP server in the netblock 192.168.12.0.

    However, please note we are not trying to expose the scanner to through our main router. We only want our users to get to the scanner.

    Even if I put a client machine directly on the 192.168.6.0 network I can not "see" the scanner. I can find no evidence that the 2003 server is listening on the "outside" IP (192.168.6.102) setup for the scanner.

    Should not the 2003 server be listening on 192.168.6.102 port 80 for web requests to be proxyed to 192.168.15.52 port 80?

    Thanks,

    Keith

    is the server behind a router?

    Bob Lin, MS-MVP, MCSE & CNE
    Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
    How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
    Hi All,
    I am having a bit of trouble getting this to work. What I need to do is get
    an internal web server exposed to the outside world.
    I followed the instructions in the online help to create a static address
    reservation inside the RRAS -> IP Route -> NAT/basic firewall -> Outside LAN
    properties. Also created a custom service & ports entry. But it doesn't
    work. I used Active Ports to look for the proxy that is listening for the
    connection, and I don't see one.

    The outside LAN interface has 1 IP 192.168.6.100 assigned to it.
    The inside LAN interface is 192.168.15.1 with .50 to .100 assigned by DHCP
    The DHCP Address 192.168.15.52 is reserved for the internal web server (it
    gets it, local machines can hit it)
    The RRAS NAT address pool is 192.168.6.100 to .110
    The RRAS NAT address pool has a reservation it is 192.168.6.102 maps to
    192.168.15.52 (allow incoming sessions)
    The RRAS NAT Services and Ports has a custom entry that maps
    192.168.6.102:80 to 192.168.15.52:80

    Should not the NAT server be listening on 192.168.6.102:80 for connections?

    Does anyone know what steps I left out? the MS docs & TechNet don't imply
    that there is more to this than this.....

    Thanks,

    Keith
     
    Keith Vinson, Aug 14, 2006
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.