I am newbie in the networking issues. I got a question for which I don’t know how to solve.
I have my internal network that has a fixed IP (only accessed by VPN) and I have a server where I put some virtual machines for personal development work. However, an external client needed access to one of the virtual machines to test what has been developed. How can I resolve this issue so as not to give access to a VPN client?
They talked me into making a port forward in my firewall. This solves the problem?
I'll give an example:
My fixed IP is 14.0.0.1 and the VM is 192.168.1.1.
How does someone get external access to the virtual machine without problems?
Best Answer
One method, if they needed direct access to the VM to be able to see the full desktop, would be to use the Port Forward/NAT that you already mentioned. You could use it in conjunction with Remote Desktop. The scenario would look like this:
Source: Their public IP (1.1.1.1)
Translated Source: Original (meaning still 1.1.1.1)
Destination: Your public IP (14.0.0.1)
Translated Destination (this is where you use the internal IP; 192.168.1.1)
Service: 3389 (Remote Desktop)
Translated Service: Original
Make sure you allow Remote Desktop connections to this VM (Start > Right Click Computer > Properties > Remote Settings > Allow from any... > Select Users > Add only this external user to the access list) (Note: Create a user and give the username/password to this person so they will be able to access this VM. Don't make them an admin on this VM unless you ABSOLUTELY have to.)
They open Remote Desktop on their end and type in 14.0.0.1 for the computer to connect to and if you've setup your policy and other settings right from the steps above then it will forward them to a logon screen of your VM.
I have experience with many firewalls, so if you need help with a specific brand/model let me know and I can give more specific instructions.