NAT Settings for exposing an internal web server to the outside world?

Hi All,
I am having a bit of trouble getting this to work. What I need to do is get
an internal web server exposed to the outside world.
I followed the instructions in the online help to create a static address
reservation inside the RRAS -> IP Route -> NAT/basic firewall -> Outside LAN
properties. Also created a custom service & ports entry. But it doesn't
work. I used Active Ports to look for the proxy that is listening for the
connection, and I don't see one.

The outside LAN interface has 1 IP 192.168.6.100 assigned to it.
The inside LAN interface is 192.168.15.1 with .50 to .100 assigned by DHCP
The DHCP Address 192.168.15.52 is reserved for the internal web server (it
gets it, local machines can hit it)
The RRAS NAT address pool is 192.168.6.100 to .110
The RRAS NAT address pool has a reservation it is 192.168.6.102 maps to
192.168.15.52 (allow incoming sessions)
The RRAS NAT Services and Ports has a custom entry that maps
192.168.6.102:80 to 192.168.15.52:80

Should not the NAT server be listening on 192.168.6.102:80 for connections?

Does anyone know what steps I left out? the MS docs & TechNet don't imply
that there is more to this than this.....

Thanks,

Keith

 

is the server behind a router?

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Hi All,
I am having a bit of trouble getting this to work. What I need to do is get
an internal web server exposed to the outside world.
I followed the instructions in the online help to create a static address
reservation inside the RRAS -> IP Route -> NAT/basic firewall -> Outside LAN
properties. Also created a custom service & ports entry. But it doesn't
work. I used Active Ports to look for the proxy that is listening for the
connection, and I don't see one.

The outside LAN interface has 1 IP 192.168.6.100 assigned to it.
The inside LAN interface is 192.168.15.1 with .50 to .100 assigned by DHCP
The DHCP Address 192.168.15.52 is reserved for the internal web server (it
gets it, local machines can hit it)
The RRAS NAT address pool is 192.168.6.100 to .110
The RRAS NAT address pool has a reservation it is 192.168.6.102 maps to
192.168.15.52 (allow incoming sessions)
The RRAS NAT Services and Ports has a custom entry that maps
192.168.6.102:80 to 192.168.15.52:80

Should not the NAT server be listening on 192.168.6.102:80 for connections?

Does anyone know what steps I left out? the MS docs & TechNet don't imply
that there is more to this than this.....

Thanks,

Keith

 

Yes it is. However the client machines that are trying to access the web server are behind the same router. Let me detail the network configuration:

Main Router NATs the private class C netblocks to our public IP address range.

Network A: (Building network) 192.168.6.0/24 Call this the backbone network.
Network B: 192.168.15.0/24 network containing the web server we are trying to access.
Network C: 192.168.12.0/24 network containing the client machines that are trying to access the web server.

2003 server multihomed on the 192.168.6.0 and 192.168.15.0 networks (this is the machine we are trying to configure).
2003 SBS Premium Edition multihomed on the 192.168.6.0 and 192.168.12.0 networks (ISA server used)

web server that is being exposed (embedded web server inside a high speed scanner) 192.168.15.52 port 80
Client machines are behind the SBS's firewall getting IPs from its DHCP server in the netblock 192.168.12.0.

However, please note we are not trying to expose the scanner to through our main router. We only want our users to get to the scanner.

Even if I put a client machine directly on the 192.168.6.0 network I can not "see" the scanner. I can find no evidence that the 2003 server is listening on the "outside" IP (192.168.6.102) setup for the scanner.

Should not the 2003 server be listening on 192.168.6.102 port 80 for web requests to be proxyed to 192.168.15.52 port 80?

Thanks,

Keith

is the server behind a router?

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Hi All,
I am having a bit of trouble getting this to work. What I need to do is get
an internal web server exposed to the outside world.
I followed the instructions in the online help to create a static address
reservation inside the RRAS -> IP Route -> NAT/basic firewall -> Outside LAN
properties. Also created a custom service & ports entry. But it doesn't
work. I used Active Ports to look for the proxy that is listening for the
connection, and I don't see one.

The outside LAN interface has 1 IP 192.168.6.100 assigned to it.
The inside LAN interface is 192.168.15.1 with .50 to .100 assigned by DHCP
The DHCP Address 192.168.15.52 is reserved for the internal web server (it
gets it, local machines can hit it)
The RRAS NAT address pool is 192.168.6.100 to .110
The RRAS NAT address pool has a reservation it is 192.168.6.102 maps to
192.168.15.52 (allow incoming sessions)
The RRAS NAT Services and Ports has a custom entry that maps
192.168.6.102:80 to 192.168.15.52:80

Should not the NAT server be listening on 192.168.6.102:80 for connections?

Does anyone know what steps I left out? the MS docs & TechNet don't imply
that there is more to this than this.....

Thanks,

Keith