Port forwarding with Windows Server 2008

port-forwardingrdcwindows-server-2008

I have Windows 2008 server. It works as a mail, ftp, web server. In my LAN there is other server and i want to reach this server with RDC from outside my lan, (example: domail.com:5555 -> 192.168.0.2:3389). Is there any solution to forward this port using Windows Firewall?

Best Answer

Try the following:

netsh routing ip nat add portmapping external tcp 0.0.0.0 5555 192.168.0.2 3389

This rule shall forward any incoming connection to port 5555 from outside to your specific LAN IP/port. Here external is the name of the external network interface.

Don't forget to have proper firewall rules that will allow traffic related to port 5555 to pass in both directions on the external NIC. You need to allow incoming traffic to port 5555 and outgoing traffic related to these connections.

I've never used the built-in Windows firewall, but I strongly suggest you to have a look at wipfw. It is smart enough to implement connection tracking.

Related Solutions

Cisco – Port forwarding using ASDM 6.0

You need to do two things to set up what you want. You need to set up the port forwarding and then also allow the traffic through the firewall.

In ASDM, go to Configuration -> Firewall.

To allow traffic through the firewall, go to Access Rules and click Add, then enter these values:

Interface: outside
Action: Permit
Source: any
Destination: 1.1.1.1 (your external IP address)
Server: tcp/3389

To add the port forwarding rule, go to NAT Rules (below Access Rules) and click Add, then Add Static NAT Rule..., then put these in:

Original
    Interface: inside
    Source: 10.10.10.10
Translated
    Interface: outside
    Use IP Address: 1.1.1.1
Port Address Translation (PAT)
    Enable Port Address Translation (PAT)
    Protocol: TCP
    Original Port: 3389
    Translated Port: 3389

Windows SBS 2008 – how to diagnose port forwarding problems

As long as you have a static IP on the server and not DHCP'd through your router...if it's a home router as some have suggested...it should work as long as you have the proper port going to your server's services.

Verify from within the network that you can connect to the services.
Verify that you have the correct external address (www.whatismyip.com).
Verify that the ports are "open" and not firewalled on the server.
Verify that the ports are "open" from the outside (nmap is your friend, otherwise you need another service to scan your external IP)
Restart the router to verify that the new settings "took". Shouldn't need to be done, but if it's an inexpensive router, you never know.
If you have any logging available for particular services, check the logs to see if there's any connection attempts or anything showing up on the server side.

You might want to consider with those services (FTP especially) just putting the server in a DMZ. You're really kind of opening it to all sorts of hack attempts with the services you mentioned all on one machine and I personally wouldn't want it on the same subnet as my personal machines. DMZ it and you might have an easier time than individual port forwarding.

Best Answer

Related Solutions

Cisco – Port forwarding using ASDM 6.0

Windows SBS 2008 – how to diagnose port forwarding problems

Related Topic